Amazon Cloud and OpenVPN

How to customize and extend your OpenVPN installation.
Post Reply
masalinas
OpenVpn Newbie
Posts: 1
Joined: Mon Dec 13, 2010 9:47 pm

Amazon Cloud and OpenVPN

Post by masalinas » Mon Dec 13, 2010 9:57 pm

I have a AMI running a OpenVPN Server (Ubuntu Lucid).
I have a client OpenVPN (Ubuntu Lucid).

******** My OpenVPN Server conf is:
port 1194
proto tcp
dev tun

#secret ovpn.key
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem

#Direcciones que se asignaran a los
#clientes, el server es .1
server 10.179.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt

#Ruta para que los clientes alcancen la red local del server (56.0/24)
client-config-dir ccd
route 192.168.2.0 255.255.255.0

keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 4

**** My OpenVPN Client conf is ****

client
dev tun
#proto udp
proto tcp

remote <Public IP> 1194
resolv-retry infinite
nobind

#Las dos siguientes opciones no van en windows
user nobody
group nobody

persist-key
persist-tun

ca ca.crt
cert client.crt
key client.key

comp-lzo
verb 4

******* The AMI ifconfig is:

eth0 Link encap:Ethernet HWaddr 12:31:3d:06:29:01
inet addr:<Private IP> Bcast:10.112.55.255 Mask:255.255.254.0
inet6 addr: fe80::1031:3dff:fe06:2901/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:312104 errors:0 dropped:0 overruns:0 frame:0
TX packets:253442 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:97836329 (97.8 MB) TX bytes:61357028 (61.3 MB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:608 errors:0 dropped:0 overruns:0 frame:0
TX packets:608 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:49512 (49.5 KB) TX bytes:49512 (49.5 KB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.179.1.1 P-t-P:10.179.1.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP PROMISC MULTICAST MTU:1500 Metric:1
RX packets:45 errors:0 dropped:0 overruns:0 frame:0
TX packets:167 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3780 (3.7 KB) TX bytes:14028 (14.0 KB)

***** netstat AMI is:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.179.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.179.1.0 10.179.1.2 255.255.255.0 UG 0 0 0 tun0
192.168.2.0 10.179.1.2 255.255.255.0 UG 0 0 0 tun0
10.112.54.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
0.0.0.0 10.112.54.1 0.0.0.0 UG 0 0 0 eth0

******* The client ifconfig is:
eth0 Link encap:Ethernet direcciónHW 00:19:d1:76:d5:9e
Direc. inet:192.168.2.1 Difus.:192.168.2.255 Másc:255.255.255.0
Dirección inet6: fe80::219:d1ff:fe76:d59e/64 Alcance:Enlace
ACTIVO DIFUSIÓN FUNCIONANDO MULTICAST MTU:1500 Métrica:1
Paquetes RX:2661 errores:0 perdidos:0 overruns:0 frame:0
Paquetes TX:1309 errores:0 perdidos:0 overruns:0 carrier:0
colisiones:0 long.colaTX:1000
Bytes RX:441852 (441.8 KB) TX bytes:161921 (161.9 KB)
Memoria:dffe0000-e0000000

lo Link encap:Bucle local
Direc. inet:127.0.0.1 Másc:255.0.0.0
Dirección inet6: ::1/128 Alcance:Anfitrión
ACTIVO BUCLE FUNCIONANDO MTU:16436 Métrica:1
Paquetes RX:52243 errores:0 perdidos:0 overruns:0 frame:0
Paquetes TX:52243 errores:0 perdidos:0 overruns:0 carrier:0
colisiones:0 long.colaTX:0
Bytes RX:8720224 (8.7 MB) TX bytes:8720224 (8.7 MB)

tun0 Link encap:UNSPEC direcciónHW 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
Direc. inet:10.179.1.6 P-t-P:10.179.1.5 Másc:255.255.255.255
ACTIVO PUNTO A PUNTO FUNCIONANDO NOARP PROMISCUO MULTICAST MTU:1500 Métrica:1
Paquetes RX:45 errores:0 perdidos:0 overruns:0 frame:0
Paquetes TX:45 errores:0 perdidos:0 overruns:0 carrier:0
colisiones:0 long.colaTX:100
Bytes RX:3780 (3.7 KB) TX bytes:3780 (3.7 KB)

wlan0 Link encap:Ethernet direcciónHW 00:13:f7:e8:48:ba
Direc. inet:192.168.1.107 Difus.:192.168.1.255 Másc:255.255.255.0
Dirección inet6: fe80::213:f7ff:fee8:48ba/64 Alcance:Enlace
ACTIVO DIFUSIÓN FUNCIONANDO MULTICAST MTU:1500 Métrica:1
Paquetes RX:84320 errores:0 perdidos:0 overruns:0 frame:0
Paquetes TX:65748 errores:0 perdidos:1 overruns:0 carrier:0
colisiones:0 long.colaTX:1000
Bytes RX:91970134 (91.9 MB) TX bytes:8217883 (8.2 MB)

**** the netstat client is:

10.179.1.1 10.179.1.5 255.255.255.255 UGH 0 0 0 tun0
10.179.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0

I Can ping 10.179.1.6 from AMI
I can ping 10.179.1.1 from client.
I cant not ping any PC besides client subnet 192.168.2.0/24 from AMI!!!!

I don't have any rule in filter iptables, i do not have any rule in NAT table in AMI
I don't have any rule in filter iptables, i do not have any rule in NAT table in client

What is the problem????

Best regards.

Post Reply