LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-16-2012, 08:48 PM   #1
dpdpowered83
LQ Newbie
 
Registered: Nov 2012
Location: New Hampshire
Distribution: Ubuntu (Desktop & Server)
Posts: 4

Rep: Reputation: Disabled
Issues accessing inside resources using OpenVPN.


One of my projects I'm working on is creating a Linux (Ubuntu Server 12.10) PC as a Router/Firewall/Gateway (Which is working great!). I'm also going to setup the system to act as a VPN server using OpenVPN. I seemed to be having an issue accessing my server when using the VPN. The steps I've completed:
Installed OpenVPN
Configured certificates for both the server and the client.
Install and configured OpenVPN on a Microsoft Windows 7 (64Bit) system.
On the outside, I've connected, authenticated with the VPN server, and been assigned a IP address.
I can ping and even access the linux system (via SSH and webmin) using the linux system's tunnel address, not it's inside address.
I cannot ping or access any device on the inside.
I'm guessing it's a routing or firewall issue. My issue is that I'm a novice with the linux firewall (iptables) and how to properly permitting VPN clients access to the inside network.
Any suggestions would be great!
 
Old 11-17-2012, 09:53 AM   #2
hamlindsza
Member
 
Registered: Aug 2012
Distribution: Debian, CentOS
Posts: 74

Rep: Reputation: Disabled
Hi,

Check if IP forwarding is enabled:
cat /proc/sys/net/ipv4/ip_forward
1
Add an iptables rule to allow traffic from the OpenVPN tunnel interface usually tun0:
iptables -I FORWARD -i tun0 -j ACCEPT
 
Old 11-18-2012, 08:41 AM   #3
dpdpowered83
LQ Newbie
 
Registered: Nov 2012
Location: New Hampshire
Distribution: Ubuntu (Desktop & Server)
Posts: 4

Original Poster
Rep: Reputation: Disabled
IPv4 is already being forwarded. I've also applied the rule in the iptables, but still no luck.
 
Old 11-18-2012, 10:35 AM   #4
hamlindsza
Member
 
Registered: Aug 2012
Distribution: Debian, CentOS
Posts: 74

Rep: Reputation: Disabled
On the Windows 7 machine, while connecting via OpenVPN client does it show any errors in the onscreen logs?
Run the OpenVPN client as Administrator and post the output of route table (route print)
 
Old 11-18-2012, 12:57 PM   #5
dpdpowered83
LQ Newbie
 
Registered: Nov 2012
Location: New Hampshire
Distribution: Ubuntu (Desktop & Server)
Posts: 4

Original Poster
Rep: Reputation: Disabled
One other thing I notice before I connected is that port 1194 may be blocked, I did a port scan and 1194 isn't responding. Although it's kind of bizarre that my notebook is able to connect to the VPN.

Below is the Win7 route output:

===========================================================================
Interface List
22...00 ff c6 df 4b 83 ......TAP-Windows Adapter V9
9...00 21 9b d6 d9 fc ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controll
er
10...00 21 5c 7d 82 ef ......Intel(R) Wireless WiFi Link 4965AGN
1...........................Software Loopback Interface 1
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.6.1 192.168.6.28 25
10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 30
10.8.0.4 255.255.255.252 On-link 10.8.0.6 286
10.8.0.6 255.255.255.255 On-link 10.8.0.6 286
10.8.0.7 255.255.255.255 On-link 10.8.0.6 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.6.0 255.255.255.0 On-link 192.168.6.28 281
192.168.6.28 255.255.255.255 On-link 192.168.6.28 281
192.168.6.255 255.255.255.255 On-link 192.168.6.28 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.8.0.6 286
224.0.0.0 240.0.0.0 On-link 192.168.6.28 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.8.0.6 286
255.255.255.255 255.255.255.255 On-link 192.168.6.28 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
19 58 ::/0 On-link
1 306 ::1/128 On-link
19 58 2001::/32 On-link
19 306 2001:0:4137:9e76:2854:32c2:3f57:f9e3/128
On-link
22 286 fe80::/64 On-link
19 306 fe80::/64 On-link
22 286 fe80::1e4:2886:91df:67e5/128
On-link
19 306 fe80::2854:32c2:3f57:f9e3/128
On-link
1 306 ff00::/8 On-link
19 306 ff00::/8 On-link
22 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
 
Old 11-18-2012, 01:19 PM   #6
hamlindsza
Member
 
Registered: Aug 2012
Distribution: Debian, CentOS
Posts: 74

Rep: Reputation: Disabled
To check port 1194 is open, telnet <vpn-server-ip> 1194

From your route table output: There's no default route being added by the OpenVPN client.

Exit the OpenVPN client. Right click on the OpenVPN icon and Select Run as administrator. This should enable OpenVPN client to add a default route through the VPN tunnel.
 
Old 11-18-2012, 01:35 PM   #7
dpdpowered83
LQ Newbie
 
Registered: Nov 2012
Location: New Hampshire
Distribution: Ubuntu (Desktop & Server)
Posts: 4

Original Poster
Rep: Reputation: Disabled
Before I launched the VPN client, I selected "Run as Administrator". As for the port, it seems to be block. Connecting via putty closes the window, and Microsoft telnet fails to connect when specifying port 1194.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How much router resources are needed for OpenVPN at 50 Mbit/s? foyonoro Linux - Hardware 3 12-30-2010 04:16 PM
How does OpenVPN Linux server issues IP and netmask to OpenVPN clients on Windows XP pssompura Linux - Networking 0 12-24-2009 03:42 AM
openVPN not routing inside LAN deibertine Linux - Server 5 10-05-2009 04:19 AM
LXer: Accessing Windows Resources from a Linux Desktop LXer Syndicated Linux News 0 10-04-2006 11:54 AM
Strange Delay when Accessing Internet Resources RAdams Linux - Networking 4 08-28-2006 10:38 AM


All times are GMT -5. The time now is 09:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration