Community Support Forum
 
  OpenVPN.net  •  Forum Index  •  FAQ  

It is currently Wed Apr 23, 2014 2:09 pm


Forum rules


If you would like help, here is a few things you will want to do in order to help us help you.

**Post your configs from client and server, without comments. you can strip comments in linux/bsd with something like this:
grep -vE '^#|^;|^$' server.conf
**Tell us your goal.
**If you are having problems connecting, post your logfiles from server and client after using verb 4 in both configs


Also, there are 2 things you should be aware of:

**Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. Why TCP Over TCP Is A Bad Idea: http://sites.inka.de/~bigred/devel/tcp-tcp.html
**You ONLY want to use dev tap if you are tunneling layer2 traffic, if you are using IP traffic you want tun. If you are using tap only for windows file sharing, look into running a WINS server instead.



Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 7 posts ] 
 How to bind OpenVPN to one network interface? 
Author Message
 Post subject: How to bind OpenVPN to one network interface?
PostPosted: Sun Jul 15, 2012 9:19 pm 
OpenVpn Newbie

Joined: Sun Jul 15, 2012 9:07 pm
Posts: 4
Hello all,

I have a server with two separate network interfaces running through the same router eth0 (10.1.1.35) and eth1 (10.1.1.36). I have tried to bind my OpenVPN client to eth1 by including the following line in my .conf file:
Code:
local 10.1.1.36


ip route shows that eth0 is still the default route, which is what I want, however it seems that ALL of my network traffic is going through the VPN Service instead of just the traffic assigned to eth1. I've tested this by running the VPN service and doing a traceroute,which shows the traffic going through the VPN Service.

Anyone have any suggestions on how I can fix this issue? I'm trying to set it up so I have some services (SSH, Web Server) running on eth0, and other services running on eth1 through the VPN.

I appreciate any help! Let me know if any more information is needed. Thanks,

Max


Offline
 Profile  
 
 Post subject: Re: How to bind OpenVPN to one network interface?
PostPosted: Wed Jul 18, 2012 7:24 am 
Forum Team
User avatar

Joined: Wed Jan 12, 2011 9:23 am
Posts: 2798
Location: Athens,Greece
hi there,

can you please post more info about your setup?

f.e, openvpn config file,output of: ifconfig,netstat -nr,ip route show,iptables -L -t nat -v

regards

Michael.

_________________
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Mitsubishi Evo IX Rules! (HKS EVC-S ,HKS TBE,HKS suction kit ,HKS Type R IC,Walbro 255 ,HKS 272/278, Motec m800OEM)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)


Offline
 Profile  
 
 Post subject: Re: How to bind OpenVPN to one network interface?
PostPosted: Thu Jul 19, 2012 4:46 am 
OpenVpn Newbie

Joined: Sun Jul 15, 2012 9:07 pm
Posts: 4
Yes, here is the info you asked for.

openvpn.conf:
Code:
client
dev tun
proto udp
local 10.1.1.36
remote vpn.sanfrancisco.witopia.net 1194
resolv-retry infinite
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/CN0027XXXX.crt
key /etc/openvpn/CN0027XXXX.key
cipher BF-CBC
comp-lzo
verb 3


ifconfig:
Code:
eth0      Link encap:Ethernet  HWaddr 00:c0:49:fa:20:e7 
          inet addr:10.1.1.35  Bcast:10.1.1.255  Mask:255.255.255.0
          inet6 addr: fe80::2c0:49ff:fefa:20e7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2486702 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3177002 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:443869674 (423.3 MiB)  TX bytes:836398442 (797.6 MiB)
          Interrupt:22 Base address:0xc00

