OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

dead local network

https://forums.openvpn.net/viewtopic.php?t=11301

Page 1 of 1

dead local network

Posted: Sat Sep 15, 2012 2:04 pm
by cocoh
Bonjour
J ai installé sur un routeur a base de linux Openvpn (client,tap) . Le tunnel s'"etablr correctement avec un serveur vpn distant (vpntunnel.se)

Le probleme est le suivant :

De l'extérieur les connections vers mon routeur qui sont dirigée vers mon réseau local (192.168.5.0 255.255.255.0) ne fonctionnent plus.

Il suffit de faire un killall openvpn et tout remarche (sauf le tunnel bien sur)
QQ a une idée ou mieux une solution?

Merci

Re: dead local network

Posted: Mon Sep 17, 2012 9:40 am
by maikcat
please write in english so members that dont speak french may assist you..


ps:google translate is an option for us,but i guess it is also for you ;)

Michael.

Re: dead local network

Posted: Mon Oct 01, 2012 8:26 am
by cocoh
Hello
I have installed a linux based router Openvpn (client). The tunnel s "etablr properly with remote vpn server (vpntunnel.se)

The problem is as follows:

Outside connections to my router are directed to my local network (192.168.5.0 255.255.255.0) no longer work.

Just do a killall openvpn and everything works again (except of course the tunnel)
QQ has a better idea or a solution?

thank you

Re: dead local network

Posted: Mon Oct 01, 2012 9:09 am
by cocoh
~
~
~
~
~
~
~
Le fichier hma.conf :

remote 46.19.136.130 443
client
dev tun
proto tcp
script-security 2
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/hma/ca.crt
cert /tmp/hma/cl.crt
ns-cert-type server
key /tmp/hma/cl.key
auth-user-pass /tmp/hma/user.txt
log /tmp/hma/hma.log
verb 2
management 127.0.0.1 5001


Le fichier up.sh
iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE


Le fichier dn.sh
iptables -D POSTROUTING -t nat -o tun0 -j MASQUERADE



La commande :

openvpn --config /tmp/hma/hma.conf --routr-up /tmp/hma/up.sh --route-down /tmp/hma/dn.sh --daemon




Le fichier hma.log


root@DD-WRT:~# cd /tmp/hma
root@DD-WRT:/tmp/hma# vi hma.log
Mon Oct 1 10:20:56 2012 OpenVPN 2.1_rc20 mipsel-unknown-linux-gnu [SSL] [LZO1]
Mon Oct 1 10:20:56 2012 MANAGEMENT: Socket bind failed on local address 127.0.0
Mon Oct 1 10:20:56 2012 Exiting
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
Mon Oct 1 10:20:57 2012 /sbin/ifconfig tun0 31.7.57.145 netmask 255.255.255.192
Mon Oct 1 10:20:57 2012 Initialization Sequence Completed


le print route :


Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
46.19.136.130 livebox.home 255.255.255.255 UGH 0 0 0 vlan1
31.7.57.128 * 255.255.255.192 U 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan1
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 31.7.57.130 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 31.7.57.130 128.0.0.0 UG 0 0 0 tun0
default livebox.home 0.0.0.0 UG 0 0 0 vlan1


et iptables _L -v -n

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
35029 13M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP udp -- vlan1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 logaccept tcp -- * * 0.0.0.0/0 192.168.5.1 tcp dpt:80
3 168 DROP icmp -- vlan1 * 0.0.0.0/0 0.0.0.0/0
158 5056 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
1 70 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
439 38625 logaccept 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
76531 4091K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 47 -- * vlan1 192.168.5.0/24 0.0.0.0/0
0 0 ACCEPT tcp -- * vlan1 192.168.5.0/24 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
5496 285K TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
24108 7195K lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
19952 6954K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.122 tcp dpt:21
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.5.122 udp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.115 tcp dpt:80
0 0 TRIGGER 0 -- vlan1 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
4153 241K trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
4153 241K ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
3 226 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 34672 packets, 4954K bytes)
pkts bytes target prot opt in out source destination

Chain advgrp_1 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_10 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_2 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_3 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_4 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_5 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_6 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_7 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_8 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_9 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_1 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_10 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_2 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_3 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_4 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_5 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_6 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_7 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_8 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_9 (0 references)
pkts bytes target prot opt in out source destination

Chain lan2wan (1 references)
pkts bytes target prot opt in out source destination

Chain logaccept (2 references)
pkts bytes target prot opt in out source destination
439 38625 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp reject-with tcp-reset

Chain trigger_out (1 references)
pkts bytes target prot opt in out source destination
root@DD-WRT:/tmp/hma#

Re: dead local network

Posted: Mon Oct 01, 2012 4:10 pm
by cocoh
hello

openvpn installed on linux router (dd-wrt) and tunnel established with the remote server correctly (vpntunnel.se)

problem:

access to the lan does not work anymore lorqu'on called router from the wan

killall openvpn and then it works again

what is the solution?

thank you

Jacques


The file hma.conf :

remote 46.19.136.130 443
client
dev tun
proto tcp
script-security 2
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/hma/ca.crt
cert /tmp/hma/cl.crt
ns-cert-type server
key /tmp/hma/cl.key
auth-user-pass /tmp/hma/user.txt
log /tmp/hma/hma.log
verb 2
management 127.0.0.1 5001


The file up.sh
iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE


The file dn.sh
iptables -D POSTROUTING -t nat -o tun0 -j MASQUERADE



The command :

openvpn --config /tmp/hma/hma.conf --routr-up /tmp/hma/up.sh --route-down /tmp/hma/dn.sh --daemon




The file hma.log


root@DD-WRT:~# cd /tmp/hma
root@DD-WRT:/tmp/hma# vi hma.log
Mon Oct 1 10:20:56 2012 OpenVPN 2.1_rc20 mipsel-unknown-linux-gnu [SSL] [LZO1]
Mon Oct 1 10:20:56 2012 MANAGEMENT: Socket bind failed on local address 127.0.0
Mon Oct 1 10:20:56 2012 Exiting
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
Mon Oct 1 10:20:57 2012 /sbin/ifconfig tun0 31.7.57.145 netmask 255.255.255.192
Mon Oct 1 10:20:57 2012 Initialization Sequence Completed


The print route :


Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
46.19.136.130 livebox.home 255.255.255.255 UGH 0 0 0 vlan1
31.7.57.128 * 255.255.255.192 U 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan1
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 31.7.57.130 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 31.7.57.130 128.0.0.0 UG 0 0 0 tun0
default livebox.home 0.0.0.0 UG 0 0 0 vlan1


And iptables -L -v -n

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
35029 13M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP udp -- vlan1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 logaccept tcp -- * * 0.0.0.0/0 192.168.5.1 tcp dpt:80
3 168 DROP icmp -- vlan1 * 0.0.0.0/0 0.0.0.0/0
158 5056 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
1 70 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
439 38625 logaccept 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
76531 4091K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 47 -- * vlan1 192.168.5.0/24 0.0.0.0/0
0 0 ACCEPT tcp -- * vlan1 192.168.5.0/24 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
5496 285K TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
24108 7195K lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
19952 6954K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.122 tcp dpt:21
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.5.122 udp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.115 tcp dpt:80
0 0 TRIGGER 0 -- vlan1 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
4153 241K trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
4153 241K ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
3 226 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 34672 packets, 4954K bytes)
pkts bytes target prot opt in out source destination

Chain advgrp_1 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_10 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_2 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_3 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_4 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_5 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_6 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_7 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_8 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_9 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_1 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_10 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_2 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_3 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_4 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_5 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_6 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_7 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_8 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_9 (0 references)
pkts bytes target prot opt in out source destination

Chain lan2wan (1 references)
pkts bytes target prot opt in out source destination

Chain logaccept (2 references)
pkts bytes target prot opt in out source destination
439 38625 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp reject-with tcp-reset

Chain trigger_out (1 references)
pkts bytes target prot opt in out source destination
root@DD-WRT:/tmp/hma#
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/