Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a problem. I have two local networks and whant connect they using openvpn. One network "server" based on debian. As another server used asus wl500gp-v2. On debian machine installed openvpn server, on router - client. Openvpn works perfect, connection working. Also I can connect to network behind debian machine.
About problem - I can't reach machines behind asus router. So routing between tunnel->local_network not working.
My configuration:
Debian_local_network: 10.0.10.0/24
Openvpn network: 172.17.1.0/24
Router_local_network: 172.16.2.0/24
traceroute to 172.16.2.2 (172.16.2.2), 64 hops max, 52 byte packets
1 10.0.10.1 (10.0.10.1) 0.342 ms 0.149 ms 0.117 ms
2 172.17.1.2 (172.17.1.2) 129.724 ms 121.094 ms 133.179 ms
3 * * *
4 * * *
5 * * *
.............
from router network to debian network
Code:
traceroute to 10.0.10.2 (10.0.10.2), 30 hops max, 38 byte packets
1 172.16.2.1 (172.16.2.1) 1.342 ms 1.150 ms 1.120 ms
2 172.17.1.1 (172.17.1.1) 152.326 ms 128.610 ms 148.166 ms
3 10.0.10.2 (10.0.10.2) 199.190 ms 149.686 ms 158.252 ms
Router used in gateway mode (3g connection to internet, openvpn runs from init.d script)
Let me confirm something your VPN server network is behind Debian (172.17.1.1). Your sever network is 10.0.10.0/24. You can reach to 10.0.10.2 private server(based on the traceroute).
Can you access like web server at 10.0.10.2?
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
62 4028 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0 state NEW
529 39012 ACCEPT tcp -- tun0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
4 326 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
19285 2234K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
22226 7833K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
2474 187K SECURITY all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 SECURITY all -- vlan1 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
98 4540 BRUTE tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 flags:0x17/0x02
25 900 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:33434:33534
2345 182K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 892 packets, 68531 bytes)
pkts bytes target prot opt in out source destination
217 16069 ACCEPT tcp -- * * 0.0.0.0/0 172.16.2.2 tcp dpt:64694
93 8225 ACCEPT udp -- * * 0.0.0.0/0 172.16.2.2 udp dpt:64694
0 0 ACCEPT all -- * * 10.10.10.0/24 0.0.0.0/0
17 1428 ACCEPT all -- * * 172.17.1.0/24 0.0.0.0/0
6269 456K ACCEPT all -- tun0 br0 0.0.0.0/0 0.0.0.0/0
6735 6071K ACCEPT all -- br0 tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
2873 147K TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
169K 102M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP all -- !br0 ppp0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- !br0 vlan1 0.0.0.0/0 0.0.0.0/0
765 38805 SECURITY all -- !br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT tcp -- * br0 0.0.0.0/0 0.0.0.0/0 tcp spt:3389 dpt:3389
765 38805 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT
0 0 DROP all -- * br0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 43020 packets, 17M bytes)
pkts bytes target prot opt in out source destination
Chain BRUTE (1 references)
pkts bytes target prot opt in out source destination
36 1808 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 recent: UPDATE seconds: 600 hit_count: 3 name: BRUTE side: source
62 2732 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 recent: SET name: BRUTE side: source
Chain MACS (0 references)
pkts bytes target prot opt in out source destination
Chain SECURITY (3 references)
pkts bytes target prot opt in out source destination
2416 122K RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5
792 103K RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5
25 900 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5
6 360 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logaccept (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix `ACCEPT '
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix `DROP '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
netstat -nr
Code:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.25.6.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
172.16.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.0.10.0 172.17.1.1 255.255.255.0 UG 0 0 0 tun0
172.17.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 172.25.6.2 0.0.0.0 UG 0 0 0 ppp0
tcpdump can't add at this moment - machine more than 20km fom me. Also when I added port forwarding rule in router web I can connect to this port on 172.16.2.2. So seems as firewall rules blocking incoming connections.
Am I right to say that you port forward to the port 64694? Since you can port forward 64694, if your 172.16.2.2 is linux box, you should port forward ssh port too.
At router,
Code:
iptables -t nat -vnL
Once you can access to 172.16.2.2, let me have iptables and routing table of that box.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.