eth1      Link encap:Ethernet  HWaddr 00:0c:f1:e2:16:c2 
          inet addr:10.1.1.36  Bcast:10.1.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:f1ff:fee2:16c2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2367968 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2137663 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1256154932 (1.1 GiB)  TX bytes:970675793 (925.7 MiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:598735 errors:0 dropped:0 overruns:0 frame:0
          TX packets:598735 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:168249655 (160.4 MiB)  TX bytes:168249655 (160.4 MiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:10.119.75.238  P-t-P:10.119.75.237  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1349690 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1522526 errors:0 dropped:109 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:777006939 (741.0 MiB)  TX bytes:192633288 (183.7 MiB)


netstat -nr:
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
205.164.56.59   10.1.1.1        255.255.255.255 UGH       0 0          0 eth1
10.119.75.237   0.0.0.0         255.255.255.255 UH        0 0          0 tun0
10.119.72.1     10.119.75.237   255.255.255.255 UGH       0 0          0 tun0
10.1.1.0        0.0.0.0         255.255.255.0   U         0 0          0 eth1
10.1.1.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
0.0.0.0         10.119.75.237   128.0.0.0       UG        0 0          0 tun0
128.0.0.0       10.119.75.237   128.0.0.0       UG        0 0          0 tun0
0.0.0.0         10.1.1.1        0.0.0.0         UG        0 0          0 eth0


ip route show:
Code:
205.164.56.59 via 10.1.1.1 dev eth1
10.119.75.237 dev tun0  proto kernel  scope link  src 10.119.75.238
10.119.72.1 via 10.119.75.237 dev tun0
10.1.1.0/24 dev eth1  proto kernel  scope link  src 10.1.1.36  metric 1
10.1.1.0/24 dev eth0  proto kernel  scope link  src 10.1.1.35  metric 1
0.0.0.0/1 via 10.119.75.237 dev tun0
128.0.0.0/1 via 10.119.75.237 dev tun0
default via 10.1.1.1 dev eth0  proto static


iptables -L -t nat -v:
Code:
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         


Thanks for your help! Let me know if you need anything else. Getting this resolved would be really great.

Max


Offline
 Profile  
 
 Post subject: Re: How to bind OpenVPN to one network interface?
PostPosted: Thu Jul 19, 2012 4:58 am 
OpenVpn Newbie

Joined: Sun Jul 15, 2012 9:07 pm
Posts: 4
Oops, posted same message twice.


Last edited by Maxor91 on Thu Jul 19, 2012 3:01 pm, edited 1 time in total.

Offline
 Profile  
 
 Post subject: Re: How to bind OpenVPN to one network interface?
PostPosted: Thu Jul 19, 2012 12:30 pm 
Forum Team
User avatar

Joined: Wed Jan 12, 2011 9:23 am
Posts: 2798
Location: Athens,Greece
can you please read this first..

http://kindlund.wordpress.com/2007/11/1 ... -in-linux/

Michael.

_________________
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Mitsubishi Evo IX Rules! (HKS EVC-S ,HKS TBE,HKS suction kit ,HKS Type R IC,Walbro 255 ,HKS 272/278, Motec m800OEM)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)


Offline
 Profile  
 
 Post subject: Re: How to bind OpenVPN to one network interface?
PostPosted: Fri Jul 20, 2012 2:05 am 
OpenVpn Newbie

Joined: Sun Jul 15, 2012 9:07 pm
Posts: 4
Well, that is exactly what I needed! Works perfectly. Thanks!


Offline
 Profile  
 
 Post subject: Re: How to bind OpenVPN to one network interface?
PostPosted: Fri Jul 20, 2012 11:26 am 
Forum Team
User avatar

Joined: Wed Jan 12, 2011 9:23 am
Posts: 2798
Location: Athens,Greece
glad to helped you out.

Regards,

Michael.

_________________
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Mitsubishi Evo IX Rules! (HKS EVC-S ,HKS TBE,HKS suction kit ,HKS Type R IC,Walbro 255 ,HKS 272/278, Motec m800OEM)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)


Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 7 posts ] 


 Who is online 

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


phpBB SEO
[ Time : 0.188s | 12 Queries | GZIP : On ]

 
Index  |  FAQ


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group