Ubuntu Networking :: OpenVPN On 10.04 Server - Routes Fail
Jul 18, 2010
New ubuntu desktop user here. I've been working with Ubuntu servers for over 3 yrs, using Windows as clients. I have OpenVPN running on an ubuntu 10.04 server, and it has worked well with Windows OpenVPN clients connecting. I took those same settings and applied them to this new install of Ubuntu 10.04 Desktop, and now openvpn seems to be failing when we get to the routes (I wrestled with the network-manager "secrets" issue for hours, but that works now).
I performed the following:
sudo openvpn --config fogbank-ny1.ovpn
--all is well, we're connecting/yay then *screech* FAIL--
Code:
Sun Jul 18 07:17:14 2010 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 10.8.0.1,route 10.8.0.0 255.255.255.0,topology net30,ping 30,ping-restart 600,ifconfig 10.8.0.10 10.8.0.9'
Sun Jul 18 07:17:14 2010 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jul 18 07:17:14 2010 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jul 18 07:17:14 2010 OPTIONS IMPORT: route options modified
Sun Jul 18 07:17:14 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jul 18 07:17:14 2010 ROUTE default_gateway=192.168.10.1
Sun Jul 18 07:17:14 2010 TUN/TAP device tun0 opened
Sun Jul 18 07:17:14 2010 TUN/TAP TX queue length set to 100
Sun Jul 18 07:17:14 2010 /sbin/ifconfig tun0 10.8.0.10 pointopoint 10.8.0.9 mtu 1500
Sun Jul 18 07:17:14 2010 /sbin/route add -net <mypublicip> netmask 255.255.255.255 gw 192.168.10.1
Sun Jul 18 07:17:14 2010 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.9
Sun Jul 18 07:17:14 2010 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.9
Sun Jul 18 07:17:14 2010 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.9
Sun Jul 18 07:17:14 2010 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.9
SIOCADDRT: File exists
Sun Jul 18 07:17:14 2010 ERROR: Linux route add command failed: external program exited with error status: 7
Sun Jul 18 07:17:14 2010 Initialization Sequence Completed
I am using the suggested openvpn routes. If I connect from Windows (actually the .ovpn file is taken directly from the working windows machine).. all is well, routes work fine all traffic is routed thru the VPN -- same way it's worked for over a yar. I assume that this is what is causing networkmanager to fail as well. those logs indicate that it has connected to the vpn, but is probably stopping when it gets to routes.
View 1 Replies
ADVERTISEMENT
Jun 7, 2011
I try to connect to my server (whose IP is x.x.x.x below) from my laptop. I have no idea why openvpn client won't work this time. It works fine in win7 before. I re-installed openvpn but it doesn't work neither. Then I searched for this issue, find that it is possibly caused by disabled DHCP Client service. I checked, and found it was enabled. Still won't work after restarting dhcp client service.
Basic Info:
OS: Windows 7
OpenVPN client: openvpn-2.2.0
DHCP Client Service started.
The following is the log during connecting:
Code:
Wed Jun 08 01:55:16 2011 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26 2011
Wed Jun 08 01:55:16 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jun 08 01:55:16 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 08 01:55:16 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
[Code]....
View 1 Replies
View Related
May 1, 2010
I bought an RTL8187L USB wireless adapter, and have had trouble getting it to work. I have managed to get it to work via manually configuringtime, but lost that configuration, and now it is once again not workingThe root issue appears to be (if I'm understanding correctly what I'm seeing) that when I connect, routes don't get setup properly, so when network manager (or WICD, which I've also tried) get to the DHCP step, my wireless router can't be reached by dhclient.
This is on Ubuntu 9.10, and I'm using the updated driver from realtek.com, btw, though the in-kernel driver was exhibiting the same behavior.So, two questions:- Is anyone familiar with this problem, and is there a fix available?- I believe I can work around it by setting up routes manually (e.g. with a post-connect script in WICD), but after staring at the "route" manpage, I'm not 100% sure of the commands. My router (a FIOS MI424WR) is my DHCP server, and is at 192.168.1.1, and route -n on a working PC (wired connection) gives:
Code:
dave@MinasTirith:~$ route -n
Kernel IP routing table
[code]....
