Page 1 of 1
All Clients Showing the Same IP Address
Posted: Mon Apr 04, 2016 9:52 pm
by ynagy
I just wondering if someone can help and I apologies if I posted on the wrong place.
I have OpenVPN working great for the last number of months with no single issue. I have configured the OpenVPN server as a routed configuration connected to 3 branches for varies usage and IP phones. It seems everything working fine but the issue now on the PBX all connection showing from the same IP address which is the OpenVPN server.
The question, how can I show the branches IP addresses instead of the OpenVPN server?
Re: All Clients Showing the Same IP Address
Posted: Tue Apr 05, 2016 10:40 am
by ynagy
Shall I change the configuration from routed to bridging configuration?
Re: All Clients Showing the Same IP Address
Posted: Tue Apr 05, 2016 11:06 am
by Traffic
Please see the Forum rules (top of page)
Re: All Clients Showing the Same IP Address
Posted: Tue Apr 05, 2016 12:26 pm
by ynagy
Sorry I forget to include server and client configuration with the initial post.
Server configuration:
Code: Select all
local 172.16.71.202
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/OpenVPN-Server.crt
key /etc/openvpn/easy-rsa/keys/OpenVPN-Server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 172.16.171.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 172.16.71.0 255.255.255.0"
push "route 172.16.171.0 255.255.255.0"
push "route 172.16.172.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS xxx.xxx.xxx.xxx"
push "dhcp-option DNS xxx.xxx.xxx.xxx"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/serverUDP1194-status.log 20
log-append /var/log/openvpn/serverUDP1194.log
verb 1
push "explicit-exit-notify 3"
Client Configuration:
Code: Select all
client
dev tun
proto udp
remote openvpn.mydomain.com 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
Re: All Clients Showing the Same IP Address
Posted: Tue Apr 05, 2016 12:34 pm
by Traffic
Have you enabled iptables NAT on your server ?
Re: All Clients Showing the Same IP Address
Posted: Tue Apr 05, 2016 1:57 pm
by ynagy
Yes, I have enabled the net.ipv4.ip_forward=1 on /etc/sysctl.conf
I also created a script with the following:
Code: Select all
#!/bin/sh
iptables -t nat -A POSTROUTING -s 172.16.171.0/24 -o eth0 -j SNAT --to-source 172.16.71.202
iptables -t nat -A POSTROUTING -s 172.16.172.0/24 -o eth0 -j SNAT --to-source 172.16.71.202
to run in /etc/network/interfaces
Code: Select all
auto eth0
allow-hotplug eth0
iface eth0 inet static
pre-up /etc/firewall-openvpn-rules.sh
address 172.16.71.202
netmask 255.255.255.0
network 172.16.71.0
broadcast 172.16.71.255
gateway 172.16.71.1
Is this what do you you mean? or you mean something different? Am I missing anything?
Re: All Clients Showing the Same IP Address
Posted: Tue Apr 05, 2016 2:23 pm
by Traffic
This is NAT (Read about it):
ynagy wrote:Code: Select all
#!/bin/sh
iptables -t nat -A POSTROUTING -s 172.16.171.0/24 -o eth0 -j SNAT --to-source 172.16.71.202
iptables -t nat -A POSTROUTING -s 172.16.172.0/24 -o eth0 -j SNAT --to-source 172.16.71.202
It is also the reason all your clients appear to be the server.
You must configure a fully routed network .. This is the openvpn HOWTO:
HOWTO: Expanding the scope of the VPN to include additional machines
Re: All Clients Showing the Same IP Address
Posted: Tue Apr 05, 2016 2:39 pm
by ynagy
Thank you so much for the quick reply but I am not that technical person ... I am covering additional role added to me since they fired the network guy.
Would you mind to explain a bit more in what I should do ...
Re: All Clients Showing the Same IP Address
Posted: Tue Apr 05, 2016 7:47 pm
by Traffic
If you give me remote access I can do it for you .. for a fee.
Re: All Clients Showing the Same IP Address
Posted: Tue Apr 05, 2016 11:13 pm
by ynagy
How much would you charge? and how long do you need?
Re: All Clients Showing the Same IP Address
Posted: Tue Apr 05, 2016 11:35 pm
by Traffic
See my profile
Re: All Clients Showing the Same IP Address
Posted: Wed Apr 06, 2016 5:40 pm
by ynagy
I have applied the changes as per your recommendation with no luck ... All clients still showing the server "OpenVPN" IP address. Would could be other suggestion(s)?
Re: All Clients Showing the Same IP Address
Posted: Tue May 12, 2020 8:22 pm
by DemonRok
Traffic wrote: ↑Tue Apr 05, 2016 7:47 pm
If you give me remote access I can do it for you .. for a fee.
Can you share the solution, i'have the same problem.
Thanks!
Re: All Clients Showing the Same IP Address
Posted: Tue May 12, 2020 8:41 pm
by TinCanTech
DemonRok wrote: ↑Tue May 12, 2020 8:22 pm
Can you share the solution
See
posting.php?mode=reply&f=4&t=21452#pr60564