Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Ok, I've tried to search and haven't found the solution to my particular issue, so here goes. I have a linux server (OpenVPN Virtual Appliance) behind my router, an Apple Airport Extreme. I have enabled port forwarding for UDP 1194, TCP 80, 81, and 443 on my router but I'm still having problems accessing this server from an outside network. I signed up for no-ip.com and I have a domain through them. When I attempt to access the address from an external network, I see my private address come up, but nothing is displayed (because the public network can't translate my private address). This is telling me that the requests are making it to the internal server, but not being returned correctly. Is there maybe something I missed in the configuration of the server?
Please elaborate on what you mean by, "When I attempt to access the address from an external network, I see my private address come up, but nothing is displayed". Are you able to successfully establish a VPN connection and access resources on the VPN host machine? Assuming this is the case, is your problem then how to access other LAN resources?
I'm not connecting to the vpn yet, just trying to get to the web portal built into the openvpn server so Ican sign in and then connect. I type my dns name into the browser, and hit enter, then the address bar shows my internal ip and there is no reply. When i access the site internally, everything loads fine
This sounds like the connection is being blocked. Can you access other ports or resources from outside of your system? What about if you just try to http://<your-current-public-ip> instead of the host name? Do you have a firewall up and are you blocking the port?
The first thing I would do is (as root/sudo) run
netstat -pane | grep 80
and verify what IP your web server process is listening on or on 0.0.0.0 which means all interfaces. Next, would go outside of your LAN and run NMAP against your public IP address and verify that the ports are open. If you can't easily get outside of your network, try an online port scanning tool such as http://www.t1shopper.com/tools/port-scan/ or http://www.canyouseeme.org/
Ok, I had already emailed my ISP and they assured me they don't block port 80. Looks like they lied. I am now trying to run it on TCP 8484, canyouseeme.org confirms it's open, but I'm still not getting a response. OpenVPN has a test built in, described as "The Connectivity Test attempts to determine the public IP address and FQDN (Fully-Qualified Domain Name) corresponding to the IP address: eth0, and also whether or not clients on the Internet will be able to connect to the VPN Server" and it returns a failure with message "Unable to reverse-resolve the public IP address of your Access Server." Is there some kind of hosts file entry I need to modify?
"Unable to reverse-resolve the public IP address of your Access Server."
DNS entries are contained in what are called zones, where the zone defines the IP address and range corresponding to the segment of the network that the DNS server in question is authoritative for. For each zone there is a forward and reverse loopup table. The forward table maps names to addresses and the reverse maps IP addresses to names. A service like no-ip is able to map a domain name to your server's ip address, so for example, when someone queries (e.g. Lamb_Burger.no-ip.com) the DNS server at no-ip will will point them to your server. Note that your server is a subdomain of theirs, hence their DNS is the one that handles queries for your domain. Lets say for example that your public IP is 18.104.22.168 and you do a reverse query your not going to see your domain name. If you get anything at all, it will be the designation of some block of your ISP's set. This is what the message is indicating. However, this isn't strictly necessary to run openVPN, only the forward.
As long as the proper UDP port on which OpenVPN is running is visible to the world and you can access your server by the no-ip name you should be good to go. Having an accessible web page is a pretty good indication that your no-ip is working but is really unrelated to using OpenVPN.
Sorry I was unclear, but I'm accessing the web admin page on my internal network. I'm still unable to connect from an external connection. I may try to remove the router and connect the server directly to the cable modem so I can make sure the server is actually serving pages through port 8484. using the netstat command, I do see it listening from all addresses on this port, but it just doesn't seem like it's responding when a request is sent.
If the port is showing as listening when scanned from an external source, it is a good indication that the connection path through your router to your server is working. If you are still getting connection problems, be sure to check in the application logs for signs of the connection an possible error messages. You can also use a program like TCPDump with a few filters to restrict to the source/destination address, port, etc and see exactly what sort of traffic is being transmitted. You should also make sure that you don't have a problem like multiple gateways (since you mentioned running VPN). If you have multiple gateways, the response to inbound traffic can get lost because your server doesn't have a clear path for the return. Use the route command to see what this looks like.