Michael, The ccd "iroute" and raw "route" are the remote (ERX) subnets. IBC_Office ? Looks correct.
In order for your ERX to have a route to an AstLinux subnet you need to "push" 'route ...' so the client adds routes over the VPN. Though your VPN clients should be able to see the AstLinux web interface at 172.30.253.1 it would seem. Looks like you have it working, possibly lacking pushing routes to the clients. You know about the 10.0.0.0/8 private networks, they are there to use :-) Lonnie On May 25, 2017, at 6:03 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: > Hi Lonnie > Yes sorry for the ambiguity. > > 1) Yes > 2) No Im trying to connect to the Astlinux Web GUI on the OpenVPN server > interface e.g. .1 of the subnet. Im actually not routing any traffic to any > other subnets as its just used for telephony access. > > Ok I think I have found the problem but I don't know why its happening. There > are multiple clients connected to this server. For some reason the route is > pointing to the first client connected. Is this what iroute is meant to sort > out? Im not actually sure why it works at all! > > OpenVPN Server Status: > Common Name Real Address Virtual Address Bytes Received Bytes Sent > Connected Since > 001565AC4CB9 124.171.108.172:50893 172.30.253.4 4008 4947 Fri May > 26 08:48:37 2017 > 001565859116 124.171.108.172:39331 172.30.253.2 4024 4883 Fri May > 26 08:48:35 2017 > IBC_Office 115.187.181.61:49708 172.30.253.6 6384 7090 Fri May > 26 08:48:34 2017 > > 1222-IBC-APP1 kd # ip route > default via 103.241.6.1 dev eth0 > 103.241.6.0/24 dev eth0 proto kernel scope link src 103.241.6.47 > 172.16.16.0/24 via 172.30.253.2 dev tun0 > 172.30.253.0/24 dev tun0 proto kernel scope link src 172.30.253.1 > > 172.16.16.0/24 is the subnet in IBC_Office. > > My raw commands are: > ifconfig-pool-linear > client-to-client > client-config-dir /mnt/kd/openvpn/ccd > route 172.16.16.0 255.255.255.0 > > 1222-IBC-APP1 kd # ls -l /mnt/kd/openvpn/ccd > -rwxrwxrwx 1 root root 33 Apr 25 16:54 IBC_Office > 1222-IBC-APP1 kd # cat /mnt/kd/openvpn/ccd/IBC_Office > iroute 172.16.16.0 255.255.255.0 > 1222-IBC-APP1 kd # > > How should I fix this? > > Regards > Michael Knill > > -----Original Message----- > From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> > Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> > Date: Thursday, 25 May 2017 at 10:04 pm > To: AstLinux List <astlinux-users@lists.sourceforge.net> > Subject: Re: [Astlinux-users] Problems with HTTPS over OpenVPN to Astlinux > > Hi Michael, > > To be clear, are we talking about ... > > 1) Ubiquiti ERX OpenVPN client to AstLinux OpenVPN server > > 2) Ubiquiti ERX HTTPS outbound traffic is dropped > > Correct ? > > Is #2 to any destination ? > > Are you routing all ERX traffic over the VPN, or just selective pushed routes > ? > > Use "curl -LI ..." as a handy tool to follow redirects for HTTPS/HTTP client > requests. > > My first gues is the Ubiquiti ERX HTTPS has a firewall rule blocking HTTPS, > or routing it where you don't expect. > > Lonnie > > > > On May 25, 2017, at 1:28 AM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > >> Hi all >> >> I have an Ubiquiti ERX router connected to an Astlinux server using Open >> VPN. It works great by the way however I am unable to use HTTPS. HTTP is ok. >> Is this because its trying to use SSL over SSL? I wouldn’t have thought it >> mattered! Its using the standard port of 1194. >> >> Regards >> Michael Knill > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