View 1 Replies
View Related
May 8, 2011
How do I add a route that doesn't go away after a reboot? I tried adding to /etc/sysconfig/network-scripts/route-wlan0 and /etc/sysconfig/static-routes but neither of them did anything when I restarted network and NetworkManager. route command does not show the new route that I added. I tried this too - routes.html and there were no errors but the new route doesn't show up with the route command.I added "192.168.13.88/255.255.255.255 via 192.168.13.101 dev wlan0"
View 2 Replies
View Related
Apr 5, 2010
i have some problems with configuring openvpn tunnel connection to my openvpn server. I'm using static-key tcp connection. Network manager always said to me that connection could not be established. Also, when i try to run openvpn from terminal, i got some strange permissions problem:
Code:
openvpn --config config.ovpn
Mon Apr 5 15:48:37 2010 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009
Mon Apr 5 15:48:37 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Apr 5 15:48:37 2010 /usr/sbin/openvpn-vulnkey -q moj.key
[code]....
View 1 Replies
View Related
Feb 13, 2010
I want to configure a VPN over the Internet.I installed the 'openvpn' package, generated the key file, transfered it by a secure way to the client, and setted up the configuration file.
So, in that configuration file I input the IP addresses of the tunneled interfaces. Both IPs are static in the tunnel.
Then, I've heard somewhere that I can assign a dynamic configuration IP for the client. I do this registering a range.
Well, when I tried to change static IP to dynamic IP (changing '192.168.0.2' to '192.168.0.0/24') in the configuration file, the OpenVPN didn't work.
Obviously I don't know what I'm doing, and I really, don't believe that simply changing the IP will make it work, but I tried.
I hope I explained my problem as well.
My configuration file:
# OpenVPN Server Configuration File
dev tun 0
ifconfig 192.168.0.1 192.168.0.2
cd /etc/openvpn
secret key_file
In client I execute the 'openvpn' without the '--daemon' parameter.Then I want that my client uses a IP in a range (192.168.0.0/24, for example), instead of a static IP (192.168.0.2).I also thought to use a DHCP server, but I'm not sure that will work.
View 6 Replies
View Related
Sep 6, 2010
Followed this guide to the letter:[URL]..
Tried to run command:
sudo /etc/init.d/openvpn restart
And just get a fail returned.
This is what the log-file says.
[Code]...
It says init bridge br0 does not exist. Do I need to create it in the network config or something?
View 6 Replies
View Related
Mar 2, 2010
i recently rent a VPS and installed with CENTOS 5 64bit, i followed a tutorial to install openVPN to bridge traffic to my windows machine.
View 3 Replies
View Related
Oct 26, 2010
I have an Ubuntu server that is currently running Ubuntu 8.10. I was thinking of making it a VPN server for my iPhone and also for my laptop whenever I'm outside and need to access internet over insecure wireless networks. Now that part should be easy I found several guides on how to configure OpenVPN server, as well as enabling clients on iPhone, and OSX.
However, the things is that my server is currently a OpenVPN client also, I have a paid tunnel set up to bypass my ISP blocking incoming traffic on various ports. Is it possible to keep this setting but still enabling a VPN server? Essentially causing traffic from my external device to go in through my tunnel to the VPN server, and then out through the external VPN provider.
View 2 Replies
View Related
Oct 30, 2010
I configured succesfully openvpn server, but the service won't start at boot !I thought openvpn automatically starts al the *.conf files in the /etc/openvpn folder ?on my personal laptop the service automatically starts all the .conf files in the folder. But on my server with server.conf file it won't start at boot. I have to start the service as root
View 1 Replies
View Related
Mar 10, 2011
I currently have one of our clients set up to use a routed VPN for their 5 laptops to connect to the server remotley. And this works brilliantly. They are about to bring on a remote office that will need a VPN connection back to the main office, so I was going to set up a bridged connection between the two sites (and possibly more sites in the future).
So my question is whats the best way to go about this? Can I have one instance of OpenVPN running with tun0 set up for a routed connection to the laptops and add a second tun (tun1) to the config that will be for the bridged connection between the sites? Or am I going to have to run multiple instances of OpenVNP, one for the routed and another for the bridged?
If routed and bridged have to run in seperate instances, will I have to add another instance for each new remote site that needs a connection? Can a bridged config connect to multiple sites, or have multiple tuns in the one config?
View 3 Replies
View Related
Jun 16, 2011
I have (seemingly regretfully) finally upgraded my Fedora Core 7 linux machine that has served me so well for the past decade. One of the final pieces to put in place was my Openvpn config (which was running flawlessly on my FC7) which I cannot get to work.
Here are my steps.
1. Disabled SELinux
2. Added the following entry in my iptables: (although I've stopped iptables to help troubleshoot)
-A INPUT -i tap0 -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A FORWARD -i br0 -j ACCEPT
3. Yum installed openvpn and bridge-utils (btw I'm using bridging)
4. Configured my bridge-start script as such:
#!/bin/bash
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
# Define Bridge Interface
br="br0" .....
5. Configured my openvpn server conf as such:
proto tcp-server
port 5990
dev tap0 .....
When I execute my bridge-start script it creates the br0 and tap0 then all connectivity vanishes (I can only ping my gateway 10.0.0.50) - internet and any other addresses time out.
View 6 Replies
View Related
Jan 8, 2010
When the centos is running a vpn server, there 's a client connecting. The connection can't be seen by netstat -tunp
View 4 Replies
View Related
Feb 4, 2010
Running Linux Fedora 10 on an Intel Core 2 Duo PC. Runs great. We are trying establish VPN between a client and server on the same LAN. The network is a standard fast ethernet, run great. We are trying to install OpenVPN server, but having a little difficulty. Key and certificate builds seem to execute without a problem. But when we try to start the service we get [FAILED]. I've attached a copy of our procedure.
View 1 Replies
View Related
Feb 15, 2010
I'm trying to connect OpenVPN server using shell command.
I've installed all needed packages (I guess)
if type
Code:
sudo openvpn client.ovpn
and i've got messages:
Code:
Mon Feb 15 12:29:25 2010 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009
[Code]....
but i can't see tap0 interface and cannot ping any address at remote location.
I tried this config file at Windows OpenVPN client and all works fine.
View 2 Replies
View Related
Sep 28, 2010
I've been the las 4 days setting up my first VPN (OpenVPN bridged). The server is up and running OK but when I try to connect I've got this message in the client log.
Quote:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
[Code].....
View 4 Replies
View Related
Feb 7, 2011
I'm attempting to set up a VPN server on my box using the nifty HowTo posted here: [URL]
My setup is as follows:wifi0 --> Internet; managed entirely via nm-applet (NetworkManager)
Where I'm running into trouble is in the creation of a bridge interface (br0) to bridge future VPN clients to my local network.
The guide(s) say that I need to screw around in /etc/network/interfaces to setup br0 and [eth0/wifi0] accordingly. The problem is that when I specify a configuration of any sort for wifi0 (my only choice for a network uplink), it disables nm and I am unable to configure my wifi in any sort of sane way after reboot... Further info: this "server" doesn't move, and always always connects to the same wifi hotspot that is also nailed in place.
View 1 Replies
View Related
Nov 23, 2009
This was working and stable on f-10 and f-11. Fresh f-12 install including openvpn, Copied /etc/openvpn/* to new system as root from working f-11 syatem. /etc/init.d/openvpn start (and stop) works as advertised HOWEVER when set to start at boot using chkconfig or Services Configuration program, openvpn does not start. I must manually start it every time. When started, it does work without error messages in the log.
I tried removing the NetworkManager-vpn module with no effect. Thought it could somehow be overriding the auto startup of openvpn at boot.
View 6 Replies
View Related
Sep 9, 2010
I'm setting up a VPN with openVPN on a debian lenny server. I successfully installed it in the server, then created the certificates and both client (winXP) and server config files. For the client I use openVPN gui. I tested the tunnel and everything went just fine. I even can ping the openVPN server from the XP client.But thats all. I can't ping any machine behind the openvpn server.Some facts that you may find useful to help me with this issue are:
- The openVPN server is not the default gateway of the LAN. The dg is a pfsense server
- I dont have iptables enabled (policy of all chains are ACCEPT).
