No Access To Local Network HTTPS Using TUN Push Route

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
beangeli
OpenVpn Newbie
Posts: 1
Joined: Thu Feb 01, 2018 8:12 pm

No Access To Local Network HTTPS Using TUN Push Route

Post by beangeli » Fri Feb 02, 2018 2:12 am

Good day, all. Did a lot of research, but have been unable to resolve this.

Issue:
The issue that I cannot get around is that the server log provides the well documented "bad source address from client" error, but there is no address in the brackets (they appear just like this: [] - as shown in the log below).

Background:
I have a local network computer with IPMI functionality accessible via HTTP and HTTPS. When on the local network I am able to access both HTTP and HTTPS from another computer. However, when connected to the network via VPN I can only access HTTP. When trying to access HTTPS I am able to add the self-signed certificate, but am unable to open the site and receive various connection failed errors in the browser.

Setup:
  • OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
    OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
  • Local network: 192.168.1.0 / 255.255.255.0
  • VPN network: 10.8.0.0 / 255.255.255.0
  • IPMI address: 192.168.1.10
  • Host machine Ubuntu 16.04
  • Client machine Xubuntu 17.10
SERVER

port 443
port-share 192.168.1.13 4545
proto tcp
dev tun
ca ca.crt
cert openvpn.crt
key openvpn.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp" #I've disabled and re-enabled this but no change to error
push "dhcp-option DNS 208.67.222.222" #I've disabled and re-enabled this but no change to error
push "dhcp-option DNS 208.67.220.220" #I've disabled and re-enabled this but no change to error
keepalive 10 120
tls-auth ta.key 0
key-direction 0
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 4
client-config-dir #I've added this and the ccd directory with the iroute command, but don't have an address to include


CLIENT

client.opvn
client
dev tun
proto tcp
remote [DNS Address Removed] 443
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
cipher AES-128-CBC
auth SHA256
comp-lzo
verb 3
key-direction 1
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf


SERVER LOG

Thu Feb 1 20:20:08 2018 us=759325 clientsp3/[remote IP address] PUSH: Received control message: 'PUSH_REQUEST'
Thu Feb 1 20:20:08 2018 us=759563 clientsp3/[remote IP address] send_push_reply(): safe_cap=940
Thu Feb 1 20:20:08 2018 us=759698 clientsp3/[remote IP address] SENT CONTROL [clientsp3]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9' (status=1)
Thu Feb 1 20:20:09 2018 us=587940 clientsp3/[remote IP address] MULTI: bad source address from client [], packet dropped
Thu Feb 1 20:20:09 2018 us=588367 clientsp3/[remote IP address] MULTI: Learn: 192.168.2.186 -> clientsp3/[remote IP address]
Thu Feb 1 20:20:10 2018 us=424374 clientsp3/[remote IP address] MULTI: bad source address from client [], packet dropped
Top
Post Reply

Return to “Server Administration”