Re: [Openvpn-users] Routing
On Mon, Dec 7, 2015 at 12:53 AM, Axel Glienke wrote: > i have a little question. > > My system: > > ip route: > 0.0.0.0/1 via 10.8.0.5 dev tun0 > default via 192.168.2.1 dev br0 proto static metric 425 > 10.8.0.1 via 10.8.0.5 dev tun0 > 10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6 > 88.198.140.127 via 192.168.2.1 dev br0 > 192.168.2.0/24 dev br0 proto kernel scope link src 192.168.2.101 > metric 425 > 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 > > > traceroute gmx.de > traceroute to gmx.de (213.165.65.60), 30 hops max, 60 byte packets > 1 Speedport.ip (192.168.2.1) 0.578 ms 0.662 ms 0.859 ms > ^C > [root@h1 ~]# traceroute spiegel.de > traceroute to spiegel.de (62.138.116.3), 30 hops max, 60 byte packets > 1 10.8.0.1 (10.8.0.1) 35.009 ms 34.982 ms 34.956 ms > ^C > > Why the routing is different, in first case over br0 in second over > the vpn device? > > Because of this route in the routing table: 0.0.0.0/1 via 10.8.0.5 dev tun0 Remove it. I want, that only traffic, incoming over tun0 routing back over tun0.Is > this possible with iptables/firewalld-cmd? > If the only traffic coming in through tun0 is from 10.8.0.1, the 2 routes to 10.8.0.x will take care of that. If there are other hosts to be reached through the tunnel, additional routes will be needed. Selva -- Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
[Openvpn-users] Routing
Hello, i have a little question. My system: ip route: 0.0.0.0/1 via 10.8.0.5 dev tun0 default via 192.168.2.1 dev br0 proto static metric 425 10.8.0.1 via 10.8.0.5 dev tun0 10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6 88.198.140.127 via 192.168.2.1 dev br0 192.168.2.0/24 dev br0 proto kernel scope link src 192.168.2.101 metric 425 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 traceroute gmx.de traceroute to gmx.de (213.165.65.60), 30 hops max, 60 byte packets 1 Speedport.ip (192.168.2.1) 0.578 ms 0.662 ms 0.859 ms ^C [root@h1 ~]# traceroute spiegel.de traceroute to spiegel.de (62.138.116.3), 30 hops max, 60 byte packets 1 10.8.0.1 (10.8.0.1) 35.009 ms 34.982 ms 34.956 ms ^C Why the routing is different, in first case over br0 in second over the vpn device? I want, that only traffic, incoming over tun0 routing back over tun0. Is this possible with iptables/firewalld-cmd? Thx. Grüße Axel -- Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] openvpn server pretends to be .254 for emulated dhcp server?
Hi, On Sun, Dec 6, 2015 at 3:16 PM, Jason Haar wrote: > On 05/12/15 15:10, Selva Nair wrote: > > OpenVPN will fail with an error saying dhcp server address conflicts > > with the client ip. > > You can change this default behaviour using "ip-win32 dynamic 0" to > > move the > > dhcp server to x.y.z.0. Then 254 will be accepted. > > We use .1 on the server, so would "ip-win32 dynamic 1" make the client > think the DHCP server was on 192.168.0.1? That would be perfect > Yes, ipconfig will then show the dhcp server address as 192.168.0.1. That option may be pushed from the server. #This defines the "dhcp" range > mode server > tls-server > push "topology subnet" > ifconfig 192.168.0.1 255.255.255.0 > ifconfig-pool 192.168.0.10 192.168.0.254 255.255.255.0 With offset 1, that should work fine. Selva -- Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] openvpn server pretends to be .254 for emulated dhcp server?
On 05/12/15 15:10, Selva Nair wrote: > OpenVPN will fail with an error saying dhcp server address conflicts > with the client ip. > You can change this default behaviour using "ip-win32 dynamic 0" to > move the > dhcp server to x.y.z.0. Then 254 will be accepted. We use .1 on the server, so would "ip-win32 dynamic 1" make the client think the DHCP server was on 192.168.0.1? That would be perfect #This defines the "dhcp" range mode server tls-server push "topology subnet" ifconfig 192.168.0.1 255.255.255.0 ifconfig-pool 192.168.0.10 192.168.0.254 255.255.255.0 -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Routing between two LAN
You _can_ push the Server LAN Route 192.168.254.0/24 from the Server to the Client. Next .. One step at a time: You must enable IP_Forwarding on both the VPN CLient and VPN Server You can then use tcpdump to follow packets across the network .. See if you can figure out the next step ;-) - Original Message - From: "Vnpenguin" To: Sent: Sunday, December 06, 2015 7:39 AM Subject: [Openvpn-users] Routing between two LAN > Hi all, > I got running OpenVPN P2P mode between 2 LAN. Here's my network: > > 192.168.254.0/24--192.168.254.4 (OpenVPN server) <=INTERNET=> 192.168.1.31 > (OpenVPN client)--192.168.1.0/24 > >>From client 192.168.1.31 I can ping anyhost of server LAN >>(192.168.254.0/24 > ). > >>From another host of client LAN, for exemple 192.168.1.32, I tried : > > ip route add 192.168.254.0/24 via 192.168.1.31 > # route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric RefUse > Iface > 0.0.0.0 192.168.1.1 0.0.0.0 UG10000 > eth0 > 192.168.1.0 0.0.0.0 255.255.255.0 U 10000 > eth0 > 192.168.254.0 192.168.1.31255.255.255.0 UG0 00 > eth0 > > But I can't ping to server LAN. > > I used OpenVPN 2.3.8 x86_64 on CentOS 6. > > Here's my server config: > > local 192.168.254.4 > port 1194 > proto udp > dev tun > mode p2p > secret server.key > ifconfig 10.100.4.1 10.100.4.2 > keepalive 10 60 > comp-lzo > ping-timer-rem > persist-tun > persist-key > user openvpn > group openvpn > daemon > status /var/run/openvpn-status.log > log-append /var/log/openvpn.log > verb 3 > mute 20 > == > > > Here's my client config: > == > remote my.remoteserver.com > port 1194 > proto udp > dev tun > mode p2p > secret server.key > ifconfig 10.100.4.2 10.100.4.1 > route 192.168.254.0 255.255.255.0 > keepalive 10 60 > comp-lzo > ping-timer-rem > persist-tun > persist-key > user openvpn > group openvpn > daemon > status /var/run/openvpn-status.log > log-append /var/log/openvpn.log > verb 3 > mute 20 > = > > Howto make anyhost of client LAN can ping to anyhost of server LAN please > ? > Any help will be appreciated. > Thank you in advance, > > -- > Vnpenguin > > -- > Go from Idea to Many App Stores Faster with Intel(R) XDK > Give your users amazing mobile app experiences with Intel(R) XDK. > Use one codebase in this all-in-one HTML5 development environment. > Design, debug & build mobile apps & 2D/3D high-impact games for multiple > OSs. > http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 > ___ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users > -- Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
[Openvpn-users] Routing between two LAN
Hi all, I got running OpenVPN P2P mode between 2 LAN. Here's my network: 192.168.254.0/24--192.168.254.4 (OpenVPN server) <=INTERNET=> 192.168.1.31 (OpenVPN client)--192.168.1.0/24 >From client 192.168.1.31 I can ping anyhost of server LAN (192.168.254.0/24 ). >From another host of client LAN, for exemple 192.168.1.32, I tried : ip route add 192.168.254.0/24 via 192.168.1.31 # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG10000 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 10000 eth0 192.168.254.0 192.168.1.31255.255.255.0 UG0 00 eth0 But I can't ping to server LAN. I used OpenVPN 2.3.8 x86_64 on CentOS 6. Here's my server config: local 192.168.254.4 port 1194 proto udp dev tun mode p2p secret server.key ifconfig 10.100.4.1 10.100.4.2 keepalive 10 60 comp-lzo ping-timer-rem persist-tun persist-key user openvpn group openvpn daemon status /var/run/openvpn-status.log log-append /var/log/openvpn.log verb 3 mute 20 == Here's my client config: == remote my.remoteserver.com port 1194 proto udp dev tun mode p2p secret server.key ifconfig 10.100.4.2 10.100.4.1 route 192.168.254.0 255.255.255.0 keepalive 10 60 comp-lzo ping-timer-rem persist-tun persist-key user openvpn group openvpn daemon status /var/run/openvpn-status.log log-append /var/log/openvpn.log verb 3 mute 20 = Howto make anyhost of client LAN can ping to anyhost of server LAN please ? Any help will be appreciated. Thank you in advance, -- Vnpenguin -- Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
