Make client reachable
Posted: Sat Jun 02, 2012 12:15 pm
Hi,
I suscribed to an openvpn provider. This provider provides me with a config which pulls a new default route, such that all traffic goes through the vpn. Unfortunately, this also makes the client unreachable from my lan. I want to be able to fix this.
My attempts so far have led me to read these posts very carefully, without success: eth0 does not respond to ping when I start openvpn.
topic7175.html
topic8682.html
After starting openvpn, I run these commands:
When I ping eth0, I don't get any reply. However, tcpdump shows that the system sees icmp requests and tries to reply:
Here, you will see 'ifconfig' and 'route -n' output:
Here, what I thought to be relevant from the openvpn logs:
I did not post the config my openvpn provider sent me, but I can do it on request.
I suscribed to an openvpn provider. This provider provides me with a config which pulls a new default route, such that all traffic goes through the vpn. Unfortunately, this also makes the client unreachable from my lan. I want to be able to fix this.
My attempts so far have led me to read these posts very carefully, without success: eth0 does not respond to ping when I start openvpn.
topic7175.html
topic8682.html
After starting openvpn, I run these commands:
Code: Select all
ip rule add from 192.168.0.0/24 table 10
ip rule add to 192.168.0.0/24 table 10
ip route add default via 192.168.0.1 dev eth0 table 10
Code: Select all
~/ % sudo tcpdump -i eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:03:46.577667 IP 192.168.0.16 > 192.168.0.13: ICMP echo request, id 21751, seq 1, length 64
14:03:46.577721 IP 192.168.0.13 > 192.168.0.16: ICMP echo reply, id 21751, seq 1, length 64
14:03:47.588573 IP 192.168.0.16 > 192.168.0.13: ICMP echo request, id 21751, seq 2, length 64
14:03:47.588616 IP 192.168.0.13 > 192.168.0.16: ICMP echo reply, id 21751, seq 2, length 64
14:03:48.586394 IP 192.168.0.16 > 192.168.0.13: ICMP echo request, id 21751, seq 3, length 64
14:03:48.586447 IP 192.168.0.13 > 192.168.0.16: ICMP echo reply, id 21751, seq 3, length 64
14:03:49.586387 IP 192.168.0.16 > 192.168.0.13: ICMP echo request, id 21751, seq 4, length 64
14:03:49.586441 IP 192.168.0.13 > 192.168.0.16: ICMP echo reply, id 21751, seq 4, length 64
Code: Select all
~/ % ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
inet 192.168.0.13 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::225:22ff:feb4:d99e prefixlen 64 scopeid 0x20<link>
ether 00:25:22:b4:d9:9e txqueuelen 1000 (Ethernet)
RX packets 623 bytes 74417 (72.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 609 bytes 95024 (92.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 40 base 0x2000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436 metric 1
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 1063 bytes 91073 (88.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1063 bytes 91073 (88.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 metric 1
inet 10.0.15.209 netmask 255.255.255.255 destination 10.0.15.210
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 28 bytes 4257 (4.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 29 bytes 2743 (2.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
~/ % route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.15.210 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.0.1 0.0.0.0 UG 202 0 0 eth0
10.0.8.1 10.0.15.210 255.255.255.255 UGH 0 0 0 tun0
10.0.15.210 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
128.0.0.0 10.0.15.210 128.0.0.0 UG 0 0 0 tun0
178.209.50.214 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
Code: Select all
~/ % grep openvpn /var/log/daemon.log | tail -n20
Jun 2 14:03:20 localhost openvpn[1158]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 2 14:03:20 localhost openvpn[1158]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 2 14:03:20 localhost openvpn[1158]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Jun 2 14:03:20 localhost openvpn[1158]: [tunnelr.com] Peer Connection Initiated with 178.209.50.214:1194
Jun 2 14:03:22 localhost openvpn[1158]: SENT CONTROL [tunnelr.com]: 'PUSH_REQUEST' (status=1)
Jun 2 14:03:22 localhost openvpn[1158]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DOMAIN zurich.tunnelr.com,dhcp-option DNS 10.0.8.1,redirect-gateway def1,route 10.0.8.1,topology net30,ping 10,ping-restart 90,ifconfig 10.0.15.209 10.0.15.210'
Jun 2 14:03:22 localhost openvpn[1158]: OPTIONS IMPORT: timers and/or timeouts modified
Jun 2 14:03:22 localhost openvpn[1158]: OPTIONS IMPORT: --ifconfig/up options modified
Jun 2 14:03:22 localhost openvpn[1158]: OPTIONS IMPORT: route options modified
Jun 2 14:03:22 localhost openvpn[1158]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jun 2 14:03:22 localhost openvpn[1158]: ROUTE default_gateway=192.168.0.1
Jun 2 14:03:22 localhost openvpn[1158]: TUN/TAP device tun0 opened
Jun 2 14:03:22 localhost openvpn[1158]: TUN/TAP TX queue length set to 100
Jun 2 14:03:22 localhost openvpn[1158]: /usr/sbin/ip link set dev tun0 up mtu 1500
Jun 2 14:03:22 localhost openvpn[1158]: /usr/sbin/ip addr add dev tun0 local 10.0.15.209 peer 10.0.15.210
Jun 2 14:03:22 localhost openvpn[1158]: /usr/sbin/ip route add 178.209.50.214/32 via 192.168.0.1
Jun 2 14:03:22 localhost openvpn[1158]: /usr/sbin/ip route add 0.0.0.0/1 via 10.0.15.210
Jun 2 14:03:22 localhost openvpn[1158]: /usr/sbin/ip route add 128.0.0.0/1 via 10.0.15.210
Jun 2 14:03:22 localhost openvpn[1158]: /usr/sbin/ip route add 10.0.8.1/32 via 10.0.15.210
Jun 2 14:03:22 localhost openvpn[1158]: Initialization Sequence Completed