On a lan a Mac (IP:192.168.0.14 Gateway:192.168.0.254), on this Mac, VitualBox with Ubuntu 16 (IP : 192.168.0.15 Gateway:192.168.0.254). On the lan’s gateway a port 443 forwarded to the Ubuntu box open on port 443. As you understood the OpenVPN server is not the lan gateway.
I try to get not only access to the server machine but also to the other machines on the server’s lan.
Server Lan is 192.168.3.0, client Lan si 192.168.2.0. And gateways are closed boxes on which I cannot setup routes.
No firewall active
I’ve setup a briged server (tap) on the Ubuntu virtual machine. Clients can connect but a simple ping gives me from 10 % to 50 %packet loss, and a ping -R gives 100 % packet loss.
Server side :
Code: Select all
Ubuntu--$cat /etc/openvpn/server.conf
mode server
port 443
proto udp
dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
remote-cert-tls client
server-bridge 192.168.3.15 255.255.255.0 192.168.3.192 192.168.3.198
push "route 192.168.3.0 255.255.255.248"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
passtos
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 4
On the server (connected) :
Code: Select all
Ubuntu--$ ifconfig
br0 Link encap:Ethernet HWaddr 08:00:27:5e:70:c0
inet addr:192.168.3.15 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe5e:70c0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:941960 errors:0 dropped:6 overruns:0 frame:0
TX packets:1099957 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:316430588 (316.4 MB) TX bytes:707344584 (707.3 MB)
enp0s3 Link encap:Ethernet HWaddr 02:2d:cd:03:0d:15
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::2d:cdff:fe03:d15/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:41230 errors:0 dropped:0 overruns:0 frame:0
TX packets:35968 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4729019 (4.7 MB) TX bytes:15221889 (15.2 MB)
enp0s8 Link encap:Ethernet HWaddr 08:00:27:5e:70:c0
inet addr:192.168.3.15 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe5e:70c0/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:38445246 errors:0 dropped:0 overruns:0 frame:0
TX packets:1301970 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:50965044981 (50.9 GB) TX bytes:669265264 (669.2 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:121816 errors:0 dropped:0 overruns:0 frame:0
TX packets:121816 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:48071372 (48.0 MB) TX bytes:48071372 (48.0 MB)
tap0 Link encap:Ethernet HWaddr d6:32:30:da:44:ab
inet6 addr: fe80::d432:30ff:feda:44ab/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:347938 errors:0 dropped:0 overruns:0 frame:0
TX packets:588965 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:34694045 (34.6 MB) TX bytes:391282809 (391.2 MB)
Code: Select all
Ubuntu--$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.3.254 0.0.0.0 UG 0 0 0 br0
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 enp0s3
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s8
Code: Select all
Ubuntu--$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Ubuntu--$ sudo ufw status
Status: inactive
Client side :
Code: Select all
client-mac--$cat client.opvn
client
dev tap0
proto udp
remote my.domain.com 443
persist-key
persist-tun
ca ca.crt
cert mykey.crt
key mykey.key
remote-cert-tls server
comp-lzo
verb 3
on the client (during connection) :
Code: Select all
client-mac--$ifconconfig
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 78:31:c1:b9:12:1c
inet 192.168.2.51 netmask 0xffffff00 broadcast 192.168.2.255
media: autoselect
status: active
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 72:00:01:ee:e9:50
media: autoselect <full-duplex>
status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 72:00:01:ee:e9:51
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 7a:31:c1:9b:3d:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 6 priority 0 path cost 0
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 5 priority 0 path cost 0
nd6 options=1<PERFORMNUD>
media: <unknown type>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:31:c1:b9:12:1c
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether 36:f2:15:ae:aa:a8
inet6 fe80::34f2:15ff:feae:aaa8%awdl0 prefixlen 64 scopeid 0x9
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
vboxnet0: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:00
vboxnet1: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:01
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 96:b6:d7:9f:bd:96
inet 192.168.3.192 netmask 0xffffff00 broadcast 192.168.3.255
media: autoselect
status: active
open (pid 44216)
Code: Select all
client-mac--$netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.2.254 UGSc 4747 0 en0
127 127.0.0.1 UCS 3 2215 lo0
127.0.0.1 127.0.0.1 UH 16 3291910 lo0
127.0.0.11 127.0.0.1 UHWIi 1 1 lo0
127.39.184.87 127.0.0.1 UHWIi 1 1974 lo0
169.254 link#4 UCS 1 0 en0
