Openvpn on a public gateway.
Posted: Sun Dec 19, 2010 1:42 am
Hi there i've been trying for a while now to get openvpn going on my server.
I can always connect from my client successfully but this is as far as it goes:
I've managed to ping the tap interface on the server from client if i assign it a ip in the same subnet but that's pretty much it.
My server has no private lan ips and only one interface (eth0).
The gateway is on a public ip and i have 5 public ip addresses. (one not used yet)
I've managed to bring up a bridged interface and keep my ips usable.
This is my current ifconfig:
Note i'm not too sure about 10.0.0.1 i thought i'd add it so i have a private range in the route and something to ping from the client.
and route (this is before and after openvpn server is started):
my openvpn config:
Route on my client after openvpn client is started and link established:
192.168.254.1 is my local router that accesses the internet. It forwards traffic from the two ports to 192.168.254.8 (the client). This is how i can ssh from my local work computer (win7) through local router.
Also what i find odd on the server for eth0 and tap0 they have the same ipv6 entry as the br0 interface and no 0.0.0.0
I have ipv4 forwarding on both server and client enabled. On the server i can't ping 10.0.0.201 either.
Also i'd like to have some local computers be able to connect to the client and hop on the vpn connection to be able to access the server and also out to the internet via the vpn too.
A tcpdump shows traffic between each other and communicates mac addresses of interfaces.
What am i missing ?
Any help would be appreciated.
Thanx,
Carl
I can always connect from my client successfully but this is as far as it goes:
I've managed to ping the tap interface on the server from client if i assign it a ip in the same subnet but that's pretty much it.
My server has no private lan ips and only one interface (eth0).
The gateway is on a public ip and i have 5 public ip addresses. (one not used yet)
I've managed to bring up a bridged interface and keep my ips usable.
This is my current ifconfig:
Code: Select all
auto br0
iface br0 inet static
address xx.94.xx.202
netmask 255.255.255.248
gateway xx.94.xx.201
network xx.94.xx.201
broadcast xx.94.xx.207
bridge_ports eth0 tap0
bridge_stp off
bridge_maxwait 5
pre-up openvpn --mktun --dev tap0
post-up ifconfig br0:0 xx.94.xx.203 netmask 255.255.255.248 broadcast xx.94.xx.207
post-up ifconfig br0:1 xx.94.xx.204 netmask 255.255.255.248 broadcast xx.94.xx.207
post-up ifconfig br0:2 xx.94.xx.205 netmask 255.255.255.248 broadcast xx.94.xx.207
post-up ifconfig br0:3 xx.94.xx.206 netmask 255.255.255.248 broadcast xx.94.xx.207
post-up ifconfig br0:6 10.0.0.1 promisc up
post-up ifconfig tap0 0.0.0.0 promisc up
post-up ifconfig eth0 0.0.0.0 promisc up
and route (this is before and after openvpn server is started):
Code: Select all
Destination Gateway Genmask Flags Metric Ref Use Iface
xx.94.xx.200 * 255.255.255.248 U 0 0 0 br0
10.0.0.0 * 255.0.0.0 U 0 0 0 br0
default m001.terinmanic 0.0.0.0 UG 0 0 0 br0
Code: Select all
rport 30989
lport 40989
proto udp
dev tap0
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server-bridge 10.0.0.201 255.255.255.0 10.0.0.205 10.0.0.210
push "route 10.0.0.0 255.255.255.0"
tls-auth /etc/openvpn/ta.key 0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group users
persist-key
persist-tun
cipher AES-256-CBC
status openvpn-status.log
verb 5
client-to-client
Code: Select all
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 10.0.0.201 255.255.255.0 UG 0 0 0 tap0
10.0.0.0 * 255.255.255.0 U 0 0 0 tap0
localnet * 255.255.255.0 U 0 0 0 eth0
default 192.168.254.1 0.0.0.0 UG 0 0 0 eth0
192.168.254.1 is my local router that accesses the internet. It forwards traffic from the two ports to 192.168.254.8 (the client). This is how i can ssh from my local work computer (win7) through local router.
Also what i find odd on the server for eth0 and tap0 they have the same ipv6 entry as the br0 interface and no 0.0.0.0
I have ipv4 forwarding on both server and client enabled. On the server i can't ping 10.0.0.201 either.
Also i'd like to have some local computers be able to connect to the client and hop on the vpn connection to be able to access the server and also out to the internet via the vpn too.
A tcpdump shows traffic between each other and communicates mac addresses of interfaces.
What am i missing ?
Any help would be appreciated.
Thanx,
Carl