External IP Problem

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
renatolp
OpenVpn Newbie
Posts: 1
Joined: Fri Dec 27, 2019 5:52 pm

External IP Problem

Post by renatolp » Fri Dec 27, 2019 6:21 pm

Hi!

At home: OpenVPN Server on PfSense
At VPS: OpenVPN Client
All working fine

I want run a web server at home, using IP from VPS.

My tests:
VPS redirecting and NAT to port 81 (internal IP at home).

Home:

Code: Select all

sudo nc -l 192.168.66.250 81
VPS:

Code: Select all

root@vpsXXX:~# nc -v 192.168.66.250 81

Connection to 192.168.66.250 81 port [tcp/*] succeeded!
Internal IFACE VPS / OVPN

Code: Select all

root@vpsXXX:~# tcpdump -ni tun0

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
13:57:04.325227 IP 10.0.66.80.48546 > 192.168.66.250.81: Flags [S], seq 1692264393, win 29200, options [mss 1460,sackOK,TS val 1474707290 ecr 0,nop,wscale 10], length 0
13:57:04.376351 IP 192.168.66.250.81 > 10.0.66.80.48546: Flags [S.], seq 1580874067, ack 1692264394, win 28960, options [mss 1356,sackOK,TS val 846398589 ecr 1474707290,nop,wscale 7], length 0
13:57:04.376403 IP 10.0.66.80.48546 > 192.168.66.250.81: Flags [.], ack 1, win 29, options [nop,nop,TS val 1474707341 ecr 846398589], length 0
Server side:

Code: Select all

[2.4.4-RELEASE][root@pfSense.localdomain]/root: tcpdump -ni ovpns1

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ovpns1, link-type NULL (BSD loopback), capture size 262144 bytes
13:57:04.211112 IP 10.0.66.80.48546 > 192.168.66.250.81: Flags [S], seq 1692264393, win 29200, options [mss 1356,sackOK,TS val 1474707290 ecr 0,nop,wscale 10], length 0
13:57:04.212538 IP 192.168.66.250.81 > 10.0.66.80.48546: Flags [S.], seq 1580874067, ack 1692264394, win 28960, options [mss 1460,sackOK,TS val 846398589 ecr 1474707290,nop,wscale 7], length 0
13:57:04.263265 IP 10.0.66.80.48546 > 192.168.66.250.81: Flags [.], ack 1, win 29, options [nop,nop,TS val 1474707341 ecr 846398589], length 0
Just working fine!

Now, trying access from external IP:

EXTERNAL VPS IFACE / INTERNET (191.252.XXX.XXX)

Code: Select all

root@vpsXXX:~# tcpdump -ni eth0  port 81

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:20:08.702054 IP 198.199.98.246.48964 > 191.252.XXX.XXX.81: Flags [S], seq 3933996400, win 14600, options [mss 1460,sackOK,TS val 895166477 ecr 0,nop,wscale 8], length 0
14:20:09.701642 IP 198.199.98.246.48964 > 191.252.XXX.XXX.81: Flags [S], seq 3933996400, win 14600, options [mss 1460,sackOK,TS val 895166727 ecr 0,nop,wscale 8], length 0
14:20:09.703235 IP 198.199.98.246.48966 > 191.252.XXX.XXX.81: Flags [S], seq 2069974444, win 14600, options [mss 1460,sackOK,TS val 895166727 ecr 0,nop,wscale 8], length 0
14:20:10.702025 IP 198.199.98.246.48966 > 191.252.XXX.XXX.81: Flags [S], seq 2069974444, win 14600, options [mss 1460,sackOK,TS val 895166977 ecr 0,nop,wscale 8], length 0
14:20:10.704083 IP 198.199.98.246.48969 > 191.252.XXX.XXX.81: Flags [S], seq 2363823477, win 14600, options [mss 1460,sackOK,TS val 895166977 ecr 0,nop,wscale 8], length 0
14:20:11.701099 IP 198.199.98.246.48969 > 191.252.XXX.XXX.81: Flags [S], seq 2363823477, win 14600, options [mss 1460,sackOK,TS val 895167227 ecr 0,nop,wscale 8], length 0
INTERNAL VPS IFACE / OVPN

Code: Select all

root@vpsXXX:~# tcpdump -ni tun0

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
14:20:08.702143 IP 198.199.98.246.48964 > 192.168.66.250.81: Flags [S], seq 3933996400, win 14600, options [mss 1460,sackOK,TS val 895166477 ecr 0,nop,wscale 8], length 0
14:20:09.701694 IP 198.199.98.246.48964 > 192.168.66.250.81: Flags [S], seq 3933996400, win 14600, options [mss 1460,sackOK,TS val 895166727 ecr 0,nop,wscale 8], length 0
14:20:09.703310 IP 198.199.98.246.48966 > 192.168.66.250.81: Flags [S], seq 2069974444, win 14600, options [mss 1460,sackOK,TS val 895166727 ecr 0,nop,wscale 8], length 0
14:20:10.702075 IP 198.199.98.246.48966 > 192.168.66.250.81: Flags [S], seq 2069974444, win 14600, options [mss 1460,sackOK,TS val 895166977 ecr 0,nop,wscale 8], length 0
14:20:10.704125 IP 198.199.98.246.48969 > 192.168.66.250.81: Flags [S], seq 2363823477, win 14600, options [mss 1460,sackOK,TS val 895166977 ecr 0,nop,wscale 8], length 0
14:20:11.701158 IP 198.199.98.246.48969 > 192.168.66.250.81: Flags [S], seq 2363823477, win 14600, options [mss 1460,sackOK,TS val 895167227 ecr 0,nop,wscale 8], length 0
SERVER SIDE OVPN:

Code: Select all

[2.4.4-RELEASE][root@pfSense.localdomain]/root: tcpdump -ni ovpns1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ovpns1, link-type NULL (BSD loopback), capture size 262144 bytes
Nothing here!

What's up? Is the tunnel dropping packets?
Packages enter VPS and are redirected via iptables to IP inside LAN in OVPN server side, but never reach the other side.
Can someone help me understand?
[]'s
Renato
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: External IP Problem

Post by TinCanTech » Mon Dec 30, 2019 4:17 pm

See your openvpn server log at verb 4
Top
Post Reply

Return to “Off Topic, Related”