Debian :: Modify Configuration To Enable OpenVPN To Act As Tunnel Broker
Feb 18, 2011
I currently run openVPN on my Debian box that provides secure ipv4 routing from my laptop to my VPS in a different country (and from there the internet via this box). This works fine. However, id like to sort out ipv6 through this VPN as well as IPV4 and not overly sure how to do it. The remote server itself has native ipv6 configured on device eth0 and it works (ping6, traceroutes all fine,incoming to web servers etc) nicely on dual stack.
How would i go about modifying the config (both client and server if needed) to enable openVPN to act as a tunnel broker to enable the laptop to use the ipv6 through the server as well as the old v4? (the internet connection laptop end will not/does not have native ipv6 from the ISP. Currently im using he-net tunnel broker but id like to run myself through my existing openVPN). VPN config details: Its using UDP, port 1194, creates a TUN interface, redirect-gateway etc and the rest is normal config. Edit:- if it matters the clients are all running windows so i cant use sh scripts to set up stuff client end.
View 1 Replies
ADVERTISEMENT
Aug 9, 2010
i have installed openvpn and config it for a tunnel. my server.conf and client,conf is as follow:
server.conf
port 1194
proto udp
[code]...
View 1 Replies
View Related
Jan 25, 2010
I'm using Debian Lenny and I want to tunnel rtorrent only through a OpenVPN tunnel. I have a tunnel running, the config file looks like this:
client
dev tun
proto udp
remote openvpn.xxx.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
[Code]...
My idea is that I could run a sockd proxy internally that redirects traffic to the openvpn tunnel. I could use the *nix "proxifier" application "tsocks" to make it possible for rtorrent to connect through that proxy (as rtorrent doesn't support proxies). I have trouble configuring sockd as my IP inside the VPN changes every time I connect. This is a config file someone said would help:[URl].. As my IP changes at each connect I don't know what to put in that config file. I have no control over the host side config file.
View 1 Replies
View Related
Jul 22, 2009
I used to play with gw6c ( a client for tunnel broker ) It works well with fedora9 , fedora 10, but not with leonidas. my rpm is gw6c-6.0-0.4.beta4.fc9.i386.rpm ( a little old!) when I tried to install i have got this: libcrypto.so.7 est ncessaire pou w6c-6.0-0.4.beta4.fc9.i386 I try to make a soft link to libcrypto.so.0.9.8k, but nothing; The question :-Is there a solution for that pb - did you know a better client for non native ipv6 connectivity?
View 2 Replies
View Related
Oct 25, 2015
Unfortunately I have followed a misleading guide to set ssh and scp in order not to supply password everytime and...I messed up my ssh/scp settings as it does not work anymore.Well, in my attempt:
I moved to
Code: Select allcd ~/.ssh
then I created a rsa key
Code: Select allssh-keygen -t rsa
without giving any passphrase.Then
Code: Select allcat id_rsa.pub >> authorized_keys
chmod 600 authorized_keys
Then I tried tunnelling and...it didn't work. So, ok, I tried to recover previous settings erasing all the items in the folder ~/ .ssh/. After I tried copying a file with the "usual" command that used to work before (i.e. scp file user-id@server) and...I've found out it does not work anymore!
I get this error message:
ssh_exchange_identification: Connection closed by remote host
View 5 Replies
View Related
Feb 10, 2011
I have two firewalls, one primary (fw1) and one fall-back/backup (fw2). On the LAN side the fw's reside in the same LAN segment. I have a client who wants VPN redundancy. So I configured two VPN tunnels for this client. One via fw1 and a backup via fw2. Since the default gateway on the VPN server points to fw1 only the tunnel via fw1 is established. OpenVPN can't establish a tunnel via fw2 because of the gateway and just sits there waiting...
View 1 Replies
View Related
Jan 31, 2010
I need to know the procedure to setup VPN between two network. i setup openvpn access server to do this easy. 1. Step by step procedure to setup VPN 2. Setup VPN with DHCP 3. How to check that open vpn is running successfully.
View 1 Replies
View Related
Mar 2, 2016
We have an Apache Subversion (http) server for hosting our codes, and, for the 3 next month, we are behind a DSL connection (max upload 100 kB/s).
When a remote co-worker try to download a new fresh copy of our projects on his computer directly over http, the transfer goes fine : with a bandwidth monitor (gnome-system-monitor or bwm-ng) we can see that the server is trying to send ~95kB/s and the connection remains usable for others task in parallel (just a bit slower, which is normal).
But : when the remote co-worker is connected through SSH to this server, and uses tunneling to communicate with Apache Subversion, the server is sending more than 200kB/s : the connection is not usable for other tasks during the transfer as with ~102kB/s actually transferred through the DSL Line, it's completely congested and more than fifty percents of the packets are lost.
I think that I understand why : TCP/IP auto-detects the max amount of successfully transmitted bytes per second, and try not send more than this maximum value.
When the Apache server is connected to the local instance of openssh-server through localhost, packets are transmitted successfully between them. Only after, openssh-server try to send it to the client (and should retry if it's not successfull) but during that time, Apache is already giving the next one... giving this saturation effect (Apache is not aware of the saturation, or at least, not enough)
View 3 Replies
View Related
Feb 17, 2010
I am getting this error when I try to bring up IPSec Tunnel.Starting connection with command /usr/sbin/ipsec auto --up 'paycode-to-vivacom' ..
104 "paycode-to-vivacom" #7: STATE_MAIN_I1: initiate
003 "paycode-to-vivacom" #7: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
003 "paycode-to-vivacom" #7: ignoring Vendor ID payload [FRAGMENTATION c0000000]
[code]....
View 3 Replies
View Related
Dec 12, 2010
I installed the PPTP Client [URL] and can successfully connect to my VPN (creates interface ppp0). The problem is, I'm trying to tunnel all of my traffic on my system through the connection. I've seen conflicting howtos and scripts including pptpclient's documentation (the ip-up and ip-down scripts don't work). How does one simply (even if I type it manually) tunnel the traffic?
System Info:
OS: Debian Squeeze, Kernel 2.6.32-5-686
GUI: Gnome (standard one from netisnt unstable install)
Main interface: eth1
PPTP interface: ppp0
View 1 Replies
View Related
Jul 31, 2010
I'm playing with OpenVPN and I'm trying to share my VM's internet connection with another VM. My server VM has internet access through a NAT interface on virtualbox. My client can even ssh to the server, so the openvpn tunnel must be working. I've tried on the server:
[Code]...
View 1 Replies
View Related
Apr 23, 2011
My Debian server is used by people to set up ssh-tunnels for use as a local proxy ( on their remote machines).Since only the tunnel is setup, and no shell is used, I can't use "who" to see which users have an active ssh-tunnel on my server, but I would like to have an idea about who is active etc. I think I should be able to determine this from the auth.log file, but then I would have to use some script to determine what connection is still active. Is there an easy way to see what users have active ssh-tunnels on my Debian server at any given moment?
View 3 Replies
View Related
Aug 31, 2011
I've been working with my OpenVPN server for a while, and I have a rather interesting problem. I need to redirect all client traffic through the tunnel except for a couple IP's that need to be resolvable locally. The way I'm doing this is pushing these routes from the server:
Server 'PUSH' directives
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
I'm seeing that translating into these Windows routes:
Windows routes occurring
Wed Aug 31 15:14:35 2011 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5'
Wed Aug 31 15:14:35 2011 ROUTE default_gateway=192.168.1.254
Wed Aug 31 15:14:40 2011 C:WINDOWSsystem32
oute.exe ADD 199.[*.*.*] MASK 255.255.255.255 192.168.1.254
Wed Aug 31 15:14:40 2011 C:WINDOWSsystem32
oute.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Aug 31 15:14:40 2011 C:WINDOWSsystem32
oute.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Aug 31 15:14:40 2011 C:WINDOWSsystem32
oute.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
I've hidden my server's IP beginning with 199 for security purposes.What I've gathered.I'm assuming that 0.0.0.0 is a kind of code for "everything," so I'm not sure how I could get this to work, but the general idea is that I need a specific IP range (172.16.*) to be resolvable on the LOCAL NETWORK (of the client) meaning it does not go through the VPN tunnel and the client can connect to 172.16.* locally.Is this possible? Routes can be executed through the command line, server "push" or client config options. Any way to get this to work while still routing other traffic through would do, really.
Additional Info: I have the server running on Debian 64-bit and the client running on Windows 7 (although Vista needs to work as well).Client/server configs can be provided if needed.
View 2 Replies
View Related
Feb 3, 2011
I have an Ubuntu VPS running 10.10 x86_64
This is what is in my /etc/network/interfaces right now.
Code:
auto eth0
iface eth0 inet static
address 67.202.x.x
gateway 67.202.x.1
netmask 255.255.255.0
auto lo
iface lo inet loopback
My server.conf
code....
I can get the VPN server running and everything connects fine from the client. I just don't know how to tunnel all the traffic through the VPS because it involves making the bridge which I'm having trouble with. What exactly am I supposed to put in /etc/network/interfaces?
View 1 Replies
View Related
Sep 16, 2015
I'm running OpenVPN service on both debian server and client. When start connection between client and server, I expect all the computer traffic (except ARP and DHCP requests) go through created tunnel. However, when I capture packets on wlan0 on client (the only connection going outside host) using Wireshark, I can see DNS requests visible and sometimes incoming TCP traffic as well, but most of the traffic is going through tunnel as expected. I provide both configurations of client and server and client routing table for inspection. I changed server address to avoid server exploitation in the case of some big configuration mistake.
