LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 01-04-2013, 01:56 PM   #1
takayama
Member
 
Registered: Sep 2009
Posts: 93

Rep: Reputation: 0
Help me troubleshoot my openvpn


Hello
I have a really simple openvpn setup (the server is in a vps i rent), i will use this from my laptop when im at unsecure wireless and stuff like that.
(due to my semi paranoia my public ipaddress is changed to *.

Server:
Code:
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.9.8.1  P-t-P:10.9.8.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1122 errors:0 dropped:0 overruns:0 frame:0
          TX packets:224 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:74344 (72.6 KiB)  TX bytes:16120 (15.7 KiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:46.*.*.*  P-t-P:46.21.104.134  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
Config looks like this:

dev tun0
ifconfig 10.9.8.1 10.9.8.2
secret /etc/openvpn/static.key
log-append /var/log/openvpn.log

route -n looks like this:

10.9.8.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 venet0



Client:

Code:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.137.1.15  netmask 255.255.255.255  broadcast 10.255.255.255
        inet6 fe80::216:3eff:fe5e:6c0d  prefixlen 64  scopeid 0x20<link>
        ether 00:16:3e:5e:6c:0d  txqueuelen 1000  (Ethernet)
        RX packets 48  bytes 5702 (5.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 297  bytes 41482 (40.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 43  

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.9.8.2  netmask 255.255.255.255  destination 10.9.8.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 18  bytes 1584 (1.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 257  bytes 15420 (15.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
Config:

remote 46.*.*.*
dev tun0
ifconfig 10.9.8.2 10.9.8.1
secret /etc/openvpn/static.key
redirect-gateway def1

route -n looks like this:

0.0.0.0 10.9.8.1 128.0.0.0 UG 0 0 0 tun0
10.9.8.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.137.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
46.*.*.* 10.137.1.1 255.255.255.255 UGH 0 0 0 eth0
128.0.0.0 10.9.8.1 128.0.0.0 UG 0 0 0 tun0


And the iptables looks like this:
Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     all  --  10.9.8.0/24          anywhere            
        
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

iptables -t nat -L

chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  10.9.8.2             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I can ping the tun0 interface from the client/server.
But when i try for example
telnet 12.12.12.12 80 from the client, a tcpdump on the server (on the "internet interface) looks like this:


Code:
19:51:07.868127 IP 10.9.8.2.34251 > 12.12.12.12.www: Flags [S], seq 3575009803, win 14600, options [mss 1366,sackOK,TS val 627596 ecr 0,nop,wscale 6], length 0
19:51:15.883932 IP 10.9.8.2.34251 > 12.12.12.12.www: Flags [S], seq 3575009803, win 14600, options [mss 1366,sackOK,TS val 629600 ecr 0,nop,wscale 6], length 0

19:51:31.915842 IP 10.9.8.2.34251 > 12.12.12.12.www: Flags [S], seq 3575009803, win 14600, options [mss 1366,sackOK,TS val 633608 ecr 0,nop,wscale 6], length 0

Any ideas?
 
Old 01-07-2013, 03:29 PM   #2
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,058

Rep: Reputation: 88
If your kernel support iptable policy trace, you can use it to find out which iptable policy cause the issue. It look like iptable policy drop telnet reuqest.
 
Old 01-08-2013, 03:27 PM   #3
takayama
Member
 
Registered: Sep 2009
Posts: 93

Original Poster
Rep: Reputation: 0
The problem was that i used venet0:0 in the iptables rules (the ifconfig -a confused me), i should have used just venet0.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Directing OpenVPN client's traffic through the OpenVPN server mohtasham1983 Linux - Networking 1 01-17-2012 07:44 PM
OpenVPN assigning public & static IPs to pcs/devices behind an OpenVPN client dgonzalezh Linux - Networking 6 07-18-2010 10:50 AM
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 03:20 AM
How does OpenVPN Linux server issues IP and netmask to OpenVPN clients on Windows XP pssompura Linux - Networking 0 12-24-2009 03:42 AM
Error When converting Routing OpenVPN to bridge mode openvpn danmartinj Linux - Software 0 11-06-2009 10:23 AM


All times are GMT -5. The time now is 11:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration