Need help! [openvpn over dynamic ssh proxy]

[major]

Greetings to all
Please be patient with me, I am fresh fish :p
My ISP is suffocating openvpn protocol (always fail in TLS handshake), so I have to find another way to connect.
I tried to use ssh to the same vps (as dynamic socks5 proxy) using port 1050
I am connected... but nothing more (ie: nothing is happening)
I cannot ping client from server
I cannot ping server from client
here is a copy of server.conf:
port 38823
proto tcp
dev tun
script-security 3
tls-server
ca /etc/openvpn/2.0/keys/ca.crt
cert /etc/openvpn/2.0/keys/server.crt
key /etc/openvpn/2.0/keys/server.key
dh /etc/openvpn/2.0/keys/dh1024.pem
server 10.13.13.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.13.13.0 255.255.255.0"
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
cipher AES-128-CBC
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
route-noexec
verb 4

and here is a copy of client.ovpn:
client
# pull
dev tun
proto tcp
socks-proxy-retry
socks-proxy 127.0.0.1 1050
remote <vps.ip.here> 38823
route <vps.ip.here> 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 3
ca ca.crt
client client.crt
key client.key
cipher AES-128-CBC
comp-lzo
ping 5
ping restart 10
verb 3

Also I checked / double-checked iptables, and seems nothing is wrong.
Any ideas will be appreciated .

[janjust]

try it without all the routing rules on both client and server ; with socks proxies in combination with redirect-gateway you need to especially careful that the SOCKS proxy host (the SSH host in your case) remains reachable via a non-VPN route *after* the VPN tunnel comes up.

[major]

In fact, I fell in that loop, since I'm doing SSH to the same vps
also tried to stop all routing
I am able to connect, but could not ping server from client, and vise versa.
Any ideas?

[janjust]

set 'verb 4' in the client config file, connect, then post the connection log file here.

[major]

I re-installed everything, and reset all
now the client is connected (using dynamic socks5 proxy)
and windows client & linux server can ping each other.
but this is it (my ip still as it is).
if I forwarded everything into the server's localhost, I will lose the socks proxy, thus connection will drop.
I must make the client forward traffic to the tunnel (except ports 2600 and 1080 because they are used to proxy).
Any ideas?

[janjust]

again: set 'verb 4' in the client config file, connect, then post the connection log file here.

[major]

Well...
I solved the problem, by adding the following to client.ovpn:

Code: Select all

route <vps.ip> <subnet.mask.here> net_gateway

But now I have another issue,
I want to make openvpn client and server at the same time
server to my connection, and client to other openvpn connection
is that possible to do, like bridging 2 networks?

[salazarj]

Thanks for info supplied in this thread. Has helped answer some of my own questions.

James