Commands to run OpenVPN services are:
Code: Select allFor client: sudo openvpn --config /etc/openvpn/client.conf &
For server: sudo openvpn --config /etc/openvpn/server.conf &
**Client routing table when VPN is OFF**
Code: Select allKernel IP routing table
Destination   Gateway     Genmask     Flags Metric Ref  Use Iface
default     192.168.1.1   0.0.0.0     UG  1024  0    0 wlan0
192.168.1.0Â Â Â *Â Â Â Â Â Â Â Â 255.255.255.0Â Â UÂ Â Â 0Â Â Â 0Â Â Â Â 0 wlan0
[code]...
I searched through many forums and documentation and I found, that for all the traffic going via VPN is command: *push "redirect-gateway def1"* neccessary, however, I have leaks despite this command being in place. I already spent over 2 days with this and tried to configure it in many ways, now I have no clue what I'm missing.
View 0 Replies
View Related
Dec 16, 2015
I have recently rented a VPS server so I can run a VPN. Unfortunately, I did not get far in this [URL] ....., I have encountered this error:
Code: Select allxaver@xaver:/$ sudo modprobe tun
ERROR: could not insert 'tun': Unknown symbol in module, or unknown parameter (see dmesg)
So I googled this error and found this: [URL] ....., however response of mine VPS was:
Code: Select allxaver@xaver:/$ ls /lib/modules/uname -r /kernel/drivers/net/tun.*
ls: cannot access /lib/modules/uname: No such file or directory
ls: cannot access /kernel/drivers/net/tun.*: No such file or directory
Code: Select allxaver@xaver:/$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:Â Â Debian GNU/Linux 7.9 (wheezy)
Release:Â Â Â Â 7.9
Codename:Â Â Â Â wheezy
xaver@xaver:/$ uname -a
Linux xaver 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3+deb7u1 x86_64 GNU/Linux
View 2 Replies
View Related
Aug 8, 2015
I have a laptop connected to internet via wlan0. I also have eth0 interface and with it I share internet. I want to modify/filter all the traffic passing by the first laptop, something like this:
Code: Select all          *---------------------------*
          |    LAPTOP 1      |   *--------------* ?
          |-----*  *------*  *----*   |       |
  INTERNET<------>|wlan0|<-->|MY_APP|<-->|eth0|<---->|ANOTHER LAPTOP|
          |-----*  *------*  *----|   |       |
          *---------------------------*   *--------------*
I know that in FreeBSD it is possible to use ipfw for that purpose, because it build-in into kernel. We set for example rule Code: Select allipfw add divert 2000 ip from any to 1.0.1.1
and we can use our own application to process those packets, reinject them forward etc. It will work also fast, because as I said, it build into kernel.
Is there any standart Linux-based solution to do the same? I found some info about netmap-ipfw. Is this a correct solution? Or I have to use for example IP-aliases and iptables to do that?
I need to process all the IP-packets, not only TCP/UDP/etc-protocol. Solution also must be very fast.
View 0 Replies
View Related
Jan 27, 2011
how can i manually modify source.list to include debian repository from shell.since xorg isn't installed yet and the cd doesn't work well.
View 5 Replies
View Related
Feb 11, 2016
I will see ipcam in my local network from my tablets. I'm install server/client but I can't even ping my Ipcam from my tablet.I'm ping my ipcam from my server
Code: Select allping 10.42.0.22
PING 10.42.0.22 (10.42.0.22) 56(84) bytes of data.
64 bytes from 10.42.0.22: icmp_seq=1 ttl=64 time=0.639 ms
eth1:1  Link encap:Ethernet HWaddr 00:25:22:1c:6e:05Â
     inet addr:10.42.0.1 Bcast:10.42.0.255 Mask:255.255.255.0
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
tun0Â Â Â Link encap:UNSPECÂ HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00Â
     inet addr:10.42.0.1 P-t-P:10.42.0.2 Mask:255.255.255.255
     UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
     RX packets:1775 errors:0 dropped:0 overruns:0 frame:0
    Â
[code]...
my tablet can receive ip, can see ftp on server but can't see anything in my home network.
View 3 Replies
View Related
Oct 22, 2010
I use openvpn to connect otherwise isolated machines, and use samba to share filesystems across the vpn, which works just fine.But I recently discovered that copying files using rsync -e ssh is so much faster than copying from a mounted filesystem - like about 5 times faster.I've got comp-lzo enabled in both server and the client, at least I think I have, the directive is there in both the server.conf and the client.conf files, but how do I check that it's active?Does anyone know if I can make openvpn behave more like rsync, because copying is easier than rsyncing?
