Problem connecting to remote VLAN over VPN

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
toothless92
OpenVpn Newbie
Posts: 6
Joined: Wed Apr 20, 2022 11:19 pm

Problem connecting to remote VLAN over VPN

Post by toothless92 » Wed Apr 20, 2022 11:33 pm

Hello, I am trying to set up a vpn to connect to a VLAN behind my server, and I'm getting a "TLS Error: TLS handshake failed" on the client. Any tips on where to start looking are appreciated. I am very much out of my depth.

I am trying to connect to the server over the 10.249.2.0 network to access the 172.20.0.0 network, which is on a vlan interface (vlan.3072) on the server.

I used a TAP connection and had this working on a machine with normal physical interfaces. But now, the subnet I want is on a vlan, and I 'm not sure what to do. The server starts, but the client is stuck on "TLS Error: TLS handshake failed".

I followed this guide to set up the server and client: https://www.webservertalk.com/setup-openvpn-ubuntu-18-04/[/url]

I followed this guide to set up a bridge between tap0 and enp3s0, which is the physical port for the 172.20.0.0 network: https://openvpn.net/community-resources ... -bridging/. When I tried setting up the bridge with vlan.3072, I got an error saying that vlan.3072 is already a member of a bridge.

Thank you for reading


server.conf:

Code: Select all

port 11940
proto udp
dev tap0
ca ca.crt
cert server.crt
key server.key
ifconfig-pool-persist /var/log/openvpn/ipp.txt
server-bridge 172.20.0.101 255.255.255.0 172.20.0.200 172.20.0.240
push "route 172.20.0.0 255.255.255.0"
keepalive 10 120
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1
tls-auth ta.key 0
key-direction 0
cipher AES-256-CBC
auth SHA256
dh dh.pem
user nobody
group nogroup
cert server.crt
key server.key

client.ovpn:

Code: Select all

client
dev tap
proto udp
remote 10.249.2.93 11940
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
key-direction 1
script-security 2
verb 3
...And then all the certificate stuff


ifconfig:

Code: Select all

br0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.20.0.100 netmask 255.255.255.0 broadcast 172.20.0.255
ether ce:29:ec:a7:6e:7e txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:60ff:fe8c:45de prefixlen 64 scopeid 0x20<link>
ether 02:42:60:8c:45:de txqueuelen 0 (Ethernet)
RX packets 66 bytes 9462 (9.4 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 161 bytes 18312 (18.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.249.2.93 netmask 255.255.240.0 broadcast 10.249.15.255
inet6 fe80::c600:adff:fe94:e303 prefixlen 64 scopeid 0x20<link>
ether c4:00:ad:94:e3:03 txqueuelen 1000 (Ethernet)
RX packets 134706 bytes 162458875 (162.4 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 83423 bytes 8194666 (8.1 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0xb2500000-b2520000

enp1s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 08:5a:11:33:e8:00 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp3s0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 fe80::a5a:11ff:fe33:e6e3 prefixlen 64 scopeid 0x20<link>
ether 08:5a:11:33:e6:e3 txqueuelen 1000 (Ethernet)
RX packets 2025124 bytes 1174049068 (1.1 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2181149 bytes 1476347843 (1.4 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

kube-bridge: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1480
inet 10.244.0.1 netmask 255.255.255.0 broadcast 10.244.0.255
inet6 fe80::841:c2ff:fed1:3642 prefixlen 64 scopeid 0x20<link>
ether 0a:41:c2:d1:36:42 txqueuelen 1000 (Ethernet)
RX packets 417401 bytes 46152527 (46.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 441740 bytes 73852319 (73.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1447078 bytes 501215177 (501.2 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1447078 bytes 501215177 (501.2 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tap0: flags=4355<UP,BROADCAST,PROMISC,MULTICAST> mtu 1500
ether ce:29:ec:a7:6e:7e txqueuelen 100 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth83317517: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1480
inet6 fe80::d4c3:65ff:fe76:7592 prefixlen 64 scopeid 0x20<link>
ether d6:c3:65:76:75:92 txqueuelen 0 (Ethernet)
RX packets 4631 bytes 1270872 (1.2 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5057 bytes 610368 (610.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
...many more veth interfaces removed for clarity...

Code: Select all

vlan.2560: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.19.0.1 netmask 255.255.128.0 broadcast 172.19.127.255
inet6 fe80::a5a:11ff:fe33:e6e3 prefixlen 64 scopeid 0x20<link>
ether 08:5a:11:33:e6:e3 txqueuelen 1000 (Ethernet)
RX packets 11528 bytes 4109856 (4.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 82 bytes 8598 (8.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vlan.2816: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.19.130.100 netmask 255.255.255.0 broadcast 172.19.130.255
inet6 fe80::a5a:11ff:fe33:e6e3 prefixlen 64 scopeid 0x20<link>
ether 08:5a:11:33:e6:e3 txqueuelen 1000 (Ethernet)
RX packets 277750 bytes 14693124 (14.6 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 271600 bytes 25463101 (25.4 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vlan.3072: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 fe80::a5a:11ff:fe33:e6e3 prefixlen 64 scopeid 0x20<link>
inet6 fe80::a5a:11ff:fe33:e6e3 prefixlen 64 scopeid 0x20<link>
ether 08:5a:11:33:e6:e3 txqueuelen 1000 (Ethernet)
RX packets 1729411 bytes 1126454289 (1.1 GB)
RX errors 0 dropped 488 overruns 0 frame 0
TX packets 1909166 bytes 1450838414 (1.4 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

existing bridges:

Code: Select all

$ brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.0242608c45de       no              veth1b8abb2
kube-bridge             8000.0a41c2d13642       no              veth043e8970
                                                        veth189e5904
                                                        veth21826f2e
                                                        veth2fad8721
                                                        veth39f94fec
                                                        veth485131d1
                                                        veth5c289d5b
                                                        
                                                        [a bunch more veth interfaces]
Top
toothless92
OpenVpn Newbie
Posts: 6
Joined: Wed Apr 20, 2022 11:19 pm

Re: Problem connecting to remote VLAN over VPN

Post by toothless92 » Thu Apr 21, 2022 6:58 pm

I found that this was caused by ports other than 1194 not working on my connection to the server. I posted a new question for a my updated problem.
Top
Post Reply

Return to “Server Administration”