Page 1 of 1
tap0 bridged vpn unable to reach clients behind server
Posted: Wed Jul 06, 2011 8:38 am
by gabriel403
Hi guys, I've installed openvpn successfully with a tap0 bridged setup, when a client connects I can see the openvpn server, but I'm unable to see any of the machines behind that server. I can ssh into the server and from there ssh into the further machines, but this is less than ideal as I can't remote desktop to the windows machines that are behind the server either.
SERVER CONFIG
Code: Select all
root@blackice:/etc/openvpn# cat server.conf
;local 6.6.6.30
dev tap0
script-security 2
persist-key
persist-tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server-bridge 6.6.6.30 255.255.255.0 6.6.6.150 6.6.6.200
;push "route 6.6.6.0 255.255.255.0"
;push "dhcp-option DNS 194.168.4.100"
;push "dhcp-option DOMAIN domain.co.uk"
;user nobody
;group nogroup
keepalive 10 120
status openvpn-status.log
log openvpn.log
verb 3
;client-to-client
up "/etc/openvpn/up.sh br0 tap0 1500"
down "/etc/openvpn/down.sh br0 tap0"
comp-lzo
duplicate-cn
ifconfig-pool-persist ipp.txt
Code: Select all
root@blackice:/etc/openvpn# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo br0
iface lo inet loopback
iface br0 inet static
address 6.6.6.30
netmask 255.255.255.0
broadcast 6.6.6.255
gateway 6.6.6.1
bridge_ports eth0
iface eth0 inet manual
# up ip link set $IFACE up promisc on
# down ip link set $IFACE down promisc off
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
Code: Select all
root@blackice:/etc/openvpn# ifconfig
br0 Link encap:Ethernet HWaddr 00:15:5d:06:14:00
inet addr:6.6.6.30 Bcast:6.6.6.255 Mask:255.255.255.0
inet6 addr: fe80::215:5dff:fe06:1400/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11649 errors:0 dropped:0 overruns:0 frame:0
TX packets:1931 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1459472 (1.4 MB) TX bytes:302983 (302.9 KB)
eth0 Link encap:Ethernet HWaddr 00:15:5d:06:14:00
inet6 addr: fe80::215:5dff:fe06:1400/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25039 errors:0 dropped:0 overruns:0 frame:0
TX packets:10987 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3934869 (3.9 MB) TX bytes:876468 (876.4 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tap0 Link encap:Ethernet HWaddr 22:53:58:c3:34:f0
inet6 addr: fe80::2053:58ff:fec3:34f0/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1135 errors:0 dropped:0 overruns:0 frame:0
TX packets:141 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:88817 (88.8 KB) TX bytes:20848 (20.8 KB)
Code: Select all
root@blackice:/etc/openvpn# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
6.6.6.0 * 255.255.255.0 U 0 0 0 br0
default 6.6.6.1 0.0.0.0 UG 100 0 0 br0
root@blackice:/etc/openvpn#
Code: Select all
root@blackice:/etc/openvpn# nmap -sP 6.6.6.0/24
Starting Nmap 5.21 ( http://nmap.org ) at 2011-07-06 09:21 BST
Nmap scan report for 6.6.6.1
Host is up (0.0082s latency).
MAC Address: C4:3D:C7:1B:35:5F (Unknown)
Nmap scan report for twoaday (6.6.6.8)
Host is up (0.00019s latency).
MAC Address: 00:15:5D:06:14:03 (Microsoft)
Nmap scan report for 6.6.6.20
Host is up (0.00015s latency).
MAC Address: 00:1F:D0:80:90:98 (Giga-byte Technology Co.)
Nmap scan report for 6.6.6.30
Host is up.
Nmap scan report for 6.6.6.150
Host is up (0.033s latency).
MAC Address: 4A:ED:B2:1F:EC:28 (Unknown)
Nmap done: 256 IP addresses (5 hosts up) scanned in 4.41 seconds
root@blackice:/etc/openvpn#
CLIENT CONFIG
Code: Select all
root@dixieflatline:/etc/openvpn# cat gabriel.conf
client
dev tap
remote re.mo.te.ip 1194
nobind
resolv-retry infinite
persist-key
persist-tun
pkcs12 gabriel.p12
proto udp
;user nobody
;group nogroup
ns-cert-type server
comp-lzo
verb 3
script-security 2
root@dixieflatline:/etc/openvpn#
Code: Select all
root@dixieflatline:/etc/openvpn# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
6.6.6.0 * 255.255.255.0 U 0 0 0 tap0
10.227.206.0 * 255.255.254.0 U 0 0 0 eth0
default ip-10-227-206-1 0.0.0.0 UG 100 0 0 eth0
Code: Select all
root@dixieflatline:/etc/openvpn# ifconfig
eth0 Link encap:Ethernet HWaddr 12:31:3c:01:cc:a6
inet addr:lo.ca.l.ip Bcast:10.227.207.255 Mask:255.255.254.0
inet6 addr: 1031::fe80:ffff:fe01:cca6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:203956 errors:0 dropped:0 overruns:0 frame:0
TX packets:222690 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:33824427 (33.8 MB) TX bytes:41414868 (41.4 MB)
Interrupt:9
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:14122 errors:0 dropped:0 overruns:0 frame:0
TX packets:14122 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1237210 (1.2 MB) TX bytes:1237210 (1.2 MB)
tap0 Link encap:Ethernet HWaddr 16:c2:b5:58:75:b8
inet addr:6.6.6.151 Bcast:6.6.6.255 Mask:255.255.255.0
inet6 addr: fe80::14c2:b5ff:fe58:75b8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:156 (156.0 B) TX bytes:468 (468.0 B)
Code: Select all
Starting Nmap 5.21 ( http://nmap.org ) at 2011-07-06 09:33 BST
Nmap scan report for 6.6.6.30
Host is up (0.024s latency).
MAC Address: 00:15:5D:06:14:00 (Microsoft)
Nmap scan report for 6.6.6.151
Host is up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 3.72 seconds
root@dixieflatline:/etc/openvpn#
So it looks to me as if the ovpn server isn't set up 100% correctly, on the router I've forwarded udp port 1194 externally to the internal ovpn machine.
Have I missed a step? From what I've read I don't need to do the push route stuff, as that should only be for routing not bridging.
Is there anywhere else I need to set something up for forwarding or bridging on the ovpn server?
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Wed Jul 06, 2011 9:01 am
by maikcat
hi there,
2 things i noticed
eth0 is NOT in promisc mode
did you enabled ip forwarding on server?
Michael.
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Wed Jul 06, 2011 9:42 am
by gabriel403
Hi maikcat, what would eth0 look like if it was in promisc mode?
I assume you're talking about on the server side.
Is there something wrong with the config in /etc/network/interfaces that would be stopping the promisc?
For the ip forwarding all I need to do is this correct?
Code: Select all
root@blackice:/etc/openvpn# echo 1 > /proc/sys/net/ipv4/ip_forward
root@blackice:/etc/openvpn# cat /proc/sys/net/ipv4/ip_forward
1
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Wed Jul 06, 2011 9:47 am
by maikcat
hi there,
ifconfig eth0 0.0.0.0 promisc up
in to your ifconfig
eth0 Link encap:Ethernet HWaddr 00:15:5d:06:14:00
inet6 addr: fe80::215:5dff:fe06:1400/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25039 errors:0 dropped:0 overruns:0 frame:0
TX packets:10987 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3934869 (3.9 MB) TX bytes:876468 (876.4 KB)
tap0 Link encap:Ethernet HWaddr 22:53:58:c3:34:f0
inet6 addr: fe80::2053:58ff:fec3:34f0/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1135 errors:0 dropped:0 overruns:0 frame:0
TX packets:141 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:88817 (88.8 KB) TX bytes:20848 (20.8 KB)
tap0 has PROMISC enabled,eth0 not...
>For the ip forwarding all I need to do is this correct?
yeap
Michael
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Wed Jul 06, 2011 10:03 am
by gabriel403
Thanks Michael, does the bridge also need promisc?
I managed to kill the server rather than the client so will have a test later, see if that helps.
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Wed Jul 06, 2011 10:10 am
by maikcat
>does the bridge also need promisc?
nope,only tap and eth needs to be in promisc mode
Michael.
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Wed Jul 06, 2011 4:26 pm
by gabriel403
Hi Michael,
this still seems to not be working :/
Code: Select all
root@blackice:~# ifconfig
br0 Link encap:Ethernet HWaddr 00:15:5d:06:14:00
inet addr:6.6.6.30 Bcast:6.6.6.255 Mask:255.255.255.0
inet6 addr: fe80::215:5dff:fe06:1400/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:24028 errors:0 dropped:0 overruns:0 frame:0
TX packets:5341 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3320897 (3.3 MB) TX bytes:703120 (703.1 KB)
eth0 Link encap:Ethernet HWaddr 00:15:5d:06:14:00
inet6 addr: fe80::215:5dff:fe06:1400/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:36293 errors:0 dropped:0 overruns:0 frame:0
TX packets:17346 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5994223 (5.9 MB) TX bytes:1540628 (1.5 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:35 errors:0 dropped:0 overruns:0 frame:0
TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6160 (6.1 KB) TX bytes:6160 (6.1 KB)
tap0 Link encap:Ethernet HWaddr 3a:5b:70:32:ab:bd
inet6 addr: fe80::385b:70ff:fe32:abbd/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:600 (600.0 B)
Code: Select all
root@blackice:~# cat /proc/sys/net/ipv4/ip_forward
1
root@blackice:~#
Code: Select all
root@dixieflatline:/etc/openvpn# nmap -sP 6.6.6.0/24
Starting Nmap 5.21 ( http://nmap.org ) at 2011-07-06 17:23 BST
Nmap scan report for 6.6.6.30
Host is up (0.029s latency).
MAC Address: 00:15:5D:06:14:00 (Microsoft)
Nmap scan report for 6.6.6.150
Host is up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 3.96 seconds
root@dixieflatline:/etc/openvpn#
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Wed Jul 06, 2011 5:42 pm
by maikcat
ok try the following
remove the br0 interface (why you have br0 btw?)
set an ip on your eth0 interface
then run the script that openvpn doc section has (which bridges tap0 and eth0)
start the service
disable any iptables you may have
try to connect an check if it works
manually steps:
iptables down and disabled
ip forwarding is enabled
openvpn --mktun --dev tap0
brctl addif br0 tap0
brctl show <-- to check interfaces,must appear tap0 & eth0
ifconfig tap0 0.0.0.0 promisc up
ifconfig eth0 0.0.0.0 promisc up
service openvpn start
the above is checked by me using centos 5.4 and openvpn 2.1.4
good luck
ps: dont remember if in client conf needs to set dev tap0 instead of dev tap...
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Thu Jul 07, 2011 7:58 am
by gabriel403
Heya, I've had a further go at setting this up last night, I've got it working with the openvpn's recommended bridge-start file and removed the bridge from the interfaces file, I have to manually put a route down on the server though, for the client to connect.
Server interfaces file:
Code: Select all
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 6.6.6.30
netmask 255.255.255.0
broadcast 6.6.6.255
gateway 6.6.6.1
Server bridge-start file (comments removed):
Code: Select all
#!/bin/bash
br="br0"
tap="tap0"
eth="eth0"
eth_ip="6.6.6.30"
eth_netmask="255.255.255.0"
eth_broadcast="6.6.6.255"
for t in $tap; do
openvpn --mktun --dev $t
done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
Server config file:
Code: Select all
root@blackice:/etc/openvpn# cat server.tap.conf
local 6.6.6.30 1194
script-security 2
proto udp
dev tap0
server-bridge 6.6.6.1 255.255.255.0 6.6.6.150 6.6.6.200
push "route 6.6.6.0 255.255.255.0"
;push "dhcp-option DNS 194.168.4.100"
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
ifconfig-pool-persist ipp.txt
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
;mute 20
ifconfig on the server
Code: Select all
root@blackice:/etc/openvpn# ifconfig
br0 Link encap:Ethernet HWaddr 00:15:5d:06:14:00
inet addr:6.6.6.30 Bcast:6.6.6.255 Mask:255.255.255.0
inet6 addr: fe80::215:5dff:fe06:1400/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16201 errors:0 dropped:0 overruns:0 frame:0
TX packets:11491 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1498000 (1.4 MB) TX bytes:1714812 (1.7 MB)
eth0 Link encap:Ethernet HWaddr 00:15:5d:06:14:00
inet6 addr: fe80::215:5dff:fe06:1400/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:27469 errors:0 dropped:0 overruns:0 frame:0
TX packets:23490 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4147551 (4.1 MB) TX bytes:2587769 (2.5 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:29 errors:0 dropped:0 overruns:0 frame:0
TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4240 (4.2 KB) TX bytes:4240 (4.2 KB)
tap0 Link encap:Ethernet HWaddr 56:50:59:ef:48:6b
inet6 addr: fe80::5450:59ff:feef:486b/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:5319 errors:0 dropped:0 overruns:0 frame:0
TX packets:3767 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:255606 (255.6 KB) TX bytes:562018 (562.0 KB)
I have to manually do this route after starting the openvpn server on the server:
The process I follow is
bridge-start
service openvpn start
route add -net 0.0.0.0 gw 6.6.6.1
Then connect from the client and try to nmap
Code: Select all
Starting Nmap 5.21 ( http://nmap.org ) at 2011-07-07 08:55 BST
Nmap scan report for 6.6.6.30
Host is up (0.025s latency).
MAC Address: 00:15:5D:06:14:00 (Microsoft)
Nmap scan report for 6.6.6.150
Host is up (0.052s latency).
MAC Address: BA:A6:AA:3F:79:30 (Unknown)
Nmap scan report for 6.6.6.151
Host is up.
Nmap done: 256 IP addresses (3 hosts up) scanned in 3.83 seconds
nmap on the server
Code: Select all
root@blackice:/etc/openvpn# nmap -sP 6.6.6.0/24
Starting Nmap 5.21 ( http://nmap.org ) at 2011-07-07 08:57 BST
Nmap scan report for 6.6.6.1
Host is up (0.0084s latency).
MAC Address: C4:3D:C7:1B:35:5F (Unknown)
Nmap scan report for 6.6.6.6
Host is up (0.089s latency).
MAC Address: 00:1F:5B:C9:A3:D0 (Apple)
Nmap scan report for twoaday (6.6.6.8)
Host is up (0.00040s latency).
MAC Address: 00:15:5D:06:14:03 (Microsoft)
Nmap scan report for 6.6.6.20
Host is up (0.00020s latency).
MAC Address: 00:1F:D0:80:90:98 (Giga-byte Technology Co.)
Nmap scan report for 6.6.6.30
Host is up.
Nmap scan report for 6.6.6.150
Host is up (0.041s latency).
MAC Address: BA:A6:AA:3F:79:30 (Unknown)
Nmap scan report for 6.6.6.151
Host is up (0.030s latency).
MAC Address: 06:1F:CD:88:46:DE (Unknown)
Nmap done: 256 IP addresses (7 hosts up) scanned in 2.68 seconds
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Thu Jul 07, 2011 8:11 am
by maikcat
hi there,
glad to worked...
>route add -net 0.0.0.0 gw 6.6.6.1
didnt had default gateway setup already?
why did you added by hand?
was it altered somehow?
Michael.
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Thu Jul 07, 2011 10:56 am
by gabriel403
Hey Michael,
it's NOT working, all I can see in the nmap is the ovpn server and the client itself, I still can't connect to the servers behind the vpn.
I don't know why I had to add it by hand, it's there normally, I start the bridge, I start ovpn and then it's not there.
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Thu Jul 07, 2011 11:07 am
by maikcat
what openvpn version your server has?
Michael.
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Thu Jul 07, 2011 1:03 pm
by maikcat
i retest my setup:
server centos 5.5 x86 + openvpn 1.1.4 (from rpmforge repo)
server.conf
proto udp
port 1194
dev tap0
ca ./keys/ca.crt
cert ./keys/vpnsrv.crt
key ./keys/vpnsrv.key
tls-auth ./keys/ta.key 0
dh ./keys/dh1024.pem
server-bridge 192.168.179.20 255.255.255.0 192.168.179.50 192.168.179.55
client-to-client
keepalive 10 60
cipher AES-256-CBC
comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status /etc/openvpn/status.log
log /etc/openvpn/openvpn.log
verb 3
tls-cipher DHE-RSA-AES256-SHA
auth SHA1
management 0.0.0.0 7505
server lan ip 192.168.179.20 (router 192.168.179.1)
used there commands from cli:
openvpn --mktun --dev tap0
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 tap0
ifconfig eth0 promisc 0.0.0.0 up
ifconfig tap0 promisc 0.0.0.0 up
ifconfig br0 192.168.179.20 netmask 255.255.255.0 broadcast 192.168.179.255 <--here i lost gateway
route add default gw 192.168.179.1
service openvpn start
cat /proc/sys/net/ipv4/conf/eth0/proxy_arp reports 0
iptables is disabled
selinux is disabled
ip forwarding is enabled
client winxp sp3 with openvpn 2.1.3
client
proto udp
keepalive 10 60
cipher AES-256-CBC
comp-lzo
verb 1
persist-key
persist-tun
dev tap
nobind
ns-cert-type server
tls-auth ta.key 1
cert test01.crt
key test01.key
ca ca.crt
remote x.x.x.x 1194
and it works!....
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Thu Jul 07, 2011 1:38 pm
by gabriel403
That looks pretty much like mine, I think my server version is 2.1 something.
Are you able to reach systems that are behind the ovpn server ok?
I'll have another look at my config this afternoon, this is very baffling :/
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Thu Jul 07, 2011 1:46 pm
by maikcat
>Are you able to reach systems that are behind the ovpn server ok?
the router (192.168.179.1) yes.
>this is very baffling :/
say that again...
Michael.
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Thu Jul 07, 2011 5:02 pm
by gabriel403
I've had another fiddle but wasn't able to get it working :/
do these routes look alright?
SERVER
Code: Select all
gabriel@blackice:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
6.6.6.0 * 255.255.255.0 U 0 0 0 br0
default 6.6.6.1 0.0.0.0 UG 0 0 0 br0
CLIENT
Code: Select all
root@dixieflatline:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
6.6.6.0 * 255.255.255.0 U 0 0 0 tap0
so.me.ip.20 * 255.255.254.0 U 0 0 0 eth0
default so.me.ip.1 0.0.0.0 UG 100 0 0 eth0
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Fri Jul 08, 2011 6:49 am
by maikcat
client (win xp)
192.168.179.0 255.255.255.0 192.168.179.50 192.168.179.50
192.168.179.50 255.255.255.255 127.0.0.1 127.0.0.1
192.168.179.255 255.255.255.255 192.168.179.50 192.168.179.50
ipconfig
Προσαρμογέας Ethernet vpn:
Επίθημα DNS συγκεκρ. σύνδεσης . :
Διεύθυνση IP. . . . . . . . . . : 192.168.179.50
Μάσκα υποδικτύου. . . . . . . . : 255.255.255.0
Προεπιλεγμένη πύλη. . . . . . . :
aarch..greek windows
server
=====
br0 Link encap:Ethernet HWaddr 00:02:44:56:34:02
inet addr:192.168.179.20 Bcast:192.168.179.255 Mask:255.255.255.0
inet6 addr: fe80::202:44ff:fe56:3402/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:902 errors:0 dropped:0 overruns:0 frame:0
TX packets:650 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:143402 (140.0 KiB) TX bytes:150368 (146.8 KiB)
eth0 Link encap:Ethernet HWaddr 00:02:44:56:34:02
inet6 addr: fe80::202:44ff:fe56:3402/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1754 errors:0 dropped:0 overruns:0 frame:0
TX packets:688 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:224997 (219.7 KiB) TX bytes:153524 (149.9 KiB)
Interrupt:11 Base address:0xc000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:573 errors:0 dropped:0 overruns:0 frame:0
TX packets:573 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:36627 (35.7 KiB) TX bytes:36627 (35.7 KiB)
tap0 Link encap:Ethernet HWaddr 36:20:4F:60:2E:D7
inet6 addr: fe80::3420:4fff:fe60:2ed7/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:68 errors:0 dropped:0 overruns:0 frame:0
TX packets:754 errors:0 dropped:2 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:8674 (8.4 KiB) TX bytes:136664 (133.4 KiB)
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.179.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
0.0.0.0 192.168.179.1 0.0.0.0 UG 0 0 0 br0
sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 4294967295
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 268435456
SELinux status: disabled
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
run out of ideas...
Michael.
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Fri Jul 08, 2011 11:29 am
by gabriel403
I think it's possibly an iptables thing on the server, if I start throwing enough rules into it it occasionally looks like it's showing some of the servers behind.
But I'm not sure exactly what to throw in there :/
Re: tap0 bridged vpn unable to reach clients behind server
Posted: Fri Jul 08, 2011 10:36 pm
by gabriel403
Hmm I kinda gave up on this, and decided to try the vhd for openvpn access server.
After a bit of fiddling this seemed to work.
Might see if I can somehow get a dump of the config settings and pump them into the normal openvpn server/client
Would be nice to be able to have more than 2 clients connected hehe.