Just curious to see what everyone's opinion on using routing vs. bridging for openVPN. I'm installing openVPN on a linux box that I'm using as a router. What I was wondering was your opinions on which one of these two options to use.
View 2 RepliesI'm currently trying to set up OpenVPN on my Ubuntu Server, however I'm having trouble setting up bridging. I am following the tutorial for bridging that is located on the Wiki here: [URL] At the current time my /etc/network/interfaces looks like this (default from Ubuntu install):
[Code]...
I am playing with openvpn, and I got stuck.I am using ubuntu server for openvpn server, which has 2 physical NICs, one is directly on internet and other is LAN, where few pcs are connected on.
View 5 Replies View RelatedMy roommate has a slow ADSL provider, and i have a much faster cable connection. He has his own residential gateway, and as do i. The goal i am trying to accomplish is to share 2 printers (1 behind each residential gateway) and also files between computers on the different LAN segments, but not share ISPs or DHCP servers.
Thus far, i have configured my residential gateway's DHCP server to have control of the 192.168.1.0/24 network and his gateway's DHCP server controls the 192.168.0.0/24 network. We've got a Slackware 13.0 Linux box connected on the 192.168.0.0/24 network which currently just serves a web page and accepts e-mail for a domain. My knowledge of networking fails me here as I'm not sure what piece of equipment i would need to buy to solve this puzzle (bridge or router). I know iproute2 can do wonderful things on Linux, and i figure it would be easier to just shove a NIC or 2 in the Linux box and make it do what i need instead of buying more networking equipment.
I'm trying to set up an openVPN server for a small office. I've gotten the server running, and configured keys, and been able to connect to the server. The trouble is that once I connect with my windows machine to the server, I am unable to bridge through to the www. I have combed through so many settings and tutorials, and I am confused as to how to set up the interfaces configuration file. Here's a sample of my routing table:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
XXX.XXX.XXX.0 * 255.255.255.128 U 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
default XXX.XXX.XXX.1 0.0.0.0 UG 100 0 0 eth0
How should I be configuring this so that when I'm in the VPN I can get through to the internet?
I only have very basic understanding on how it works.This question may have been asked so many times, and honestly I've tried so many tutorials and have read a lot of articles but it all didn't worked. I may be too stupid to have this done, or it is just the lack of knowledge.
Here it goes,I have a VPS with a host which runs OpenVZ in LA. I want to create a VPN tunnel to the VPS and tunnel all my internet traffic to the VPS. Can somebody please help me out on the step-by-step?
I was once able to configure the VPS to run OpenVPN and my client pc was able to connect to it, but the internet connection is still thru with my local connection. Did it with a tutorial too. I would also like to ask, The VPS has 512mb of RAM, I was wondering how many clients can it handle at the same time.
My special networking configuration.
The case: I'm running two dedicated Linux servers (openSUSE). Both servers are connected through public IP addresses to the internet. Each server hosts a VMware with another Linux inside.
SRV1 and SRV2 are the entry points for OpenVPN from external clients. SRV1 and SRV2 are although connected through an OpenVPN connection for save data sharing.
My problems:
SRV3 can't connect to SRV2 and SRV4.
SRV4 can't connect to SRV1 and SRV3.
External OpenVPN clients connected to SRV1 can't reach SRV2 and SRV4.
External OpenVPN clients connected to SRV2 can't reach SRV1 and SRV3.
Here are my configurations:
Code:
Code:
Code:
Code:
I've been working with my OpenVPN server for a while, and I have a rather interesting problem. I need to redirect all client traffic through the tunnel except for a couple IP's that need to be resolvable locally. The way I'm doing this is pushing these routes from the server:
Server 'PUSH' directives
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
I'm seeing that translating into these Windows routes:
Windows routes occurring
Wed Aug 31 15:14:35 2011 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5'
Wed Aug 31 15:14:35 2011 ROUTE default_gateway=192.168.1.254
Wed Aug 31 15:14:40 2011 C:WINDOWSsystem32
oute.exe ADD 199.[*.*.*] MASK 255.255.255.255 192.168.1.254
Wed Aug 31 15:14:40 2011 C:WINDOWSsystem32
oute.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Aug 31 15:14:40 2011 C:WINDOWSsystem32
oute.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Aug 31 15:14:40 2011 C:WINDOWSsystem32
oute.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
I've hidden my server's IP beginning with 199 for security purposes.What I've gathered.I'm assuming that 0.0.0.0 is a kind of code for "everything," so I'm not sure how I could get this to work, but the general idea is that I need a specific IP range (172.16.*) to be resolvable on the LOCAL NETWORK (of the client) meaning it does not go through the VPN tunnel and the client can connect to 172.16.* locally.Is this possible? Routes can be executed through the command line, server "push" or client config options. Any way to get this to work while still routing other traffic through would do, really.