View 8 Replies
View Related
Oct 29, 2010
When I make a vpn connection to an openvpn server, I loose the internet connection.
The VPN works all right.
Server config (extract)
Client config
Client route without the VPN connection
client route with VPN connected (internet lost)
Is there anything I can do to the push rule of the servers's config file?
View 1 Replies
View Related
Feb 7, 2016
I managed to set up an openvpn server, ip-forwarding and a nat iptable rule for that.
Almost everything works as expected, but my problem is:
Smartphone -> VPN -> Internet ==> works (by ip and hostname)
Smartphone -> VPN -> machine in my local network by IP ==> works
Smartphone -> VPN -> machine in my local network by its hostname => DOES NOT WORK
Machine w/ VPN server -> ping to machine in local network by ip or hostname => works
So, i wonder why i cant access a local machine through the vpn by its hostname. I guess I'm missing a forwarding rule??
iptables dump:
# Generated by iptables-save v1.4.21 on Sun Feb 7 20:56:52 2016
*nat
:PREROUTING ACCEPT [786:59064]
:INPUT ACCEPT [728:53047]
:OUTPUT ACCEPT [19:1487]
:POSTROUTING ACCEPT [20:1576]
-A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
COMMIT
# Completed on Sun Feb 7 20:56:52 2016
View 0 Replies
View Related
Jun 15, 2010
I upgraded my box this morning and I get to know something woring till now. I can't play video with the default video output xv in mplayer now. mplayer tells me that
[code]...
I naively think if I downgrade all xserver-* and mesa* to previous version, it will work again. But I failed.
[code]...
View 1 Replies
View Related
Mar 3, 2010
Without going into a lot of the reasons, I have a bootable program on a USB stick that i would like to 'boot' when debian is starting up (or after it completes, or whenever it makes sense to do it). My MB does not support a USB boot, I've removed the floppy and CD so I can add additional HDs (its a small box but well ventilated).
Another option I have is to use my bios 'network boot' option, but I have no clue how to use it and the only description in the mb manual says "Allows system to be booted over a network" In network boots, *usually* one is given an option of specifying a device address, and the network boot executes a boot protocol (e.g. bootp), and the boot image file is downloaded to the target, stored and run out of RAM. No evidence of this behavior is exhibited when the network boot option is selected in the bios...
View 2 Replies
View Related
Apr 18, 2010
Rm: cannot remove `.bashrc': Operation not permitted
* ALL other files in /home/admin directory are able, only this one.
* can't even change own, grp, just nothing
* no matter if i'm doing it from root or admin
inside this file there is code...
View 9 Replies
View Related
Oct 19, 2015
How I can enable DRI3 over debian strech/sid
View 0 Replies
View Related
Feb 8, 2016
I have a few computers running linux and windows and I like to be able to telnet and to ftp but these services are not active I look into system settings but I can not find anything on were to start them.I already try using ssh but it just hangs and nothing happened also I tried to use the graphical app for ftp but same result host not reachable.
View 10 Replies
View Related
Mar 6, 2016
Running the nvidia driver 304.125 from the repos. Debian 8.
I am running 4 monitors without xinerama. I'm not using xinerama because there is a bug which prevents opengl acceleration from working on all four screens since one of the gpus is a bit older than the other.
The solution for this, I am told, is to use xrandr instead of xinerama.
I'm using arandr as a nice front end to xrandr. However, when I run arandr on each screen, the only output it shows as available is the current screen.
I also see:
Xlib: extension "RANDR" missing on display ":0.0"
etc.
How do I enable the RANDR extension so I can get arandr working and unify my four monitors into one?
View 6 Replies
View Related
Jun 30, 2010
I'm using Debian Lenny, the only problem that I have is that the sound card isn't recognize by the system, I have installed ALSA 1.0.20 and I followed several tutorials trying to enable my sound card (ATI tech Azalia (Intel HDA)but all tries fail.
So, after install another distro -debian based- in the same pc I figured out that the sound card is enable and running by default, the ALSA version is the same -1.0.20- but the kernel is different -2.6.31.xx- so my questions are:
1. do you recommend me to upgrade my lenny's kernel to fix the problem?
2. is there a way to upgrade specific packages -for example samba, alsa, kernel- using unstable or testing versions instead of upgrade the entire distro? actually I'm confortable with lenny
3. what configuration should I check in the "other" distro to use that parameters in lenny?
View 14 Replies
View Related
Mar 16, 2011
I have accidentally stoped gdm3 service with BootUP-Manager and now i cant enable it again. I can start it from terminal with sudo service gdm3 start i have tryed to dpkg-reconfigure gdm3 and purge/install. This are services running on startup [ + acpid
[ - ] anacron
[ + ] apache2
[ + ] atd
[code].....
View 3 Replies
View Related
