LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Issues accessing inside resources using OpenVPN. (https://www.linuxquestions.org/questions/linux-newbie-8/issues-accessing-inside-resources-using-openvpn-4175437501/)

dpdpowered83 11-16-2012 07:48 PM

Issues accessing inside resources using OpenVPN.
 
One of my projects I'm working on is creating a Linux (Ubuntu Server 12.10) PC as a Router/Firewall/Gateway (Which is working great!). I'm also going to setup the system to act as a VPN server using OpenVPN. I seemed to be having an issue accessing my server when using the VPN. The steps I've completed:
Installed OpenVPN
Configured certificates for both the server and the client.
Install and configured OpenVPN on a Microsoft Windows 7 (64Bit) system.
On the outside, I've connected, authenticated with the VPN server, and been assigned a IP address.
I can ping and even access the linux system (via SSH and webmin) using the linux system's tunnel address, not it's inside address.
I cannot ping or access any device on the inside.
I'm guessing it's a routing or firewall issue. My issue is that I'm a novice with the linux firewall (iptables) and how to properly permitting VPN clients access to the inside network.
Any suggestions would be great!

hamlindsza 11-17-2012 08:53 AM

Hi,

Check if IP forwarding is enabled:
cat /proc/sys/net/ipv4/ip_forward
1
Add an iptables rule to allow traffic from the OpenVPN tunnel interface usually tun0:
iptables -I FORWARD -i tun0 -j ACCEPT

dpdpowered83 11-18-2012 07:41 AM

IPv4 is already being forwarded. I've also applied the rule in the iptables, but still no luck.

hamlindsza 11-18-2012 09:35 AM

On the Windows 7 machine, while connecting via OpenVPN client does it show any errors in the onscreen logs?
Run the OpenVPN client as Administrator and post the output of route table (route print)

dpdpowered83 11-18-2012 11:57 AM

One other thing I notice before I connected is that port 1194 may be blocked, I did a port scan and 1194 isn't responding. Although it's kind of bizarre that my notebook is able to connect to the VPN.

Below is the Win7 route output:

===========================================================================
Interface List
22...00 ff c6 df 4b 83 ......TAP-Windows Adapter V9
9...00 21 9b d6 d9 fc ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controll
er
10...00 21 5c 7d 82 ef ......Intel(R) Wireless WiFi Link 4965AGN
1...........................Software Loopback Interface 1
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.6.1 192.168.6.28 25
10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 30
10.8.0.4 255.255.255.252 On-link 10.8.0.6 286
10.8.0.6 255.255.255.255 On-link 10.8.0.6 286
10.8.0.7 255.255.255.255 On-link 10.8.0.6 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.6.0 255.255.255.0 On-link 192.168.6.28 281
192.168.6.28 255.255.255.255 On-link 192.168.6.28 281
192.168.6.255 255.255.255.255 On-link 192.168.6.28 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.8.0.6 286
224.0.0.0 240.0.0.0 On-link 192.168.6.28 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.8.0.6 286
255.255.255.255 255.255.255.255 On-link 192.168.6.28 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
19 58 ::/0 On-link
1 306 ::1/128 On-link
19 58 2001::/32 On-link
19 306 2001:0:4137:9e76:2854:32c2:3f57:f9e3/128
On-link
22 286 fe80::/64 On-link
19 306 fe80::/64 On-link
22 286 fe80::1e4:2886:91df:67e5/128
On-link
19 306 fe80::2854:32c2:3f57:f9e3/128
On-link
1 306 ff00::/8 On-link
19 306 ff00::/8 On-link
22 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

hamlindsza 11-18-2012 12:19 PM

To check port 1194 is open, telnet <vpn-server-ip> 1194

From your route table output: There's no default route being added by the OpenVPN client.

Exit the OpenVPN client. Right click on the OpenVPN icon and Select Run as administrator. This should enable OpenVPN client to add a default route through the VPN tunnel.

dpdpowered83 11-18-2012 12:35 PM

Before I launched the VPN client, I selected "Run as Administrator". As for the port, it seems to be block. Connecting via putty closes the window, and Microsoft telnet fails to connect when specifying port 1194.


All times are GMT -5. The time now is 07:23 PM.