Server and client on same host

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
thece
OpenVpn Newbie
Posts: 5
Joined: Thu Jan 26, 2017 10:37 pm

Server and client on same host

Post by thece » Wed Jan 09, 2019 10:03 pm

Hi,

I'm trying to set up a Raspberry PI to act at the same time as server and client (OpenVPN), but I can not make it. I'm missing something.
RPI, as client, connects to a 3rd party VPN service.
On RPI all things seem to work fine, but my OpenVPN clients do not connect to my OpenVPN server.
If RPI isn't connect to 3rd party VPN service, all thing work fine. My OpenVPN clients connect to my OpenVPN server.

Here some outputs

@RPI

ifconfig

Code: Select all

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.21  netmask 255.255.255.0  broadcast 192.168.0.255
        ether b8:27:eb:3d:7d:9b  txqueuelen 1000  (Ethernet)
        RX packets 3809  bytes 346945 (338.8 KiB)
        RX errors 0  dropped 967  overruns 0  frame 0
        TX packets 1538  bytes 189329 (184.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 25  bytes 2006 (1.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 25  bytes 2006 (1.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.0.0.1  netmask 255.255.255.0  destination 10.0.0.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 172.21.22.222  netmask 255.255.254.0  destination 172.21.22.222
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2  bytes 132 (132.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
route -n

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.21.22.1     128.0.0.0       UG    0      0        0 tun1
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
128.0.0.0       172.21.22.1     128.0.0.0       UG    0      0        0 tun1
129.232.244.133 192.168.0.1     255.255.255.255 UGH   0      0        0 eth0
172.21.22.0     0.0.0.0         255.255.254.0   U     0      0        0 tun1
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
cat /proc/sys/net/ipv4/ip_forward

Code: Select all

1
iptables-save

Code: Select all

# Generated by iptables-save v1.6.0 on Wed Jan  9 22:43:06 2019
*filter
:INPUT ACCEPT [2342:245806]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1885:202724]
:f2b-sshd - [0:0]
:f2b-vsftpd - [0:0]
-A INPUT -p tcp -m multiport --dports 21,20,990,989 -j f2b-vsftpd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A f2b-sshd -j RETURN
-A f2b-vsftpd -j RETURN
COMMIT
# Completed on Wed Jan  9 22:43:06 2019
# Generated by iptables-save v1.6.0 on Wed Jan  9 22:43:06 2019
*nat
:PREROUTING ACCEPT [195:32565]
:INPUT ACCEPT [195:32565]
:OUTPUT ACCEPT [172:13965]
:POSTROUTING ACCEPT [115:8526]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Jan  9 22:43:06 2019
@OpenVPN client

openvpn red_client.ovpn

Code: Select all

Wed Jan  9 22:33:47 2019 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Wed Jan  9 22:33:47 2019 library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.08
Wed Jan  9 22:33:47 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jan  9 22:33:47 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Jan  9 22:33:47 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan  9 22:33:47 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan  9 22:33:47 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]87.###.###.###:443
Wed Jan  9 22:33:47 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Jan  9 22:33:47 2019 UDP link local: (not bound)
Wed Jan  9 22:33:47 2019 UDP link remote: [AF_INET]87.###.###.###:443
Wed Jan  9 22:34:47 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan  9 22:34:47 2019 TLS Error: TLS handshake failed
Wed Jan  9 22:34:47 2019 SIGUSR1[soft,tls-error] received, process restarting
Wed Jan  9 22:34:47 2019 Restart pause, 5 second(s)
Wed Jan  9 22:34:52 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jan  9 22:34:52 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Jan  9 22:34:52 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]87.###.###.###:443
Wed Jan  9 22:34:52 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Jan  9 22:34:52 2019 UDP link local: (not bound)
Wed Jan  9 22:34:52 2019 UDP link remote: [AF_INET]87.###.###.###:443
Top
Post Reply

Return to “Configuration”