192.168.2 link#4 UCS 7 0 en0
192.168.2.10 link#4 UHLWIi 1 1 en0
192.168.2.14 link#4 UHLWIi 1 1 en0
192.168.2.17 link#4 UHLWIi 1 1 en0
192.168.2.20 link#4 UHLWIi 1 1 en0
192.168.2.51/32 link#4 UCS 2 0 en0
192.168.2.51 78:31:c1:b9:12:1c UHLWIi 1 856 lo0
192.168.2.53 0:17:88:9:c2:f7 UHLWIi 1 48 en0 412
192.168.2.100 link#4 UHLWIi 1 10477 en0
192.168.2.254/32 link#4 UCS 2 0 en0
192.168.2.254 0:7:cb:30:0:2e UHLWIir 4743 987 en0 1198
192.168.3/29 192.168.3.15 UGSc 1 0 tap0
192.168.3 link#12 UC 5 0 tap0
192.168.3.15 8:0:27:5e:70:c0 UHLWIi 2 818 tap0 486
192.168.3.193 link#12 UHLWIi 1 6 tap0
192.168.3.202 link#12 UHLWIi 1 3 tap0
224.0.0 link#4 UmCS 2 0 en0
224.0.0.251 1:0:5e:0:0:fb UHmLWI 1 3 en0
255.255.255.255/32 link#4 UCS 2 0 en0
255.255.255.255 link#4 UHLWbI 1 2107 en0
Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 UcI lo0
fe80::1%lo0 link#1 UHLI lo0
fe80::%awdl0/64 link#9 UCI awdl0
fe80::34f2:15ff:feae:aaa8%awdl0 36:f2:15:ae:aa:a8 UHLI lo0
ff01::%lo0/32 ::1 UmCI lo0
ff01::%awdl0/32 link#9 UmCI awdl0
ff02::%lo0/32 ::1 UmCI lo0
ff02::%awdl0/32 link#9 UmCI awdl0
Code: Select all
host-mac--$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether 68:5b:35:b7:7b:2a
nd6 options=1<PERFORMNUD>
media: autoselect (none)
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether b4:18:d1:e5:22:4d
inet6 fe80::b618:d1ff:fee5:224d%en1 prefixlen 64 scopeid 0x5
inet 192.168.3.14 netmask 0xffffff00 broadcast 192.168.3.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
en2: flags=822<BROADCAST,SMART,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 32:00:1b:16:60:00
media: autoselect <full-duplex>
status: inactive
en3: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 32:00:1b:16:60:01
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 06:18:d1:e5:22:4d
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether 0e:cd:40:0a:6b:f2
inet6 fe80::ccd:40ff:fe0a:6bf2%awdl0 prefixlen 64 scopeid 0x9
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::1c27:5eb8:124f:ce11%utun0 prefixlen 64 scopeid 0xa
inet6 fdda:ba4b:a926:92e4:1c27:5eb8:124f:ce11 prefixlen 64
nd6 options=1<PERFORMNUD>
bridge0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 6a:5b:35:7b:9d:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en3 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 7 priority 0 path cost 0
media: <unknown type>
status: inactive
Code: Select all
host-mac--$ netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.3.254 UGSc 23 0 en1
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 6 13460 lo0
169.254 link#5 UCS 0 0 en1
192.168.3 link#5 UCS 2 0 en1
192.168.3.10 0:d:93:61:30:c4 UHLWIi 1 150137 en1 1140
192.168.3.14/32 link#5 UCS 0 0 en1
192.168.3.192 96:b6:d7:9f:bd:96 UHLWI 0 20 en1 970
192.168.3.254/32 link#5 UCS 1 0 en1
192.168.3.254 0:24:d4:b3:e7:d6 UHLWIir 25 3095 en1 1173
224.0.0 link#5 UmCS 1 0 en1
224.0.0.251 1:0:5e:0:0:fb UHmLWI 0 0 en1
255.255.255.255/32 link#5 UCS 0 0 en1
Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UHL lo0
fdda:ba4b:a926:92e4::/64 fe80::1c27:5eb8:124f:ce11%utun0 Uc utun0
fdda:ba4b:a926:92e4:1c27:5eb8:124f:ce11 link#10 UHL lo0
fe80::%lo0/64 fe80::1%lo0 UcI lo0
fe80::1%lo0 link#1 UHLI lo0
fe80::%en1/64 link#5 UCI en1
fe80::183b:b0cd:eed7:befa%en1 0:6d:52:88:1b:ce UHLWI en1
fe80::b618:d1ff:fee5:224d%en1 b4:18:d1:e5:22:4d UHLI lo0
fe80::%awdl0/64 link#9 UCI awdl0
fe80::ccd:40ff:fe0a:6bf2%awdl0 e:cd:40:a:6b:f2 UHLI lo0
fe80::%utun0/64 fe80::1c27:5eb8:124f:ce11%utun0 UcI utun0
fe80::1c27:5eb8:124f:ce11%utun0 link#10 UHLI lo0
ff01::%lo0/32 ::1 UmCI lo0
ff01::%en1/32 link#5 UmCI en1
ff01::%awdl0/32 link#9 UmCI awdl0
ff01::%utun0/32 fe80::1c27:5eb8:124f:ce11%utun0 UmCI utun0
ff02::%lo0/32 ::1 UmCI lo0
ff02::%en1/32 link#5 UmCI en1
ff02::%awdl0/32 link#9 UmCI awdl0
ff02::%utun0/32 fe80::1c27:5eb8:124f:ce11%utun0 UmCI utun0
From client to server :
client-mac--$ ping -c 10 192.168.3.15
--- 192.168.3.15 ping statistics ---
10 packets transmitted, 6 packets received, 40.0% packet loss
round-trip min/avg/max/stddev = 98.563/221.529/507.537/133.399 ms
client-mac--$ ping -c 10 -n 192.168.3.15
--- 192.168.3.15 ping statistics ---
10 packets transmitted, 7 packets received, 30.0% packet loss
round-trip min/avg/max/stddev = 96.743/146.345/193.829/30.541 ms
client-mac--$ ping -c 10 -n -R 192.168.3.15
--- 192.168.3.15 ping statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss
From client to host :
client-mac--$ ping -c 10 192.168.3.14
--- 192.168.3.14 ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 105.332/163.339/238.152/39.035 ms
$ ping -c 10 -n 192.168.3.14
--- 192.168.3.14 ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 61.561/175.646/444.777/103.324 ms
clien-mac--$ ping -c 10 -n -R 192.168.3.14
--- 192.168.3.14 ping statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss
If these are not enough to diagnose tell me.
Thanks for your help
V.