Networking :: OpenVPN And Routing With Redirect-gateway Iproute2 Solution
Apr 16, 2011
To be able to use my 3g connection from my laptop I am using Azilink.Azilink work by setting up a little Openvpn server on your smartphone then you connect to your smartphone from your laptop with OpenVPN.From there what i wanted was to use a second VPN connection to an external Linux host and redirecting all my traffic to that tunnel... (redirect-gateway + iptables)It is working but partially..Here is the way I connect through my phone (all steps are I think important for the routing issue...)
1) I plug the phone then a usb0 interface is created with the 192.168.239.5 ip adress (my phone is 192.168.239.4)Then adb connect 192.168.239.4
2) I have to enable a port forward on my phone adb forward tcp:41927 tcp:41927
3) I run the openvpn script (to connect to my phone on wich i have launched Azilink)
So Openvpn connect to 127.0.0.1:41927 (to my phone) From there I have a Initialization Sequence Completed
At this time I am connected through 3G via my smartphone to the Internet..And as you imagine i don't want to enter all the IP adresses of Internet minus RFC1918 manually via route command.I think the problem comes from the fact that when i do the route add default gw 10.8.0.5 it is overwritting all the routes required to establish the first and the second connection am i right? Could someone help me solve that issue ?
I'm using OpenWRT on a WRT54GS. I'm using wifidog in combination with openvpn. For those of you familiar with wifidog, my auth server is located at the other end of an openvpn tunnel and the "wifi dog gateway" is running on the WRT itself. I'm don't really think that wifi dog is the issue. Basically, I'm using openvpn with the "redirect-gateway" option which works well. In this mode, openvpn removes my current default gateway setting and adds the remote openvpn server as the default gateway (as it should). However, overnight, my default gateway on the local network keeps reapperaing (along with the openvpn one as well).
This causes confusion and I don't want any packets (But ovbiously the connection to the actual openvpn server) to go down this local gateway. Why do you think it reappears? Do you reckon openvpn is dropping connection and somehow the normal gateway is being added back? I *could* run a cron script which runs every minute or so with something like "route del default gw xx.xx.xx.xx" (where xx.xx.xx.xx is the default gateway which I don't want to be there) but that is quite messy and means that if I were to ever move the router I would need to reconfigure this and considering that I would like in the future to have many of these wifi dog gateways, this really isn't an ideal option (as every network will have a different default gateway).
Im having a issue with routing internet traffic from my router two different subnets (vlans).
Theres my setup:-
Server:
Both eth0,1 are running dhcp (two scoopes) that works fine!
The output of route -n is:
I have ip_forwarding on aswell, but i can ping the ip on the server running that dhcp scoope ie ping 192.168.4.1 works great but i just cant get the internet on the clients.
I've been trying to setup an IPSec connection between two routers, but am having trouble with the actual packet routing.
My setup currently is two local networks (192.168.1.0/24[netLANA] and 192.168.0.0/24[netLANB]) that are connected to their own routers (192.168.1.1 and 192.168.0.1 respectively). The routers are both connected to the 194.26.1.0/24[netWAN] network. I wish to setup an IPSec connection between the two routers, to act in tunnel mode between the two local networks.
The first router is a linux box (on the netLANA network) that I am setting up using the ipsec-tools, and the other is a Netgear ProSafe FVS318G (on the netLANB). I've set them both up to have the same configuration for IPSec. Also, on the linux router I have setup a route like this:
Code: $ route add -net 192.168.1.0/24 wlan0
So that all traffic destined for the netLANB network will be routed to the wlan0 interface (netWAN in this case, and therefore over the tunnel).
My problem is that if I ping from any host on netLANA, I can see the ICMP reply comes back to the linux router, but it doesn't get back to the original host.
From the linux router, here is the tcpdump of the ping:
Code: $ tcpdump -n -S -i any 17:06:26.308353 IP 192.168.0.5 > 192.168.1.4: ICMP echo request, id 1036, seq 1, length 64 17:06:26.308780 IP 194.16.1.6 > 194.16.1.5: ESP(spi=0x0ea08914,seq=0x2f), length 116 17:06:26.316287 IP 194.16.1.5 > 194.16.1.6: ESP(spi=0x0be1036c,seq=0x2f), length 116 17:06:26.316287 IP 192.168.1.4 > 192.168.0.5: ICMP echo reply, id 1036, seq 1, length 64
The case: I'm running two dedicated Linux servers (openSUSE). Both servers are connected through public IP addresses to the internet. Each server hosts a VMware with another Linux inside.
SRV1 and SRV2 are the entry points for OpenVPN from external clients. SRV1 and SRV2 are although connected through an OpenVPN connection for save data sharing.
My problems: SRV3 can't connect to SRV2 and SRV4. SRV4 can't connect to SRV1 and SRV3. External OpenVPN clients connected to SRV1 can't reach SRV2 and SRV4. External OpenVPN clients connected to SRV2 can't reach SRV1 and SRV3.
