LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Help me troubleshoot my openvpn (http://www.linuxquestions.org/questions/linux-networking-3/help-me-troubleshoot-my-openvpn-4175444175/)

takayama 01-04-2013 01:56 PM

Help me troubleshoot my openvpn
 
Hello
I have a really simple openvpn setup (the server is in a vps i rent), i will use this from my laptop when im at unsecure wireless and stuff like that.
(due to my semi paranoia my public ipaddress is changed to *.

Server:
Code:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:10.9.8.1  P-t-P:10.9.8.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1122 errors:0 dropped:0 overruns:0 frame:0
          TX packets:224 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:74344 (72.6 KiB)  TX bytes:16120 (15.7 KiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:46.*.*.*  P-t-P:46.21.104.134  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

Config looks like this:

dev tun0
ifconfig 10.9.8.1 10.9.8.2
secret /etc/openvpn/static.key
log-append /var/log/openvpn.log

route -n looks like this:

10.9.8.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 venet0



Client:

Code:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.137.1.15  netmask 255.255.255.255  broadcast 10.255.255.255
        inet6 fe80::216:3eff:fe5e:6c0d  prefixlen 64  scopeid 0x20<link>
        ether 00:16:3e:5e:6c:0d  txqueuelen 1000  (Ethernet)
        RX packets 48  bytes 5702 (5.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 297  bytes 41482 (40.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 43 

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.9.8.2  netmask 255.255.255.255  destination 10.9.8.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 18  bytes 1584 (1.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 257  bytes 15420 (15.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Config:

remote 46.*.*.*
dev tun0
ifconfig 10.9.8.2 10.9.8.1
secret /etc/openvpn/static.key
redirect-gateway def1

route -n looks like this:

0.0.0.0 10.9.8.1 128.0.0.0 UG 0 0 0 tun0
10.9.8.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.137.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
46.*.*.* 10.137.1.1 255.255.255.255 UGH 0 0 0 eth0
128.0.0.0 10.9.8.1 128.0.0.0 UG 0 0 0 tun0


And the iptables looks like this:
Code:

Chain INPUT (policy ACCEPT)
target    prot opt source              destination       

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination       
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    all  --  10.9.8.0/24          anywhere           
       
Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination       

iptables -t nat -L

chain PREROUTING (policy ACCEPT)
target    prot opt source              destination       

Chain POSTROUTING (policy ACCEPT)
target    prot opt source              destination       
MASQUERADE  all  --  10.9.8.2            anywhere           

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination


I can ping the tun0 interface from the client/server.
But when i try for example
telnet 12.12.12.12 80 from the client, a tcpdump on the server (on the "internet interface) looks like this:


Code:

19:51:07.868127 IP 10.9.8.2.34251 > 12.12.12.12.www: Flags [S], seq 3575009803, win 14600, options [mss 1366,sackOK,TS val 627596 ecr 0,nop,wscale 6], length 0
19:51:15.883932 IP 10.9.8.2.34251 > 12.12.12.12.www: Flags [S], seq 3575009803, win 14600, options [mss 1366,sackOK,TS val 629600 ecr 0,nop,wscale 6], length 0

19:51:31.915842 IP 10.9.8.2.34251 > 12.12.12.12.www: Flags [S], seq 3575009803, win 14600, options [mss 1366,sackOK,TS val 633608 ecr 0,nop,wscale 6], length 0


Any ideas? :)

nini09 01-07-2013 03:29 PM

If your kernel support iptable policy trace, you can use it to find out which iptable policy cause the issue. It look like iptable policy drop telnet reuqest.

takayama 01-08-2013 03:27 PM

The problem was that i used venet0:0 in the iptables rules (the ifconfig -a confused me), i should have used just venet0.


All times are GMT -5. The time now is 08:12 PM.