Make VPN clients visible to each other.

sousacanfly · 02-27-2014, 06:04 PM

I need to access some VMs inside the VPN network, from client-to-client but i can't even ping from client-to-client. Not anymore, i was able yesterday, don't understand what i did.

How can i do this?

I'm using openswan

szboardstretcher · 02-27-2014, 06:20 PM

Is this your network? Do you have full access to troubleshoot the firewalls/routers/servers/vm's?

sousacanfly · 02-27-2014, 07:10 PM

It is my network. I have full access. Are you telling me this behaviour isn't normal?

i forgot to refer, i am accessing the VPN from the outside, and the VM is inside the Lan, but i suppose this has nothing to do with the fact.

szboardstretcher · 02-27-2014, 07:29 PM

You need to go through some troubleshooting steps to see where the problem lies:

Please, please have linux.

first thing is first. Make sure you are not connected to the VPN and do a:

Code:

ifconfig

to see the ip configuration you are using.

Then connect to the VPN and do another to compare the two. You should have a new adapter called tun0 or similar. Now do a route command to check out your setup.

Code:

ip route | column -t

Ping your new gateway to make sure you can get to it.

Code:

ping #gateway ip address#

If you have problems or concerns about any of those steps. Post the output of the step in question. We can work from there.

sousacanfly · 02-27-2014, 07:35 PM

I have the adapter, and the VPN is working properly addressing new IPs to the machines that connect. The problem is, i can't ping other clients, as a client. On the server-side i can ping every client.

I have run the command ip route inside the VM, and can't see other client's IPs, only from the server it shows all IPs.

szboardstretcher · 02-27-2014, 07:42 PM

You misunderstand what routing is.

Ok. Lets try this.

Show me the output of these commands on both ends. You are welcome to obscure the addresses as long as they still logically map correctly.

Code:

ifconfig
ip route
iptables --list

sousacanfly · 02-27-2014, 08:05 PM

Well, after rebooting the machine i can now ping client-to-client again. I am really sorry to bother you, but i don't understand what just happened, so, i will let the outputs here for you to look through.

If you don't mind me asking, is it possible to make the ppp0 IP static, wich is, the one attributed by the VPN?

Server side:

Quote:

$ifconfig

br0 Link encap:Ethernet HWaddr c0:a0:bb:65:c6:29
inet addr:192.168.1.25 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::xxxx:xxxx:fe65:c629/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1013632 errors:0 dropped:0 overruns:0 frame:0
TX packets:1047198 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:562252354 (536.2 MiB) TX bytes:773434539 (737.6 MiB)

eth0 Link encap:Ethernet
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1408825 errors:0 dropped:0 overruns:0 frame:0
TX packets:1270325 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1037889718 (989.8 MiB) TX bytes:861811440 (821.8 MiB)
Interrupt:19 Base address:0xc000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:177365 errors:0 dropped:0 overruns:0 frame:0
TX packets:177365 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:217824320 (207.7 MiB) TX bytes:217824320 (207.7 MiB)

ppp0 Link encap:Point-to-Point Protocol
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:22440 errors:0 dropped:0 overruns:0 frame:0
TX packets:31134 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1267800 (1.2 MiB) TX bytes:26685714 (25.4 MiB)

ppp1 Link encap:Point-to-Point Protocol
inet addr:10.8.0.1 P-t-P:10.8.0.4 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:70 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:95 (95.0 B) TX bytes:4381 (4.2 KiB)

vnet0 Link encap:Ethernet
inet6 addr: xxxx::fc54:xx:xxxx:cfce/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:383746 errors:0 dropped:0 overruns:0 frame:0
TX packets:480035 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:417094079 (397.7 MiB) TX bytes:476154465 (454.0 MiB)

Quote:

$ip route

default via 192.168.1.1 dev br0
10.8.0.2 dev ppp0 proto kernel scope link src 10.8.0.1
10.8.0.3 dev ppp1 proto kernel scope link src 10.8.0.1
xxx.254.0.0/16 dev br0 scope link metric 1000
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.25

Client-side (VIRTUAL MACHINE)

Quote:

$ifconfig

eth0 Link encap:Ethernet
inet end.: 192.168.1.19 Bcast:192.168.1.255 Masc:255.255.255.0
endereço inet6: xxxx::5054:ff:xxxx:cfce/64 Escopo:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Métrica:1
pacotes RX:379 erros:0 descartados:0 excesso:0 quadro:0
Pacotes TX:374 erros:0 descartados:0 excesso:0 portadora:0
colisões:0 txqueuelen:1000
RX bytes:63269 (63.2 KB) TX bytes:45486 (45.4 KB)

lo Link encap:Loopback Local
inet end.: 127.0.0.1 Masc:255.0.0.0
endereço inet6: ::1/128 Escopo:Máquina
UP LOOPBACK RUNNING MTU:65536 Métrica:1
pacotes RX:54 erros:0 descartados:0 excesso:0 quadro:0
Pacotes TX:54 erros:0 descartados:0 excesso:0 portadora:0
colisões:0 txqueuelen:0
RX bytes:4270 (4.2 KB) TX bytes:4270 (4.2 KB)

ppp0 Link encap:Protocolo Ponto-a-Ponto
inet end.: 10.8.0.4 P-a-P:10.8.0.1 Masc:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Métrica:1
pacotes RX:134 erros:0 descartados:0 excesso:0 quadro:0
Pacotes TX:155 erros:0 descartados:0 excesso:0 portadora:0
colisões:0 txqueuelen:3
RX bytes:10841 (10.8 KB) TX bytes:12149 (12.1 KB)

Quote:

$ip route

default dev ppp0 scope link
default via 192.168.1.1 dev eth0 metric 100
10.8.0.1 dev ppp0 proto kernel scope link src 10.8.0.4
xxx.254.0.0/16 dev eth0 scope link metric 1000
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.19 metric 1
192.168.1.25 via 192.168.1.1 dev eth0

sousacanfly · 02-27-2014, 08:09 PM

Oh well, now i can ping the VM from another client inside the VPN, but can't access the internet from the VM. Probably the whole issue is coming from the VM. As i have only The machine i'm working remotely and the VM connected to the VPN, i can't tell you if i have the hability to ping other clients besides the VM.

szboardstretcher · 02-27-2014, 08:17 PM

Well the very first thing that I notice is that the server is using English and your client is using Spanish?

I've had VERY strange problems in the past with Italian contractors trying to connect to my English SSL/VPN appliance.

sousacanfly · 02-27-2014, 08:26 PM

Really? Well, will give it a try and change language.

hehe, it's Portuguese, a bit similar to Spanish.

At VPN preferences, i removed the checkbox from "Obtain DNS server addresses automatically" and on the field "Preferred DNS server" added the IP from the server 192.168.1.25.

Now i can ping the VM from my Mac at home, and access to the internet through the VM.

Thank you very much szboardstretcher! I will search a bit on the static IP from VPN and ask later at the forum if i can't find a solution.