My Laptop is connected to 2 different network (Wireless "gateway 10.170.8.1" ;cable wired "gateway 192.168.1.1")the gateway 192.168.1.1 is the default i want all application like firefox that connect via http and https port 80 and 443 to use the gateway 10.170.8.1) else to use the default gateway
I have recently just got another internet connection at home via cable as well as my exisiting DSL connection. I was wanting all my web browsing that I did via squid to be redirected down the cable connection. The box has a single nic at the moment and the default route sends it via the dsl connection for the mail server that is also running on the box.I was hoping that anything that hit squid would go down the cable connection that is plugged into a router and thus I can route to 172.16.2.251 and everything will go out via cable.
I was reading about iproute2 and marking the packets and is wondering whether this is the way to go?
From what I've read, when linux sends a ping it sends without the netmask, so windows server assumes it must be a broadcast? Why doesn't linux send a netmask with a ping?
I've been on a quest to enable full routing through my openvpn tunnel between my office and the colo. Masquerading will work, however it will throw off anything key based and makes a lot of things just more difficult and vague in general. Is there an easy way to do this via iptables? I tried using quagga hoping it would magically solve my problems, however it does not seem to do my routing for me . I just did a basic static route within zebra...
I've been working with my OpenVPN server for a while, and I have a rather interesting problem. I need to redirect all client traffic through the tunnel except for a couple IP's that need to be resolvable locally. The way I'm doing this is pushing these routes from the server:
Server 'PUSH' directives
push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
I'm seeing that translating into these Windows routes:
Windows routes occurring
Wed Aug 31 15:14:35 2011 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5' Wed Aug 31 15:14:35 2011 ROUTE default_gateway=192.168.1.254
I've hidden my server's IP beginning with 199 for security purposes.What I've gathered.I'm assuming that 0.0.0.0 is a kind of code for "everything," so I'm not sure how I could get this to work, but the general idea is that I need a specific IP range (172.16.*) to be resolvable on the LOCAL NETWORK (of the client) meaning it does not go through the VPN tunnel and the client can connect to 172.16.* locally.Is this possible? Routes can be executed through the command line, server "push" or client config options. Any way to get this to work while still routing other traffic through would do, really.
Additional Info: I have the server running on Debian 64-bit and the client running on Windows 7 (although Vista needs to work as well).Client/server configs can be provided if needed.
Just curious to see what everyone's opinion on using routing vs. bridging for openVPN. I'm installing openVPN on a linux box that I'm using as a router. What I was wondering was your opinions on which one of these two options to use.
I am playing with openvpn, and I got stuck.I am using ubuntu server for openvpn server, which has 2 physical NICs, one is directly on internet and other is LAN, where few pcs are connected on.
When I try wget URL... I get failed: connection timed out.I have created br0 as a bridge over eth0 to run this VM. The host has this IP 172.30.8.135.The host has access to internet through eth0 and this is the output of route inside the host.
I have a linux machine with 3 NICs, one for the local net and the other 2 for 2 different ISP's which i want to load balance.
I configured Load Balance on my linux box using iproute2 and what i found in this site [URL].
Im able to reach the internet using that box, but when i configure a pc from the local net with the linux machine as the gateway im not able to reach the internet.
The problem seems to be NAT concerned, so i was wondering, how can i configure PAT using iproute2 to get this result: -I want load balance to take place, and that translation occurs after the linux router decides through which interface (of the 2 i have configured to my ISP's) the packet is going out. (i dont know if that is possible)
I have set up an openvpn server on ubuntu via port tcp 443. The server use a public network and almost every ports are blocked (not 443) So when a client connect to the server, if it send traffic needing a blocked port, the connection cannot been etablished of course. So i d like to know if it is possible to redirect all incoming traffic on the server to an other unblocked port (like 443) to bypass firewall.
I dont think openvpn offer this possibility but maybe with linux it is possible..
eth0 is the default route, and eth3 is being used for something else. So what I want to do is load balance browsing between eth1 and eth2. I've added all of the routes in the LARTC guide, but the command to enable the load balancing:
Quote:
ip route add default scope global nexthop via $P1 dev $IF1 weight 1 nexthop via $P2 dev $IF2 weight 1 obviously involves creating a new default route. Since I'll be using Squid to push the traffic through the relevant line, how can I set up a load-balanced link for eth1 and eth2 without changing the existing default route on the server?
i have some problems with configuring openvpn tunnel connection to my openvpn server. I'm using static-key tcp connection. Network manager always said to me that connection could not be established. Also, when i try to run openvpn from terminal, i got some strange permissions problem:
Code:
openvpn --config config.ovpn Mon Apr 5 15:48:37 2010 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009 Mon Apr 5 15:48:37 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Mon Apr 5 15:48:37 2010 /usr/sbin/openvpn-vulnkey -q moj.key
What exactly does gateway in a route refer to? I know what a default gateway is- it's the route of last resort. But used in context of a host route (with destination specified), what is a gateway and why is it important?
I have been beating my head for the last few weeks on this problem, (although I have been taking the wrong approach, it seems).
I need a gateway to direct web traffic to three separate servers/domains. I have been trying to do this with both a dns server and , (seperatly), apache server to forward requests. The dns server was a no go, and <i can only get apache to redirect http and ftp.