- I have configured ip forwarding (echo "1" >/proc/sys/net/ipv4/ip_forward)
[code]....
I have checked and all seems to be OK. I think that the problem is connected with routing the traffic from the vpn to my LAN but I don't know how to do that (besides the push route line in the server.conf).
View 11 Replies
View Related
Nov 24, 2010
How to login multiple client pc on the same network using via openvpn server from client side
View 1 Replies
View Related
Dec 18, 2010
I have a openvpn server configured and users are using from remote location. I got some errors in the /var/log/messages file as:PHP Code:
Dec 18 16:09:37system openvpn[7221]: x.x.x.x:58983 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 18 16:09:37 system openvpn[7221]: x.x.x.x:58983 TLS Error: TLS handshake fai
[code]....
View 1 Replies
View Related
Mar 20, 2009
Code...
What I can ping
Host A -> Host B
Host B -> Host A
Host A -> Router B
Host B -> Router A
Host A -> OpenVPN B
Host B -> OpenVPN A
VPN Server -> VPN Client
VPN Client -> VPN Server
What I can't ping
VPN Server to any client side host local address
VPN Client to any server side host local address
I have searched and searched for this but can not find any answers. Why can I not ping Host B from my OpenVPN server?
View 1 Replies
View Related
Sep 1, 2010
I have a ubuntu 10.04.1 install with openvpn, so I have some routes in my /etc/networking/interface file. But for what ever reason when it boots the routes don't come up and I have to restart the networking before they come up. Once I do that all is well. Any idea's why it's doing that?
View 1 Replies
View Related
Sep 1, 2010
I have a ubuntu 10.04.1 install with openvpn, so I have some routes in my /etc/networking/interface file. But for what ever reason when it boots the routes don't come up and I have to restart the networking before they come up. Once I do that all is well.
View 4 Replies
View Related
May 2, 2010
I have 2 computer 1 with a ubuntu 10, one with windows 7. I can access the windows 7 computer from Ubuntu, and see all the documents. However I can't access \SAMBA24 which I assume is the Ubuntu. What do i have to do ? I'm a complete beginner at this.Windows 7 can't find networkpath, and Ubuntu says fail to retrieve sharelist from server.
View 9 Replies
View Related
Sep 21, 2010
I have openvpn tunnel setup between two CentOS servers. One of the CentOS servers also acts as a DHCP server for some client computers.
Server A= OpenVPN server
Server B= OpenVPN client (connects to Server A with OpenVPN)
The two CentOS servers can ping each other (172.16.0.0/24) via the tun0.
However, client computer connected to Server B (DHCP server) can't reach 172.16.0.1 (which is the OpenVPN server).
I think I am missing some routing in my "ip route show". Following is the full picture:
What command can I issue to get this fixed? something along ip route add?
There is no firewall service on both end. service iptables stop! I can't bridge eth1 and tun0 as DHCP server might mess up the other side. I can't do a push of "redirect-gateway def1" because then clients loose their IP as they send DHCP requests to Server A.
View 2 Replies
View Related
Oct 15, 2010
I've got a 10.04 machine with two ethernet interfaces. I have two separate outside internet connections. This machine is connected to both interfaces. But it DOES NOT route between them. It's just a host on both subnets. Again, no routing is to go through this host. I'd like to force traffic originating on each ethernet port out to that network's internet connection.
Here's the desired setup:
eth0 192.168.12.37/24 gw 192.168.12.1
eth1 192.168.1.37/24 gw 192.168.1.1
I'd like traffic on the 192.168.1.37 address to go out through the 192.168.1.1 gateway. I have a program bound to that address and need it's traffic to go out ONLY through the 192.168.1.1 gateway. Any other traffic on the machine should go out the 192.168.12.1 gateway.
The logic is: source IP is 192.168.1.37, dest IP is any then go out only through 192.168.1.1 source IP is 192.168.12.37, dest IP is any then go out through 192.168.12.1 first or 192.168.1.1 next. The point is source on the .1.37 address must always go out the .1.1 gateway and NEVER through .12.1. Whereas traffic on the .12.37 address should try going out the .12.1 gateway first but can go out the .1.1 gateway if the .12.1 connection is down. I could live with this failover option. I could accept that traffic on the .12.37 address was likewise limited to its own gateway.
