I'm trying to set up a Raspberry PI to act at the same time as server and client (OpenVPN), but I can not make it. I'm missing something.
RPI, as client, connects to a 3rd party VPN service.
On RPI all things seem to work fine, but my OpenVPN clients do not connect to my OpenVPN server.
If RPI isn't connect to 3rd party VPN service, all thing work fine. My OpenVPN clients connect to my OpenVPN server.
Here some outputs
@RPI
ifconfig
Code: Select all
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.21 netmask 255.255.255.0 broadcast 192.168.0.255
ether b8:27:eb:3d:7d:9b txqueuelen 1000 (Ethernet)
RX packets 3809 bytes 346945 (338.8 KiB)
RX errors 0 dropped 967 overruns 0 frame 0
TX packets 1538 bytes 189329 (184.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 25 bytes 2006 (1.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 25 bytes 2006 (1.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.255.0 destination 10.0.0.1
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 172.21.22.222 netmask 255.255.254.0 destination 172.21.22.222
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 132 (132.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.21.22.1 128.0.0.0 UG 0 0 0 tun1
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
128.0.0.0 172.21.22.1 128.0.0.0 UG 0 0 0 tun1
129.232.244.133 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
172.21.22.0 0.0.0.0 255.255.254.0 U 0 0 0 tun1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Code: Select all
1
Code: Select all
# Generated by iptables-save v1.6.0 on Wed Jan 9 22:43:06 2019
*filter
:INPUT ACCEPT [2342:245806]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1885:202724]
:f2b-sshd - [0:0]
:f2b-vsftpd - [0:0]
-A INPUT -p tcp -m multiport --dports 21,20,990,989 -j f2b-vsftpd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A f2b-sshd -j RETURN
-A f2b-vsftpd -j RETURN
COMMIT
# Completed on Wed Jan 9 22:43:06 2019
# Generated by iptables-save v1.6.0 on Wed Jan 9 22:43:06 2019
*nat
:PREROUTING ACCEPT [195:32565]
:INPUT ACCEPT [195:32565]
:OUTPUT ACCEPT [172:13965]
:POSTROUTING ACCEPT [115:8526]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Jan 9 22:43:06 2019
openvpn red_client.ovpn
Code: Select all
Wed Jan 9 22:33:47 2019 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Wed Jan 9 22:33:47 2019 library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.08
Wed Jan 9 22:33:47 2019 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jan 9 22:33:47 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Jan 9 22:33:47 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan 9 22:33:47 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan 9 22:33:47 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]87.###.###.###:443
Wed Jan 9 22:33:47 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Jan 9 22:33:47 2019 UDP link local: (not bound)
Wed Jan 9 22:33:47 2019 UDP link remote: [AF_INET]87.###.###.###:443
Wed Jan 9 22:34:47 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 9 22:34:47 2019 TLS Error: TLS handshake failed
Wed Jan 9 22:34:47 2019 SIGUSR1[soft,tls-error] received, process restarting
Wed Jan 9 22:34:47 2019 Restart pause, 5 second(s)
Wed Jan 9 22:34:52 2019 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jan 9 22:34:52 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Jan 9 22:34:52 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]87.###.###.###:443
Wed Jan 9 22:34:52 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Jan 9 22:34:52 2019 UDP link local: (not bound)
Wed Jan 9 22:34:52 2019 UDP link remote: [AF_INET]87.###.###.###:443