LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-21-2012, 08:05 PM   #1
Lamb_Burger
LQ Newbie
 
Registered: Mar 2012
Posts: 5

Rep: Reputation: Disabled
Issues with OpenVPN Server behind (non Linux) NAT


Ok, I've tried to search and haven't found the solution to my particular issue, so here goes. I have a linux server (OpenVPN Virtual Appliance) behind my router, an Apple Airport Extreme. I have enabled port forwarding for UDP 1194, TCP 80, 81, and 443 on my router but I'm still having problems accessing this server from an outside network. I signed up for no-ip.com and I have a domain through them. When I attempt to access the address from an external network, I see my private address come up, but nothing is displayed (because the public network can't translate my private address). This is telling me that the requests are making it to the internal server, but not being returned correctly. Is there maybe something I missed in the configuration of the server?
 
Old 03-22-2012, 02:48 PM   #2
Lamb_Burger
LQ Newbie
 
Registered: Mar 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
Nothing? I can't see anything in the limited logs on the router, and i don't know where to look on the appliance. I'm also not exactly sure what I should be looking for.
 
Old 03-22-2012, 04:27 PM   #3
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
Please elaborate on what you mean by, "When I attempt to access the address from an external network, I see my private address come up, but nothing is displayed". Are you able to successfully establish a VPN connection and access resources on the VPN host machine? Assuming this is the case, is your problem then how to access other LAN resources?
 
Old 03-22-2012, 04:35 PM   #4
Lamb_Burger
LQ Newbie
 
Registered: Mar 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
I'm not connecting to the vpn yet, just trying to get to the web portal built into the openvpn server so Ican sign in and then connect. I type my dns name into the browser, and hit enter, then the address bar shows my internal ip and there is no reply. When i access the site internally, everything loads fine
 
Old 03-22-2012, 04:53 PM   #5
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
This sounds like the connection is being blocked. Can you access other ports or resources from outside of your system? What about if you just try to http://<your-current-public-ip> instead of the host name? Do you have a firewall up and are you blocking the port?

The first thing I would do is (as root/sudo) run
Code:
netstat -pane | grep 80
and verify what IP your web server process is listening on or on 0.0.0.0 which means all interfaces. Next, would go outside of your LAN and run NMAP against your public IP address and verify that the ports are open. If you can't easily get outside of your network, try an online port scanning tool such as http://www.t1shopper.com/tools/port-scan/ or http://www.canyouseeme.org/
 
Old 03-22-2012, 07:36 PM   #6
Lamb_Burger
LQ Newbie
 
Registered: Mar 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
Ok, I had already emailed my ISP and they assured me they don't block port 80. Looks like they lied. I am now trying to run it on TCP 8484, canyouseeme.org confirms it's open, but I'm still not getting a response. OpenVPN has a test built in, described as "The Connectivity Test attempts to determine the public IP address and FQDN (Fully-Qualified Domain Name) corresponding to the IP address: eth0, and also whether or not clients on the Internet will be able to connect to the VPN Server" and it returns a failure with message "Unable to reverse-resolve the public IP address of your Access Server." Is there some kind of hosts file entry I need to modify?
 
Old 03-23-2012, 05:27 AM   #7
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
Quote:
"Unable to reverse-resolve the public IP address of your Access Server."
DNS entries are contained in what are called zones, where the zone defines the IP address and range corresponding to the segment of the network that the DNS server in question is authoritative for. For each zone there is a forward and reverse loopup table. The forward table maps names to addresses and the reverse maps IP addresses to names. A service like no-ip is able to map a domain name to your server's ip address, so for example, when someone queries (e.g. Lamb_Burger.no-ip.com) the DNS server at no-ip will will point them to your server. Note that your server is a subdomain of theirs, hence their DNS is the one that handles queries for your domain. Lets say for example that your public IP is 12.34.56.78 and you do a reverse query your not going to see your domain name. If you get anything at all, it will be the designation of some block of your ISP's set. This is what the message is indicating. However, this isn't strictly necessary to run openVPN, only the forward.

As long as the proper UDP port on which OpenVPN is running is visible to the world and you can access your server by the no-ip name you should be good to go. Having an accessible web page is a pretty good indication that your no-ip is working but is really unrelated to using OpenVPN.
 
Old 03-23-2012, 11:50 AM   #8
Lamb_Burger
LQ Newbie
 
Registered: Mar 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
Sorry I was unclear, but I'm accessing the web admin page on my internal network. I'm still unable to connect from an external connection. I may try to remove the router and connect the server directly to the cable modem so I can make sure the server is actually serving pages through port 8484. using the netstat command, I do see it listening from all addresses on this port, but it just doesn't seem like it's responding when a request is sent.
 
Old 03-24-2012, 08:15 AM   #9
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
If the port is showing as listening when scanned from an external source, it is a good indication that the connection path through your router to your server is working. If you are still getting connection problems, be sure to check in the application logs for signs of the connection an possible error messages. You can also use a program like TCPDump with a few filters to restrict to the source/destination address, port, etc and see exactly what sort of traffic is being transmitted. You should also make sure that you don't have a problem like multiple gateways (since you mentioned running VPN). If you have multiple gateways, the response to inbound traffic can get lost because your server doesn't have a clear path for the return. Use the route command to see what this looks like.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN behind NAT mfons Linux - Networking 3 05-13-2011 01:56 AM
[SOLVED] nat forward openvpn qwertyjjj Linux - Newbie 8 01-08-2010 05:51 AM
How does OpenVPN Linux server issues IP and netmask to OpenVPN clients on Windows XP pssompura Linux - Networking 0 12-24-2009 03:42 AM
Will IPTables w/ NAT conflict w/ OpenVPN? licht Linux - Security 1 07-19-2007 09:22 PM
Firewall/NAT issues with X-Server w/ SSH forwarding JMCraig Linux - Security 1 01-25-2005 01:51 AM


All times are GMT -5. The time now is 04:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration