Michael, Can your IBC_Office reach the AstLinux web interface at 172.30.253.1 ?
If not, possibly the ERX is blocking it ? Lonnie On May 25, 2017, at 6:45 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: > Hi Lonnie > > I don't need to push any routes to the client though. > 172.16.16.0/24 is at IBC_Office but the server is routing this to > 172.30.253.2 (A Yealink phone) rather than 172.30.253.6. > So Im wondering how you set the routing to be correct? > > PS. I always use 172.30 as it is rarely used by customers so no overlap when > I install a new system. > > Regards > Michael Knill > > -----Original Message----- > From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> > Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> > Date: Friday, 26 May 2017 at 9:38 am > To: AstLinux List <astlinux-users@lists.sourceforge.net> > Subject: Re: [Astlinux-users] Problems with HTTPS over OpenVPN to Astlinux > > Michael, > > The ccd "iroute" and raw "route" are the remote (ERX) subnets. IBC_Office ? > Looks correct. > > In order for your ERX to have a route to an AstLinux subnet you need to > "push" 'route ...' so the client adds routes over the VPN. > > Though your VPN clients should be able to see the AstLinux web interface at > 172.30.253.1 it would seem. > > Looks like you have it working, possibly lacking pushing routes to the > clients. > > You know about the 10.0.0.0/8 private networks, they are there to use :-) > > Lonnie > > > On May 25, 2017, at 6:03 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > >> Hi Lonnie >> Yes sorry for the ambiguity. >> >> 1) Yes >> 2) No Im trying to connect to the Astlinux Web GUI on the OpenVPN server >> interface e.g. .1 of the subnet. Im actually not routing any traffic to any >> other subnets as its just used for telephony access. >> >> Ok I think I have found the problem but I don't know why its happening. >> There are multiple clients connected to this server. For some reason the >> route is pointing to the first client connected. Is this what iroute is >> meant to sort out? Im not actually sure why it works at all! >> >> OpenVPN Server Status: >> Common Name Real Address Virtual Address Bytes Received Bytes Sent >> Connected Since >> 001565AC4CB9 124.171.108.172:50893 172.30.253.4 4008 4947 Fri May >> 26 08:48:37 2017 >> 001565859116 124.171.108.172:39331 172.30.253.2 4024 4883 Fri May >> 26 08:48:35 2017 >> IBC_Office 115.187.181.61:49708 172.30.253.6 6384 7090 Fri May >> 26 08:48:34 2017 >> >> 1222-IBC-APP1 kd # ip route >> default via 103.241.6.1 dev eth0 >> 103.241.6.0/24 dev eth0 proto kernel scope link src 103.241.6.47 >> 172.16.16.0/24 via 172.30.253.2 dev tun0 >> 172.30.253.0/24 dev tun0 proto kernel scope link src 172.30.253.1 >> >> 172.16.16.0/24 is the subnet in IBC_Office. >> >> My raw commands are: >> ifconfig-pool-linear >> client-to-client >> client-config-dir /mnt/kd/openvpn/ccd >> route 172.16.16.0 255.255.255.0 >> >> 1222-IBC-APP1 kd # ls -l /mnt/kd/openvpn/ccd >> -rwxrwxrwx 1 root root 33 Apr 25 16:54 IBC_Office >> 1222-IBC-APP1 kd # cat /mnt/kd/openvpn/ccd/IBC_Office >> iroute 172.16.16.0 255.255.255.0 >> 1222-IBC-APP1 kd # >> >> How should I fix this? >> >> Regards >> Michael Knill >> >> -----Original Message----- >> From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> >> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> >> Date: Thursday, 25 May 2017 at 10:04 pm >> To: AstLinux List <astlinux-users@lists.sourceforge.net> >> Subject: Re: [Astlinux-users] Problems with HTTPS over OpenVPN to Astlinux >> >> Hi Michael, >> >> To be clear, are we talking about ... >> >> 1) Ubiquiti ERX OpenVPN client to AstLinux OpenVPN server >> >> 2) Ubiquiti ERX HTTPS outbound traffic is dropped >> >> Correct ? >> >> Is #2 to any destination ? >> >> Are you routing all ERX traffic over the VPN, or just selective pushed >> routes ? >> >> Use "curl -LI ..." as a handy tool to follow redirects for HTTPS/HTTP client >> requests. >> >> My first gues is the Ubiquiti ERX HTTPS has a firewall rule blocking HTTPS, >> or routing it where you don't expect. >> >> Lonnie >> >> >> >> On May 25, 2017, at 1:28 AM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >>> Hi all >>> >>> I have an Ubiquiti ERX router connected to an Astlinux server using Open >>> VPN. It works great by the way however I am unable to use HTTPS. HTTP is ok. >>> Is this because its trying to use SSL over SSL? I wouldn’t have thought it >>> mattered! Its using the standard port of 1194. >>> >>> Regards >>> Michael Knill >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