Additional Info: I have the server running on Debian 64-bit and the client running on Windows 7 (although Vista needs to work as well).Client/server configs can be provided if needed.
To be able to use my 3g connection from my laptop I am using Azilink.Azilink work by setting up a little Openvpn server on your smartphone then you connect to your smartphone from your laptop with OpenVPN.From there what i wanted was to use a second VPN connection to an external Linux host and redirecting all my traffic to that tunnel... (redirect-gateway + iptables)It is working but partially..Here is the way I connect through my phone (all steps are I think important for the routing issue...)
1) I plug the phone then a usb0 interface is created with the 192.168.239.5 ip adress (my phone is 192.168.239.4)Then adb connect 192.168.239.4
2) I have to enable a port forward on my phone adb forward tcp:41927 tcp:41927
3) I run the openvpn script (to connect to my phone on wich i have launched Azilink)
So Openvpn connect to 127.0.0.1:41927 (to my phone) From there I have a Initialization Sequence Completed
At this time I am connected through 3G via my smartphone to the Internet..And as you imagine i don't want to enter all the IP adresses of Internet minus RFC1918 manually via route command.I think the problem comes from the fact that when i do the route add default gw 10.8.0.5 it is overwritting all the routes required to establish the first and the second connection am i right? Could someone help me solve that issue ?
I've been on a quest to enable full routing through my openvpn tunnel between my office and the colo. Masquerading will work, however it will throw off anything key based and makes a lot of things just more difficult and vague in general. Is there an easy way to do this via iptables? I tried using quagga hoping it would magically solve my problems, however it does not seem to do my routing for me . I just did a basic static route within zebra...
View 3 Replies View RelatedI have an Ubuntu 9.10 server installation which have been working flawlessly for some months. The server runs bridged networking, because of some VMs that runs on it. But, a couple of weeks ago the network connectivity have started to disappear now and then (usually once a day or so). Running "sudo /etc/init.d/networking restart" always kicks it back to life.
After a bit of debugging I noticed that when OK the routing table looked like this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0
default 192.168.1.1 0.0.0.0 UG 100 0 0 br0
While when in the non-working state it looked like this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0
default 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 100 0 0 br0
Deleting the two routes to eth0 restores the networking again. Why these "erronous" routes gets added, and what adds them? How to further debug this?
I have one external ip address and a few domains. Would it be possible to have each domain on a internal domain and the box that sits on that external ip route to the internal. This would be for a number of server (mail, apache, imap, pop3, https ) So for example:
Some visit domain1.com ->external ip -> 192.168.10.100 Someone else visit domain2.com ->external ip -> 192.168.10.101 and so one with a number of domains
I am leading a project at work that will require at least one new server. There will be a development server and a production server, which changes from development will be rolled onto. Unfortunately, I am more of a web programmer than a Linux guru, and I really don't know whether or not it is better to have two physical servers or two virtual servers on one machine. I don't think there will be a huge toll on the machine, as there will probably be around 1000 total users and less than 100 on at any given time. We are also able to spend quite a bit on the server, so I'm sure one could handle it, but I just wanted to check and see what the advantages and disadvantages would be in this situation.
View 1 Replies View RelatedI want to use tab networking in my kvm with routing.Can any one guide me how i can do it. i have been reading different guides over the net but not understand any one clearly.I have read this[URL].. One problem is this all my server are remote and no gui is running.I am able to install kvm with ssh console with -nographic and -x "console=ttyS0" option now i want to change from bridging to tap networking with routing.And i have live ip on kvm guest/Virtual machine.
View 1 Replies View Relatedrouting tables using "ip route 2" I have a server(server1 from now on) with eth0(internet connection) and eth1(lan connection). eth1 have 2 more alias devices = eth1:1 and eth1:2 On my server 1 the eth0=public ip, on eth1=192.168.10.1/24, eth1:1=192.168.20.1/24 and eth1:2=192.168.30.1/24 server1 is running squid and iptables to all 3 networks (eth1, eth1:1 and eth1:2) All of the clients have access to internet. Now what i want to do is add 3 more networks via a router(linuxBox = server2 from now on) connected to server1 in eth1. so the network will be like this:
Code:
server1
eth0=internet
eth1=192.168.10.1/24 (connected to server2 and other clients)
[code]...
I have a firewall, this consists of three NIC's:
Code: eth0[192.168.0.2] eth1[192.168.1.2] and eth2[10.10.165.2]
I am trying to ping eth0 from eth2, but I am not able to succesfully get a response from pinging the device, I am using:
Code: ping 192.168.0.2 -I eth2
I have tried to insert routing data into the routing table, but it still doesn't work
As far as I can tell, the server guides only explain a bit about what dynamic routing is, but not how to implement it.
