Community Support Forum
 
  OpenVPN.net  •  Forum Index  •  FAQ  

It is currently Thu Apr 24, 2014 10:49 am


Forum rules


If you would like help, here is a few things you will want to do in order to help us help you.

**Post your configs from client and server, without comments. you can strip comments in linux/bsd with something like this:
grep -vE '^#|^;|^$' server.conf
**Tell us your goal.
**If you are having problems connecting, post your logfiles from server and client after using verb 4 in both configs


Also, there are 2 things you should be aware of:

**Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. Why TCP Over TCP Is A Bad Idea: http://sites.inka.de/~bigred/devel/tcp-tcp.html
**You ONLY want to use dev tap if you are tunneling layer2 traffic, if you are using IP traffic you want tun. If you are using tap only for windows file sharing, look into running a WINS server instead.



Post new topic Reply to topic  [ 8 posts ] 
 [SOLVED] IP address of client still visible 
Author Message
 Post subject: [SOLVED] IP address of client still visible
PostPosted: Thu Jan 13, 2011 9:15 pm 
OpenVpn Newbie

Joined: Thu Jan 13, 2011 8:59 pm
Posts: 5
Hi,

I have recently set up OpenVPN on a Debian VPS, with Clients tested on Windows XP and 7.

All works fine and when I check the IP address on sites like 'What's my IP' and also using Firefox plugin to check external IP I get the VPS static IP address as expected.

Something weird though - on my phpbb forum, I logged in as administrator and on the log it showed the Client web IP address! I checked on my Wordpress blog and posted a comment and found it showed up as originating at the Client web IP address as well.

Is this normal? Has anyone experienced this? If not, what should I be checking for?


Offline
 Profile  
 
 Post subject: Re: IP address of client still visible
PostPosted: Fri Jan 14, 2011 3:47 pm 
Forum Team
User avatar

Joined: Mon Dec 13, 2010 3:51 pm
Posts: 194
Location: Lawrence, KS
Hello,

Is this client web IP address that external address of your firewall/router? Is your client system directly connected to the internet somewhere?

Dunno. Perhaps try deleting any local cookies for that site and and trying again.

-Stephen

_________________
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole


Offline
 Profile  
 
 Post subject: Re: IP address of client still visible
PostPosted: Fri Jan 14, 2011 8:34 pm 
OpenVpn Newbie

Joined: Thu Jan 13, 2011 8:59 pm
Posts: 5
Hi,

Yes, it is the external IP of the router for the Client.

The cookie thing got me thinking - yes the wordpress has a cookie with the router IP address in it - however it is creating that from the visit via the VPN - I checked on Chrome and Seamonkey too. phpBB creates SID cookies which are encoded so not sure if the ip is in with the cookie - probably is though.

I have tried from various browsers with and without the cookies enabled, so it must be something from the configuration - tried XP and Win7 to exclude problems with Win7.

Is there anything in the configuration for using browsers I need to do? I simply log on to the VPN and continue with using the browser and thought it had worked OK - I have not touched any of the proxy settings, but somehow the original IP address is passing through the VPN in some form, although the new IP address is being presented to the web site.

I have created a php script on one of my web sites and this shows the $_SERVER['REMOTE_ADDR'] to be the vps IP address as expected.

Will continue to investigate by picking apart what is sent, but any other thoughts welcome. Given that one of the many reasons people use a VPN is to obfuscate the client IP this seems very strange.

Alistair


Offline
 Profile  
 
 Post subject: Re: IP address of client still visible
PostPosted: Fri Jan 14, 2011 8:45 pm 
Forum Team
User avatar

Joined: Mon Dec 13, 2010 3:51 pm
Posts: 194
Location: Lawrence, KS
A simple test would be to run a trace from your client system to the host of the bulletin board you're connecting to. OpenVPN doesn't interact packets at the application layer. From what you've described, it sounds like you are making your vpn end-point the default gateway--that being said, the only packets being emitted from your local router on behalf of your vpn client would be those maintaining the vpn tunnel itself.

-S

_________________
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole


Offline
 Profile  
 
 Post subject: Re: IP address of client still visible
PostPosted: Thu Jan 20, 2011 3:06 pm 
OpenVpn Newbie

Joined: Thu Jan 13, 2011 8:59 pm
Posts: 5
Not sure how I do a trace within the VPN - is there any routine to do this?

re: cookies.

The wordpress and phpbb are both capturing the IP address at the Client level somehow and this is the Client router IP address (the Client is going on to the internet to connect to the VPN server) - they are then storing as cookie or in the database.

My question is whether the configuration of the OpenVPN server or Client can be changed to stop this happening or to get the external software to use the server IP address which is being used by the web server that you connect to - this shows the VPN server IP address as expected.

Thanks

Alistair


Offline
 Profile  
 
 Post subject: Re: IP address of client still visible
PostPosted: Fri Jan 21, 2011 3:25 pm 
Forum Team
User avatar

Joined: Mon Dec 13, 2010 3:51 pm
Posts: 194
Location: Lawrence, KS
On any windows system, from cmd.exe, you can use: tracert -d forums.destination.net

What you should see are lines showing the remote end-point of your VPN followed by additional lines showing the route of your packet to the destination server.

Unless you have a persistent cookie on your windows system that has stored the original, non-vpn IP address of your client, I can't see how the phbb software could possibly be aware of of the non-vpn address unless your vpn connection is misconfigured.

-Stephen

_________________
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole


Offline
 Profile  
 
 Post subject: Re: IP address of client still visible
PostPosted: Fri Jan 21, 2011 6:03 pm 
OpenVpn Newbie

Joined: Thu Jan 13, 2011 8:59 pm
Posts: 5
Hi,

I think you are right - I have tried on Linux Client too - same problem.

I am doing some more research and changes to configs and will come back with my findings - one quick question though - should the Client external IP address show up in the openvpn-status.log as Real Address - virtual address is 10.8.0.6?

The logs also keep referring to the Client IP being 'Learnt'

Alistair


Offline
 Profile  
 
 Post subject: Re: IP address of client still visible
PostPosted: Sat Jan 22, 2011 12:21 pm 
OpenVpn Newbie

Joined: Thu Jan 13, 2011 8:59 pm
Posts: 5
Hi,

Follow-up: the OpenVPN configuration is not the problem.

When I test using another website not hosted on the VPS server I get the correct IP address of the VPS server given in $_SERVER['REMOTE_ADDR'].

When I test on a website hosted on the VPS server I get the Client IP address.

I am using NGINX, but think it might be something to do with the NAT routing on the VPS. Will investigate further, but I don't think it is a problem as such.

Thanks for your input.

Alistair


Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 


 Who is online 

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


phpBB SEO
[ Time : 0.164s | 14 Queries | GZIP : On ]

 
Index  |  FAQ


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group