[SOLVED] Need Help with Config

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
cabbiebro
OpenVpn Newbie
Posts: 3
Joined: Tue Dec 21, 2010 7:24 am

[SOLVED] Need Help with Config

Post by cabbiebro » Tue Dec 21, 2010 7:39 am

Hey all,

I have setup 2 x Debian boxes to run my VPN.

My goal is to link 2 LANs together with a openvpn tunnel, primarily for IP phones.

Here is my Config files from Server (LAN1) and Client (LAN2)

Server

Code: Select all

server 10.8.0.0 255.255.255.0
proto udp
port 1194
dev tun
keepalive 10 120
daemon
writepid /var/run/openvpn.pid
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
verb 3
mute 20
client-to-client
cd /etc/openvpn
tls-server
tls-auth keys/ta.key 0
cipher BF-CBC
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
client-config-dir ccd
route 192.168.2.0 255.255.255.0
log         openvpn.log
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
Client

Code: Select all

client
proto udp
dev tun
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
daemon
writepid /var/run/openvpn.pid
verb 3
mute 20
user nobody
group nogroup
cd /etc/openvpn
ca keys/ca.crt
cert keys/client1.crt
key keys/client1.key
tls-auth keys/ta.key 1
log openvpn.log
The Server is getting VPN IP 10.8.0.1 and the Client is setup with CCD to get 10.8.0.2.

I can ping each of the vpn boxes from each other and i can ping their respective LAN IPs but i cant ping anything behind it from either box.

I have setup on the Routers (ADSL Modems) a static route
LAN1: 192.168.2.0 255.255.255.0 > 192.168.1.220 (LAN2 subnet and server local IP on LAN1)
LAN2: 192.168.1.0 255.255.255.0 > 192.168.2.220 (LAN1 subnet and client local IP on LAN2)

and here is the results of route tables on the Debian boxes

Server

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.2.0     10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0        0 eth0
Client

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.3        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.8.0.0        10.8.0.3        255.255.255.0   UG    0      0        0 tun0
192.168.1.0     10.8.0.2        255.255.255.0   UG    0      0        0 tun0
0.0.0.0         192.168.2.254   0.0.0.0         UG    0      0        0 eth0
Can anyone please help me and shed some light on this.

Thanks for your help :D
Top
cabbiebro
OpenVpn Newbie
Posts: 3
Joined: Tue Dec 21, 2010 7:24 am

Re: Need Help with Config

Post by cabbiebro » Tue Dec 21, 2010 2:43 pm

*Update*
After enabling IP forwarding into what i think is short for system control on both boxes

/etc/sysctl.conf:
net.ipv4.ip_forward = 1

i can now ping the entire LAN of the client side (LAN2 - 192.168.2.0/24) from the server side (LAN1 - 192.168.1.0/24) so thats all sweet

I can't ping the server side (LAN1) tho from the client side (LAN2). There are only 2 devices i can ping, the VPN Server and the Router on their private LAN1 IP addresses.

When i run a traceroute it gets to the VPN server tun IP - 10.8.0.1 but doesnt go any further, except for the router IP.

To fix this issue so far i forgot to add the route on both sides router for the VPN subnet 10.8.0.0/24 to go to their prospective vpn box LAN IP.

can anyone please give me any ideas?

im kinda tearing my hair out, i make a step further only to hit another mental brick wall lol.

Learning tho. after this i will be a networking genius. hahahhahahaha.
Top
User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: Need Help with Config

Post by gladiatr72 » Mon Dec 27, 2010 6:20 pm

Hello,

Check your iptables rules on the server side. You'll need to explicitly allow traffic to be forwarded through tunN.

Let me know how it goes.

Regards,
Stephen
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
Top
cabbiebro
OpenVpn Newbie
Posts: 3
Joined: Tue Dec 21, 2010 7:24 am

Re: Need Help with Config

Post by cabbiebro » Wed Dec 29, 2010 11:27 am

**UPDATE**

Hey All,

Sorry been lazy (xmas break is my only time off).

Got this sorted, it ended up being the Firewall Router i was using, it didnt seem to route the requests correctly.

I implemented another test router and it worked perfectly, i then reset my original firewall router to default then all was good.

So moral of my issue,

Make sure you turn on ip forwarding and maybe try a different router.

Now another question in case anyone sees this, anyone know how to do QoS over the openvpn tunnel? i need to priorities certain packets that my IP phone system uses.
Top
Post Reply

Return to “Configuration”