After Googling this ALOT, I believe that what I need is a gateway server to redirect my traffic to the 3 different servers. I have been reading about using using nat and iptables for this and was wondering if anyone had any advice/suggestions on this. The other thought I had was to use something like pfSense to create the gateway, but I am still reading the documentation, and I am unsure if this approach will work.
gtwy ~ # ip rule add from 64.251.23.186 table t1 RTNETLINK answers: Operation not supported
Older article of the same problem, but it did not help me: http://forums.gentoo.org/viewtopic-t-696982-start-0-postdays-0-postorder-asc-highlight-.html
I have looked on google at great lengths to try to find a solution. It seems that my kernel configuration is missing something? My system/kernel is: 2.6.36-gentoo-r5 #3 SMP Thu Jan 13 10:49:06 EST 2011 x86_64 Intel(R) Xeon(R) CPU X3220 @ 2.40GHz GenuineIntel GNU/Linux.I am posting this on SuperUser since this system is used as a workstation and this problem is unrelated to specific tasks that are handled exclusively by servers.iproute2 is installed:
i know exactly what i need to do, im just not familiar enough with command line to do it properly.i have 7 computers.the first 4 are connected to a router via wireless at one end of the house. of the last 3 only 1 will be able to access the router via wireless, so it needs to share it's one wireless connection via ethernet. this computer i'm going to call 'server'server will have two IP'swlan0 192.168.1.6 this connects to the router that has internet access.eth0 i intend to have the following settingsip:192.168.0.1sub: 255.255.0eth0 will connect to a second router, where the cat5 cable goes from the server, into the internet port of the router where i will define the router's static IP:IP: 192.168.0.100sub: 255.255.255.0gateway 192.168.0.1i have then set the router IP for LAN handling as 192.168.27.1 and all ethernet connections will have a 192.168.27.x IP.
so i need to know how to, without a gui application, use the terminal to assign server eth0 a proper IP address, and tell the server to take the connection it has and share it through eth0 to supply internet for the last 2 computers via ethernet.i had it set up in this way with a windows machine being the one that had the wifi access, but i'd rather have it setup for the ubuntu server to do this task. security is imperative for these 3 remaining machines, so just getting 2 more wifi adapters for a connection to the initial router isn't an option.the 2 that connect to server do so through SSH and though server IS connected via wireless it only makes outward connections through
I want to configure a VPN over the Internet.I installed the 'openvpn' package, generated the key file, transfered it by a secure way to the client, and setted up the configuration file.
So, in that configuration file I input the IP addresses of the tunneled interfaces. Both IPs are static in the tunnel.
Then, I've heard somewhere that I can assign a dynamic configuration IP for the client. I do this registering a range.
Well, when I tried to change static IP to dynamic IP (changing '192.168.0.2' to '192.168.0.0/24') in the configuration file, the OpenVPN didn't work.
Obviously I don't know what I'm doing, and I really, don't believe that simply changing the IP will make it work, but I tried.
I hope I explained my problem as well.
My configuration file:
# OpenVPN Server Configuration File dev tun 0 ifconfig 192.168.0.1 192.168.0.2 cd /etc/openvpn secret key_file
In client I execute the 'openvpn' without the '--daemon' parameter.Then I want that my client uses a IP in a range (192.168.0.0/24, for example), instead of a static IP (192.168.0.2).I also thought to use a DHCP server, but I'm not sure that will work.
My setup is...I have a wireless access point using laptop as a gateway. The AP is also connected to a switch as is the laptop. So the laptop has two interfaces one wireless and one wired. A third device is using the AP to connect to a server on the internet. The AP sends the packets to my laptop where they are dropped. I've been looking for a solution to this problem without success. Basically is there a way for my laptop to forward all packets it sees from a certain IP address to whatever destination address they have?To clarify, my laptop is just the gateway of the AP and none of the packets are addressed to it at all, it just picks them up using a sniffer or similar tool.
I have a pc with debian 6 (without GUI) installed on it and want to use it as server at home. It has 2 ethernet nics. Now i want to configure the routing process. Searched internet for a long time found something but couldn't get it work.
When setting up an SSH proxy, I know you can configure Firefox to route DNS requests through the proxy. Is this possible from linux directly? I'm trying to use wget through the proxy, including DNS lookups.
I have two subnets which I am interested in connecting.
Some basic network details:
Subnet A:
Subnet B:
I am trying to think of any further relevant details, but that seems to be it to me. If I forgot anything, please tell me.
Ok the question. WHAT do I type? (Explicitly!) And WHERE do I type it? In order to reach ubuntu-01.tec.lan, or ubuntu-02.tec.lan from perpetrator.tec.lan or rapine.tec.lan?
I'm interested in using actuall ROUTES. I can already achieve results similair to this with either a NAT firewall, or with VPN.. but that's not what I am interested in.
From what I have found out so far, I should need something like the following:
I'm newbie to Wireless. Currently I try to implement EAP-TLS but firstly I need to get the hardware work, allow Access Point to Route from Wireless to Wire (LAN DNS server).
