OpenVPN server setup

farrukh_arshad · 04-18-2013, 03:20 AM

Greetings All,

First of all I must confess I have no understanding of Linux networking except some basic commands (i.e ifconfig) etc and neither I am a networking person, I am a developer and trying to setup a OpenVPN server. Here is the scenario

I have a server with public IP address (this is outside of my company network) and a client which is on my company network behind a firewall. I want to create a VPN network with my server (which have public ip address) and my client which is in my company LAN behind firewall.

Both are Ubuntu systems. I have installed openvpn on both machines, and running openvpn as following

Code:

VPN Server.
External IP = A.B.C.D
VPN IP = 192.168.1.1

sudo openvpn --dev tun --port 8080 --verb 5 --ifconfig 192.168.1.1 192.168.1.2 --secret staticVPN.key

VPN Client
External IP = DHCP on Company LAN behind Firewall.
VPN IP = 192.168.1.2
sudo openvpn --remote A.B.C.D --dev tun --verb 5 --port 8080 --ifconfig 192.168.1.2 192.168.1.1 --secret staticVPN.key

The problem is when I ping from client -> server or vice versa nothing happens. On the client when I start openvpn I see following line at the end of the log

Code:

UDPv4,ifconfig 192.168.1.2 192.168.1.1,cipher BF-CBC,auth SHA1,keysize 128,secret'
Thu Apr 18 12:53:42 2013 us=336508 Local Options hash (VER=V4): '1da4bff1'
Thu Apr 18 12:53:42 2013 us=336539 Expected Remote Options hash (VER=V4): '36e3af21'
Thu Apr 18 12:53:42 2013 us=336582 Socket Buffers: R=[112640->131072] S=[112640->131072]
Thu Apr 18 12:53:42 2013 us=336609 UDPv4 link local (bound): [undef]
Thu Apr 18 12:53:42 2013 us=336632 UDPv4 link remote: [AF_INET]A.B.C.D:8080
Thu Apr 18 12:55:43 2013 us=255431 NOTE: failed to obtain options consistency info from peer -- this could occur if the remote peer is running a version of OpenVPN before 1.5-beta8 or if there is a network connectivity problem, and will not necessarily prevent OpenVPN from running (0 bytes received from peer, 0 bytes authenticated data channel traffic) -- you can disable the options consistency check with --disable-occ.

It seems to me it has something to do with routing / rules. On the server I have added some rules without any understanding what I am doing but no effect. On the server I did following

Code:

ping 192.168.1.2
tcpdump -i eth0
tcpdump -i tun0

With above I was hoping my ping traffic will be forwarded from tun0 to eth0 to reach the VPN client, but I see nothing related to tun0 on the dump of eth0.

As I have mentioned above it seems to me this has something to do with routing rules / port forwarding on both VPN server & VPN client which I am missing, can anyone suggest something here.

Thank you for your time

Regards,
Farrukh Arshad.

nikmit · 04-19-2013, 05:59 AM

If your client in the company network has a private address, it will be NAT-ed to a public one at the firewall. For OpenVPN to work you will need to forward the relevant ports (I think udp/1194 by default) and add permissions on the firewall.

You can use tcpdump to check that traffic is getting to the server by running it simultaneously on the server and the client:
tcpdump -i eth0 host 192.168.1.2 and udp -n
if you see the packets the client is sending at the server and vice versa you have connectivity.