Hi Team
While trying to provision VPN Server in AWS Ec2 instance with 2 Factor authentication, And after succesfull login , we Found that we neither cant nping the VPN End points nor all my clients traffic is routed through the VPN Server
Following is my server conf
port 1194
proto udp
dev tun1
fragment 1400
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 5.5.32.0 255.255.255.0
comp-lzo no
user nobody
group users
persist-key
persist-tun
status /var/log/openvpn-status.log
duplicate-cn
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
log /var/log/openvpn.log
mode server
tls-server
#tls-auth ta.key 0
verb 10
cipher AES-256-CBC
auth MD5
link-mtu 1554
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.8.4"
#client-to-client
duplicate-cn
local 10.0.10.137
ifconfig-pool-persist ipp.txt
push "persist-key"
push "persist-tun"
ifconfig 5.5.32.1 5.5.32.2
my client.conf
auth MD5
ca ca.crt
cert client.crt
cipher AES-256-CBC
client
comp-lzo yes
dev tun1
key client.key
keysize 256
persist-key
persist-tun
ping 15
ping-exit 15
ping-restart 0
proto udp
remote xxxxxxxxxx 1194 udp
resolv-retry infinite
tls-client
tun-mtu 1496
verb 3
resolv-retry infinite
key client.key
ns-cert-type server
#script-security 2
#up /etc/openvpn/update-resolv-conf.sh
#down /etc/openvpn/update-resolv-conf.sh
ifconfig 10.8.0.2 10.8.0.1
redirect-gateway def1
pull
nobind
dev-type tun
mssfix
setenv FORWARD_COMPATIBLE 1
ifconfig 5.5.32.2 5.5.32.1
Server Route info
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.10.1 0.0.0.0 UG 0 0 0 eth0
5.5.32.0 5.5.32.2 255.255.255.0 UG 0 0 0 tun1
5.5.32.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun1
10.0.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.169.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
Internet:
Destination Gateway Flags Refs Use Netif Expire
0/1 5.5.32.9 UGSc 4 0 utun0
default 172.16.20.1 UGSc 142 0 en1
5.5.32.1/32 5.5.32.9 UGSc 1 0 utun0
5.5.32.9 5.5.32.10 UHr 9 0 utun0
127 127.0.0.1 UCS 1 0 lo0
127.0.0.1 127.0.0.1 UH 14 173701 lo0
127.94.0.1 127.94.0.1 UH 1 0 lo0
128.0/1 5.5.32.9 UGSc 3 0 utun0
169.254 link#4 UCS 1 0 en1
172.16.20/23 link#4 UCS 8 0 en1
172.16.20.1/32 link#4 UCS 2 0 en1
172.16.20.1 c0:ea:e4:85:42:7 UHLWIir 6 74 en1 1163
172.16.20.53 b8:27:eb:2e7a UHLWIi 1 0 en1 1196
172.16.20.123 b8:27:eb:7b:fe:2f UHLWIi 1 0 en1 1187
172.16.20.224 3c:a9:f4:93:6d:38 UHLWIi 2 0 en1 1193
172.16.20.238/32 link#4 UCS 1 0 en1
172.16.21.31 74:86:7a:41:f0:e4 UHLWIi 1 0 en1 1145
172.16.21.37 54:9f:13:10:50:ba UHLWIi 2 308 en1 1178
172.16.21.221 14:7:8:fb8 UHLWIi 1 0 en1 905
172.16.21.255 link#4 UHLWbI 1 9 en1
RemoteVPNIP/32 172.16.20.1 UGSc 2 0 en1
224.0.0 link#4 UmCS 2 0 en1
224.0.0.251 1:0:5e:0:0:fb UHmLWI 1 2 en1
255.255.255.255/32 link#4 UCS 1 0 en1
1) Disabled the AWS Ec2 source desitnation checks
2) Following wikis of OpenVPN
3) Had enabled Port forwarding on the VPN Server
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.send_redirects = 1
4) Enabled POSTROUTING on NAT for MASQUERADING the traffic on the VPN SERVER
Some Relevant Info
VPN Server : Real LAN inet addr:10.0.10.137 Bcast:10.0.10.255 Mask:255.255.255.0
VPN Server Network : inet addr:5.5.32.1 P-t-P:5.5.32.2 Mask:255.255.255.255
Clients : MAC and Linux
Working on this for days , but no luck
Would be very helpful , if someone could step in and help me to resolve this issue
Thanks
Philix
OpenVPN server on AWS Ec2 : Cant pint VPN Server IP and Cant Route all client traffic
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Thu Feb 09, 2017 3:45 am
-
- OpenVpn Newbie
- Posts: 8
- Joined: Thu Feb 09, 2017 3:45 am
Re: OpenVPN server on AWS Ec2 : Cant ping VPN Server IP and Cant Route all client traffic
Server Conf
Code: Select all
port 1194
proto udp
dev tun1
fragment 1400
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 5.5.32.0 255.255.255.0
comp-lzo no
user nobody
group users
persist-key
persist-tun
status /var/log/openvpn-status.log
duplicate-cn
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
log /var/log/openvpn.log
mode server
tls-server
#tls-auth ta.key 0
verb 10
cipher AES-256-CBC
auth MD5
link-mtu 1554
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.8.4"
#client-to-client
duplicate-cn
local 10.0.10.137
ifconfig-pool-persist ipp.txt
push "persist-key"
push "persist-tun"
ifconfig 5.5.32.1 5.5.32.2
-
- OpenVpn Newbie
- Posts: 8
- Joined: Thu Feb 09, 2017 3:45 am
Re: OpenVPN server on AWS Ec2 : Cant ping VPN Server IP and Cant Route all client traffic
Client Conf
Code: Select all
auth MD5
ca ca.crt
cert client.crt
cipher AES-256-CBC
client
comp-lzo yes
dev tun1
key client.key
keysize 256
persist-key
persist-tun
ping 15
ping-exit 15
ping-restart 0
proto udp
remote xxxxxxxxxx 1194 udp
resolv-retry infinite
tls-client
tun-mtu 1496
verb 3
resolv-retry infinite
key client.key
ns-cert-type server
#script-security 2
#up /etc/openvpn/update-resolv-conf.sh
#down /etc/openvpn/update-resolv-conf.sh
ifconfig 10.8.0.2 10.8.0.1
redirect-gateway def1
pull
nobind
dev-type tun
mssfix
setenv FORWARD_COMPATIBLE 1
ifconfig 5.5.32.2 5.5.32.1
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN server on AWS Ec2 : Cant pint VPN Server IP and Cant Route all client traffic
Your configs are a total mess.
You have two ifconfig statements in both.
I have no idea what you are trying to do ..
You have two ifconfig statements in both.
I have no idea what you are trying to do ..
-
- OpenVpn Newbie
- Posts: 8
- Joined: Thu Feb 09, 2017 3:45 am
Re: OpenVPN server on AWS Ec2 : Cant pint VPN Server IP and Cant Route all client traffic
Sorry TinTac for the garbled output from the MAC Client
To rephrase what iam trying to do is to create a Tunneled connectivity with Openvpn from Office / home LAN and route all the client's traffic from office /home network through the OpenVPN server.
The client access is equipped to access the OpenVPN server through MFA which is currently successful
Hope the above info helps
Thanks
Philix
To rephrase what iam trying to do is to create a Tunneled connectivity with Openvpn from Office / home LAN and route all the client's traffic from office /home network through the OpenVPN server.
The client access is equipped to access the OpenVPN server through MFA which is currently successful
Client Route output
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 5.5.32.5 128.0.0.0 UG 0 0 0 tun1
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlp3s0
5.5.32.1 5.5.32.5 255.255.255.255 UGH 0 0 0 tun1
5.5.32.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun1
128.0.0.0 5.5.32.5 128.0.0.0 UG 0 0 0 tun1
192.168.0.0 0.0.0.0 255.255.255.0 U 9 0 0 wlp3s0
204.236.212.59 192.168.0.1 255.255.255.255 UGH 0 0 0 wlp3s0
Server Route output
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.10.1 0.0.0.0 UG 0 0 0 eth0
5.5.32.0 5.5.32.2 255.255.255.0 UG 0 0 0 tun1
5.5.32.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun1
10.0.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.169.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
Thanks
Philix
-
- OpenVpn Newbie
- Posts: 8
- Joined: Thu Feb 09, 2017 3:45 am
Re: OpenVPN server on AWS Ec2 : Cant ping VPN Server IP and Cant Route all client traffic
After meticously going this wiki https://openvpn.net/index.php/open-sour ... unnel.html
Figured out the issues that Client and Server should be good and same in terms of options used on Server and client end
Figured out the issues that Client and Server should be good and same in terms of options used on Server and client end