View 3 Replies
View Related
Dec 3, 2010
I just set up NIC bonding in Ubuntu 10.4, following these instructions, and I've got it working except for one problem: Every time I up or down a network device, or every time the system reboots, my routes go all to hell with eth0 and eth1 entries next to my bond0 entries. When the eth0 and eth1 entries show up, my connection is hosed and I have to go in via the maintenance IP to kill each route one at a time, leaving only bond0. Here's how I want my routes to look at all times:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.87.9.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0
0.0.0.0 10.87.9.1 0.0.0.0 UG 100 0 0 bond0
Here's my /etc/network/interfaces:
[Code]...
View 3 Replies
View Related
Apr 27, 2011
On a server with 4 network interfaces, sometimes not all 4 are plugged in. All 4 interfaces have the same IP address. Sometimes the machine cannot access the local LAN, but can access the internet via a router on the local LAN, after a reboot. What I find is that the routing table looks like this:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.30.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.30.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
172.30.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
172.30.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth3
0.0.0.0 172.30.0.2 0.0.0.0 UG 1 0 0 eth0
0.0.0.0 172.30.0.2 0.0.0.0 UG 2 0 0 eth1
0.0.0.0 172.30.0.2 0.0.0.0 UG 3 0 0 eth2
0.0.0.0 172.30.0.2 0.0.0.0 UG 4 0 0 eth3
On the console I cannot reach any local host, but I can reach internet hosts. Pinging the gateway router 172.30.0.2 gets no answer. When I manually change it to this:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.30.0.0 0.0.0.0 255.255.0.0 U 1 0 0 eth0
172.30.0.0 0.0.0.0 255.255.0.0 U 2 0 0 eth1
172.30.0.0 0.0.0.0 255.255.0.0 U 3 0 0 eth2
172.30.0.0 0.0.0.0 255.255.0.0 U 4 0 0 eth3
0.0.0.0 172.30.0.2 0.0.0.0 UG 1 0 0 eth0
0.0.0.0 172.30.0.2 0.0.0.0 UG 2 0 0 eth1
0.0.0.0 172.30.0.2 0.0.0.0 UG 3 0 0 eth2
0.0.0.0 172.30.0.2 0.0.0.0 UG 4 0 0 eth3
Then all is well (can ping local hosts including the gateway router). I do have metric specified in the /etc/network/interfaces file like this:
Code:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 172.30.16.8
netmask 255.255.0.0
network 172.30.0.0
broadcast 172.30.255.255
metric 1
auto eth1
iface eth1 inet static
address 172.30.16.8
netmask 255.255.0.0
network 172.30.0.0
broadcast 172.30.255.255
metric 2
auto eth2
iface eth2 inet static
address 172.30.16.8
netmask 255.255.0.0
network 172.30.0.0
broadcast 172.30.255.255
metric 3
auto eth3
iface eth3 inet static
address 172.30.16.8
netmask 255.255.0.0
network 172.30.0.0
broadcast 172.30.255.255
metric 4
Apparently that metric setting applies only to the gateway route, not the LAN route. Is there a way to specify the LAN route metric, too?
View 1 Replies
View Related
Oct 28, 2010
I have some CISCO,Linux related problem with 2 Class C subnets:
192.168.64.0 -> PC5
192.168.65.0 -> PC6
Here's a picture of my situation: [URL]
HQ has to have 2 STATIC routes in order those 2 "PCs" mentioned above to have end to end connectivity with NETWORK A and NETWORK B. Now I try with
route0 -> network: 0.0.0.0, mask: 0.0.0.0, nexthop: Serial 0/0/0
route1 -> network: 0.0.0.0, mask: 0.0.0.0, nexthop: Serial 0/0/1
And it seems to work but I don't think it's proper! I feel it's kinda wrong ... but all my other attempts to set another couple of static routes ends in "Request timed out" and thus connection lost.
View 1 Replies
View Related