My situation is this:
We require a server with 3 interfaces. One local, one to a vsat link and the other to a fibre link. The fibre will be the default route for Internet traffic but we want dynamic routing to automatically switch to the vsat link when the fibre link goes down (which happens fairly often in Zimbabwe!) and then switch back to the fibre link when it comes back up again.
The first option would be to handle dynamic routing on a Cisco router, but at the prices of Cisco devices here, it's not the most affordable option.
So my server running FC4 died last night and I decided to go ahead with the long-awaited upgrade to FC10 while I was rebuilding my server. I use my server for a number of things including, but not limited to: router, firewall, web server, mail server... I have a typical configuration process that I have followed since before fedora, and it has worked well for me up through FC4, but my usual config process doesn't work on FC10.
First of all, I don't want SELinux running, I didn't see an option to not install it during the FC10 setup, so how to I properly disable or uninstall it afterwards? Second, I was unable to even configure the server to route traffic from my internal network to the web, here's the process I usually go through for this:
[Code]...
I don't have a static IP from my ISP, so I'm not quite sure how to add the default route. I think I need to do something like "route add default gw xxx.xxx.xxx.xxx eth1" where eth1 is my external NIC, correct?
What else do I need to do to route traffic? I noticed that I wasn't even able to ping my server from the internal network even though they are on the same subnet, my server's internal NIC has an address of 192.168.7.1 and my computer on the network has an address of 192.168.7.2. If I can get this going to I have internet access again at the very least, I can move forward with the web server, email, etc.
I have an environment of roughly 30 machines that all have ssmtp installed with identical config files. I also have logwatch installed on all of them, and it runs nightly as it is supposed to. The problem is that any given night, a random number of machines do not send out the resulting email from logwatch but instead dump it to ~/dead.letter. The number of failures changes every night, but most of the time it is between 20 and 30 of my servers.
View 2 Replies View RelatedTrying to set up a VPN on my seedbox. I get an error when I try to start it.
I followed this guide: [URL]
Here is my server.conf:
Code:
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
[Code].....
I am following this guide on setting up an Openvpn but having a little issue with permission denied.
I am at this step 'Initialize the Public Key Infrastructure (PKI)'
Code:
cd /etc/openvpn/easy-rsa/2.0/
. /etc/openvpn/easy-rsa/2.0/vars
. /etc/openvpn/easy-rsa/2.0/clean-all
[Code]....
I'm trying to get OpenVPN working but when I try to bring my br0 interface up it gives me an error.The below messages is from when I run
Code:
/etc/init.d/networking restart
Code:
root@server:/etc/openvpn# /etc/init.d/networking restart
* Reconfiguring network interfaces... ssh stop/waiting
ssh start/running, process 28263
[code]...
I have many openvpn implementations. Every time I use windows shares over openvpn, the speed is no more than 500KB/s, in LAN environment. When I start a copy it reaches 200-300KB/s, when I start second one it reaches 500KB/s. No more is reached after more copies simultaneously. When I use linux to copy files - the first copy reaches 700KB/s, the second copy reaches 2.5MB/s (then the first grows also to 2.5MB/s), the third copy reaches also 2.5MB/s. All of these are copied simultaneously, otherwise when only one is started it sits on 700KB/s. Moreover when 2 of the 3 simultaneous copy processes end, the one left backs at 700KB/s again.
But this is linux. When I use Windows the transfer speed is no more than 400-500KB/s (LAN environment).
The OpenVPN server is always ubuntu (any version - I've tried 6.06, 8.04, 10.04).
Tried the OpenVPN client in ubuntu (and the windows machine behind the ubuntu), in windows (directly installed the client on windows) and it is all the same - no more than 500KB/s.
I can not use this because it is so slooow. When only one file is copied at a time it reaches only 200KB/s!!! Searched all the google results - no one have an answer, although there are many people with the same problem.
Now, I am sure that the problem is in Windows, because when I use linux as a server and as a client, the client copies fast. But when I use windows as machine behind the client it copies slow. I don't know... something in the tcp/ip settings in windows or something...
i have setup Open VPN on Ubuntu 9.04, generated the key and have it running successfully on the server end. I download the open vpn client for windows, copied over the key ca and cert file and connected to the erver. All went well and the open vpn gui said its connected to the server (green comp icon in taskbar) and it said in a ballon it assigned me an ip of 10.8.0.6 it all looks good... BUT i have no vpn access... The virtual adapted in windows is not able to pull an actual IP/gateway and such...
[Code]...
I've setup openVPN using bridging following these guides
[URL]
I'm running Ubuntu Server 10.10 My clients can connect and get their own IP within my ip range (192.168.1.x) They can ping each other and I've tested I can use the connection a lan game and a windows RDP connection. The problem is I cannot access any of the actual local network devices except the vpnServer. Is their something else that needs to be done to allow full network access?
I have OpenVPN setup and running on my home server (Lucid Lynx). I move around alot and use Portable OpenVPN to connect to my home server. The problem is a lot of the computers I use I do not have admin rights to install the necessary routes to connect. So my question is this. Can OpenVPN be configured to use PPTP protocol? Because I have PortableVPN on my U3 flash drive and that VPN client does not need admin rights to run. If OpenVPN cannot do this, and from my understanding of its archetecture it cannot, but I must admit i am no authority on the matter. Can you suggest a workable solution, ie. install and setup this server software and use this portable client software.
View 1 Replies View RelatedI have a few issues after setting up Openvpn. At work i just setup a new Ubuntu Server 10.4. The server itself is working Great. I ended up getting Openvpn installed and working to a point. I have searched online and done as much reading as i could find but i keep running into the problem of not understanding. So here is the problem.
The server is set on a static IP address. At first i tried to have the config file listen on a virtual ip address i setup up in /etc/network/interface but that ended up not working so i set it to its specific ip address. I kept running into the error about script security while trying to start Openvpn. I tried to add into the config file "script-security 2" that way the up.sh and down.sh scripts were allowed to be run. That didn't help and then i kept trying to run Openvpn manually running the command
Quote:
And i kept getting a message
Quote:
So what i did was just comment out the "up" and "down" scripts in the config file. This allowed me to actually get Openvpn started on the server. So once this was done i connected form a client machine and was given an ip address like i should. The only issue is that i was not able to actually comunicate with the server. I have a samba share on there to allow me to copy files back and forth but an not able to actually communicate with the server at all. I should note that this is a web server that i can view from the outside. (actually get to the webpage) but i tried to access the website and share via the Openvpn gateway. I also tried to access the website portion using the hostname with no luck.
By the way, prior to putting the server on its separate network i was able to access the webpage and the samba share using both the ip address and the hostname.
I recently loaded up my old powermac g3 with debian 6.0 PPC, and it seems to be running quite good. I control it using ssh from my windows 7 box. I installed default-jre, so I could run the minecraft server on there.
I've got two questions: I installed Openvpn, but I'm a bit confused on how to use it.. I want people to be able to connect to my vpn network over the internet, what configuration should I use, and could someone maybe link me a decent step by step tutorial?
secondly, when I tried to launch the server, it tried to generate a new map, but this is taking ages! on my desktop computer, it only took two seconds, but after over half an hour, it only got to 20% of "preparing spawn area" what could be wrong with this? Any reason why the java virtual machine would have performance issues? I have no clue.. I haven't tried copying over my smp map from my windows box yet, and launching that.. but I doubt performance will be any better. (my windows 7 machine is hosting at the moment for about 10 people)
I'm trying to run Web server (nginx, does not really matter) "behind" VPN tunnel (i.e., on VPN client - the idea is that Web server is available at VPN endpoint IP on VPN server). Stock Ubuntu 9.10 Server with stock openvpn 2.1. No network changes done, only ufw is enabled and IPv6 is switched off. I need this box to be available at main IP address, no default route for VPN tunnel.
Tunnel itself works nicely, no problems at all. Hand-made static routes work via tunnel just fine. Problem is in-going traffic - I can see that it at least comes via tunnel (via OpenVPN debug), but is blocked (or dropped) by firewall or kernel. As far as I know, specific VPN server does not filter anything and is used for running Web servers on other IPs. I think I might need to set up some sort of IP forwarding for tap0 device to localhost - but don't really know where to start.
Tried disabling firewall, making Web server listen on all IPs (from localhost to VPN tunnel) - no luck. The box is in another country and KVM will be time and money, so I really don't feel like experimenting. openvpn.conf (IPs are obscured, non-relevant options removed, based on recommended config for that server):
Code:
# Setup
dev tap
remote 1.2.3.4
port 5091
[code]....
Since yesterday I'm fighting with OpenVPN on Ubuntu 10.04TLS and I can not cope with the authorization of users from Windows 2008 AD server. It looks like this: Published 93.159.XX.XX IP address the router and all traffic directed to the internal LAN IP 10.0.1.210. Customers who will combine the different platforms are Mac OS, Linux, Windows XP, 7, Vista. The whole domain is for Windows 2008. Uploader authLDAP module, but I still can not connect, that is, not after entering the username and password from the W2K8 domain does not log
View 1 Replies View Related