Community Support Forum
 
  OpenVPN.net  •  Forum Index  •  FAQ  

It is currently Sat Oct 25, 2014 11:30 pm


Forum rules


Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!



Post new topic Reply to topic  [ 16 posts ]  Go to page 1, 2  Next
 [Newbie] Help routing traffic through OpenVPN on Debian 
Author Message
 Post subject: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 5:33 pm 
OpenVpn Newbie

Joined: Mon Aug 15, 2011 5:28 pm
Posts: 9
Hi!

I'm a newbie when it comes to OpenVPN and Linux but I have successfully installed OpenVPN and I have also been able to connect to my VPN service provider. I have a .ovpn and .ca.crt file.

I have done the following:
apt-get update
apt-get install openvpn


I then run the following command
sudo openvpn --client --redirect-gateway def1 --config /c/XXX.ovpn --ca /c/YYY.ca.crt

I then type in my login details and everything seems fine but when I runa traceroute it seems that the traffic isn't going through my VPN-provider. Am I missing something here?

I simply want all the traffic from my ReadyNAS (running Debian as far as I know) to go through OpenVPN.

Thank you kindly in advance!

Best regards
MK


Offline
 Profile  
 
 Post subject: Re: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 5:57 pm 
Forum Team
User avatar

Joined: Wed Sep 22, 2010 3:18 am
Posts: 1565
Hello.

Please post /c/XXX.ovpn content.

After connecting, is OpenVPN server pinging? Show " route -n" results when OpenVPN is connected. Show logs of OpenVPN where routes are added.


Offline
 Profile  
 
 Post subject: Re: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 6:04 pm 
OpenVpn Newbie

Joined: Mon Aug 15, 2011 5:28 pm
Posts: 9
Hi!

This is the content of the .ovpn-file
Code:
client

dev tap

proto udp

remote openvpn.anonine.net 1194
remote openvpn.anonine.net 1195
remote openvpn-2.anonine.net 1196
remote openvpn-2.anonine.net 1197
remote openvpn-3.anonine.net 1198
remote openvpn-3.anonine.net 1199
remote openvpn-4.anonine.net 1200
remote openvpn-4.anonine.net 1201

remote-random

resolv-retry infinite

auth-user-pass

nobind

persist-key
persist-tun

ca anonine.ca.crt

ns-cert-type server

comp-lzo

reneg-sec 0

verb 3


Route -n before running OpenVPN
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0


Route -n after running:
Code:
sudo openvpn --client --redirect-gateway def1 --config /c/XXX.ovpn --ca /c/YYY.ca.crt

Destination Gateway Genmask Flags Metric Ref Use Iface
178.73.215.173 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0
188.126.74.128 0.0.0.0 255.255.255.128 U 0 0 0 tap0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 188.126.74.129 128.0.0.0 UG 0 0 0 tap0
128.0.0.0 188.126.74.129 128.0.0.0 UG 0 0 0 tap0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0


If I then run the following:
Code:
ping www.openvpn.net

I get this:

PING openvpn.net (174.36.59.154) 56(84) bytes of data.
From 74 (188.126.74.162) icmp_seq=2 Destination Host Unreachable
From 74 (188.126.74.162) icmp_seq=3 Destination Host Unreachable
From 74 (188.126.74.162) icmp_seq=4 Destination Host Unreachable
From 74 (188.126.74.162) icmp_seq=6 Destination Host Unreachable
From 74 (188.126.74.162) icmp_seq=7 Destination Host Unreachable
From 74 (188.126.74.162) icmp_seq=8 Destination Host Unreachable


Offline
 Profile  
 
 Post subject: Re: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 6:18 pm 
Forum Team
User avatar

Joined: Wed Sep 22, 2010 3:18 am
Posts: 1565
Routes seems ok. Make "tracert www.openvpn.net -4 -n" to view where routing is going.

You didn't show the OpenVPN log.


Offline
 Profile  
 
 Post subject: Re: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 6:26 pm 
OpenVpn Newbie

Joined: Mon Aug 15, 2011 5:28 pm
Posts: 9
Mimiko: Thank you very much for you rapid responses!

This is the OpenVPN log:
Mon Aug 15 20:18:33 2011 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Sep 20 2007
Enter Auth Username:XXXXX
Enter Auth Password:YYYYY
Mon Aug 15 20:18:37 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number as
signment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Aug 15 20:18:37 2011 LZO compression initialized
Mon Aug 15 20:18:37 2011 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Aug 15 20:18:37 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Aug 15 20:18:37 2011 Local Options hash (VER=V4): 'd79ca330'
Mon Aug 15 20:18:37 2011 Expected Remote Options hash (VER=V4): 'f7df56b8'
Mon Aug 15 20:18:37 2011 UDPv4 link local: [undef]
Mon Aug 15 20:18:37 2011 UDPv4 link remote: 178.73.215.171:1197
Mon Aug 15 20:18:37 2011 TLS: Initial packet from 178.73.215.171:1197, sid=0eb06aaf 7c02bc56
Mon Aug 15 20:18:37 2011 VERIFY OK: depth=1, /C=SE/ST=Calisota/L=Ankeborg/O=Anonine/OU=VPN/CN=Anonine_CA/emailAddr
ess=support@anonine.com
Mon Aug 15 20:18:37 2011 VERIFY OK: nsCertType=SERVER
Mon Aug 15 20:18:37 2011 VERIFY OK: depth=0, /C=SE/ST=Calisota/L=Ankeborg/O=Anonine/CN=hati/emailAddress=support@a
nonine.com
Mon Aug 15 20:18:38 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Aug 15 20:18:38 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 15 20:18:38 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Aug 15 20:18:38 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 15 20:18:38 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Aug 15 20:18:38 2011 [hati] Peer Connection Initiated with 178.73.215.171:1197
Mon Aug 15 20:18:39 2011 SENT CONTROL [hati]: 'PUSH_REQUEST' (status=1)
Mon Aug 15 20:18:39 2011 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option
DNS 80.67.0.2,dhcp-option DNS 91.213.246.2,route-gateway 188.126.75.129,ping 10,ping-restart 30,ifconfig 188.126.
75.188 255.255.255.128'
Mon Aug 15 20:18:39 2011 Options error: unknown --redirect-gateway flag: bypass-dhcp
Mon Aug 15 20:18:39 2011 OPTIONS IMPORT: timers and/or timeouts modified
Mon Aug 15 20:18:39 2011 OPTIONS IMPORT: --ifconfig/up options modified
Mon Aug 15 20:18:39 2011 OPTIONS IMPORT: route options modified
Mon Aug 15 20:18:39 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Aug 15 20:18:39 2011 TUN/TAP device tap0 opened
Mon Aug 15 20:18:39 2011 ifconfig tap0 188.126.75.188 netmask 255.255.255.128 mtu 1500 broadcast 188.126.75.255
Mon Aug 15 20:18:39 2011 route add -net 178.73.215.171 netmask 255.255.255.255 gw 192.168.1.1
Mon Aug 15 20:18:39 2011 route add -net 0.0.0.0 netmask 128.0.0.0 gw 188.126.75.129
Mon Aug 15 20:18:39 2011 route add -net 128.0.0.0 netmask 128.0.0.0 gw 188.126.75.129
Mon Aug 15 20:18:39 2011 Initialization Sequence Completed

I can't run your command "tracert www.openvpn.net -4 -n", I only get this:

# traceroute www.openvpn.net -4 -n
Version 1.4a12
Usage: traceroute [-dFIlnrvx] [-g gateway] [-i iface] [-f first_ttl]
[-m max_ttl] [ -p port] [-q nqueries] [-s src_addr] [-t tos]
[-w waittime] [-z pausemsecs] host [packetlen]


Offline
 Profile  
 
 Post subject: Re: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 6:50 pm 
Forum Team
User avatar

Joined: Wed Sep 22, 2010 3:18 am
Posts: 1565
Ok,
Code:
tracert www.openvpn.net -n

The "-4" options your Debian(?) does not know.

Quote:
Mon Aug 15 20:18:33 2011 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Sep 20 2007
Mon Aug 15 20:18:39 2011 Options error: unknown --redirect-gateway flag: bypass-dhcp

Could you update your OpenVPN client?


Offline
 Profile  
 
 Post subject: Re: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 6:58 pm 
OpenVpn Newbie

Joined: Mon Aug 15, 2011 5:28 pm
Posts: 9
I could run this (if it helps)
ReadyNAS:~# traceroute openvpn.net
traceroute to openvpn.net (174.36.59.154), 30 hops max, 40 byte packets
1 75 (188.126.75.188) 3006.444 ms !H 3006.830 ms !H 3005.964 ms !H


Offline
 Profile  
 
 Post subject: Re: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 7:08 pm 
OpenVpn Newbie

Joined: Mon Aug 15, 2011 5:28 pm
Posts: 9
Seems like I already have the latest version (?):
ReadyNAS:~# apt-get update
Get:1 http://archive.debian.org etch Release.gpg [1033B]
Hit http://archive.debian.org etch Release
Ign http://archive.debian.org etch/main Packages/DiffIndex
Ign http://archive.debian.org etch/non-free Packages/DiffIndex
Hit http://archive.debian.org etch/main Packages
Hit http://archive.debian.org etch/non-free Packages
Ign http://www.readynas.com 4.2.18/ Release.gpg
Ign http://www.readynas.com 4.2.18/ Release
Ign http://www.readynas.com 4.2.18/ Packages/DiffIndex
Hit http://www.readynas.com 4.2.18/ Packages
Fetched 1033B in 12s (81B/s)
Reading package lists... Done
ReadyNAS:~# apt-get install openvpn
Reading package lists... Done
Building dependency tree... Done
openvpn is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 40 not upgraded.


Offline
 Profile  
 
 Post subject: Re: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 7:13 pm 
Forum Team
User avatar

Joined: Wed Sep 22, 2010 3:18 am
Posts: 1565
It's strange. 3 secundes response its too much.

Let see, can you get iptables configuration?


Offline
 Profile  
 
 Post subject: Re: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 7:24 pm 
OpenVpn Newbie

Joined: Mon Aug 15, 2011 5:28 pm
Posts: 9
Iptables, can you please be more specific ;)


Offline
 Profile  
 
 Post subject: Re: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 7:35 pm 
Forum Team
User avatar

Joined: Wed Sep 22, 2010 3:18 am
Posts: 1565
Run
Code:
iptables -L


http://www.readynas.com/?p=4662
Do you have the lates firware?
It seems that the system is a particular build based on Debian, not the Debian itself. On the forum there are posts stating that OpenVPN is not working well. Some recomends to backup, reset to factory default and install OpenVPN on fresh system.


Offline
 Profile  
 
 Post subject: Re: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 7:41 pm 
OpenVpn Newbie

Joined: Mon Aug 15, 2011 5:28 pm
Posts: 9
Mimiko: Thanks again for all your patience!

I will try the code you posted and post back.

Yes, I'm running the latest firmware, I updated it just a few weeks ago.


Offline
 Profile  
 
 Post subject: Re: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 7:47 pm 
OpenVpn Newbie

Joined: Mon Aug 15, 2011 5:28 pm
Posts: 9
Code:
# iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Offline
 Profile  
 
 Post subject: Re: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 8:10 pm 
Forum Team
User avatar

Joined: Wed Sep 22, 2010 3:18 am
Posts: 1565
Read this http://www.readynas.com/forum/viewtopic.php?f=7&t=50413&p=314240&hilit=openvpn#p314240
After a factory reset - it starts working usually.


Offline
 Profile  
 
 Post subject: Re: [Newbie] Help routing traffic through OpenVPN on Debian
PostPosted: Mon Aug 15, 2011 8:21 pm 
OpenVpn Newbie

Joined: Mon Aug 15, 2011 5:28 pm
Posts: 9
I found that thread also, but is there really anything wrong in the logs I've posted so far?


Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 16 posts ]  Go to page 1, 2  Next


 Who is online 

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


phpBB SEO
[ Time : 0.084s | 14 Queries | GZIP : On ]

 
Index  |  FAQ


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group