LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-08-2014, 09:17 AM   #1
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,331

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Help setting up VPN - it msostly works, but not everything


I am trying to set up a VPN into my home network. The use will be for remote streaming of movies from my home media server as well as access to files and computers on my home LAN. I have it mostly working, except for a few things I don’t know how to debug. My VPN endpoint (the server) is my home router, running Tomato firmware and OpenVPN. My client end is a laptop running Linux and OpenVPN. My server is setup to use UDP and the TUN interface. And the server directs clients to route all internet traffic through the tunnel. And the server also does a “Push LAN to clients” (I believe this is Tomato-firmware-speak for OpenVPN “advertising the LAN subnet to the VPN clients”). Eventually I want to also set up a secondary VPN server using TCP and TAP, but for now it’s only UDP/TUN (because someday soon the clients will include iPads and Android tablets, and those do not currently support TAP at all).

OK. I can set up the tunnel successfully (the client was logged into the free WiFi at my wife’s workplace for the testing). Once the tunnel is set up, the client can ping the LAN address of my home router and can also ping things inside my home LAN – other computers, printers, etc. Good, the tunnel looks correct at this point. The client can also SSH into one of my home LAN’s Linux boxes via the VPN tunnel. Good, the fact that SSH works implies that the routing is good. Now comes the part I don’t understand. If the client fires up a web browser (Firefox in my case) and tries to access a webserver running inside my home LAN (that webserver is running on the same computer that just had the successful SSH connection), then the browser just spins forever, saying “Connecting…” So next I tried using the client browser to access Google. That request should have gone through the tunnel into my home LAN and then out to Google. That attempt just spun endlessly, same as when I tried to access my internal LAN webserver. Next up I tried a browser connection to my home router itself (the LAN IP address). That should have given me the management interface for the router. It tried, because I was prompted for a login/password for the router. That was more positive than my previous browser connect attempts, at least it shows some kind of connection was successfully made. But after I entered the login/password, THEN the browser just spins endlessly again.

I was testing web access first, because my home media server, Plex, provides a web interface where you can both control the server, and also watch media directly in the web browser. Plex also supports DLNA, but I have not tried testing that yet. And I may not even test it, if I can just use the web browser interface to watch media.

OK. At this point, the tunnel is up, I can ping through it and I can SSH to an internal LAN server through it. But HTTP stuff isn’t working. So next up I tried to access a SAMBA (CIFS) share. This is a share on my home LAN that is provided by another Linux box (my home fileserver). The client was able to successfully mount the share (mount details were entered into /etc/fstab on the client, followed my a “mount /public” command). But when I tried to run “ls” on the /public mountpoint, it hung. Nothing would get me unhung – not ctrl-c, not ~. I had to kill the terminal window on the client. So at this point, CIFS shares aren’t working either.

So I killed the VPN tunnel from the laptop and switched gears. Next up I tried using an iPad as my client. There is an “OpenVPN Connect” app available for the iPad. I used that, and the tunnel came up successfully. Good. I tried the web browser on the iPad (Safari) going to my internal webserver. Same as with the laptop, it just spun endlessly trying to connect. I hadn’t installed any other apps on the iPad that would be useful over the tunnel, so that’s where my testing stopped.

Next up in my testing, probably tomorrow, will be installing a packet sniffer on the client and seeing if I can determine where things are going awry. Don’t know where that might lead me, probably to a dead end with the VPN being encrypted and all that, but I’ll give it a shot anyway. While I won’t be able to read the packets contents, I should be able to track them going over the wire (maybe!)

Does anyone have any idea what could be going wrong here? I have more details if required. On the laptop Linux client I have captures of the routing tables, ifconfig output, traceroutes, etc. I’m not very good at interpreting routing tables but I would think all of that is OK given that SSH through the tunnel to an internal LAN computer worked flawlessly.

Thanks in advance for any help/suggestions.
 
Old 08-09-2014, 04:42 AM   #2
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,787

Rep: Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139
From your description, this could be a DNS issue. (My apologies in advance if I'm on the wrong track here.)

A quick check would be to try pinging hosts on your network by hostname vs IP address. (Check /etc/resolv.conf of the client machine when your VPN connection is established). So, you may need to make sure that your OpenVPN sever is successfully pushing DNS to the client.

Here's just one guide on the subject of OpenVPN server DNS configuration
https://wiki.archlinux.org/index.php/OpenVPN#DNS
 
Old 08-09-2014, 12:27 PM   #3
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,331

Original Poster
Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Wow, you nailed it! Thanks!!!

There is a setting in OpenVPN as implemented on the Tomato router that says "Respond to DNS" and another one that says "Advertise DNS to clients". I checked both of those and things started working. At least the http access thing, I haven't tried the CIFS share yet.

In retrospect, I can see why DNS was the issue (except for one case). When I was coming into my LAN's webserver (using the IP address, not a domain name), that should have worked. But what I didn't take into account was that the specific webpage I was trying to access goes out from the home LAN to the internet at large to get some scripts, and that was getting nuked by lack of DNS. Same thing for when I tried to tunnel in to my LAN and then bounce out to Google. With no DNS, there was no way to find Google. The one case that I don't understand why DNS was required is access to the LAN interface of my router. I was giving it the routers IP address, and then getting prompted for a login/password (good - that was as expected). But after entering the authentication, then the browser hung. That would seem to imply that the router administrative login was trying to do something that required DNS. I don't understand what that would have been. Maybe this is a different issue (I haven't tried access the routers LAN interface since ticking the DNS checkboxes, so it may still be failing - I don't know until I can test again later).

Anyway, adding DNS to the VPN server settings fixed the problem I was trying to solve.

THANKS!!!
 
Old 08-09-2014, 04:39 PM   #4
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,787

Rep: Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139
Glad to have been of help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenSwan VPN only works in one direction Thakowbbery Linux - Networking 2 03-27-2008 01:15 PM
setting a vpn rich_montana Linux - Networking 3 03-29-2006 12:53 AM
[SOLVED] Linux cisco vpn works everywhere except from my intranet dereut Linux - Networking 0 09-22-2005 03:58 AM
Setting up a VPn Drone1 Linux - Networking 3 01-21-2005 07:17 PM
cisco vpn client with kernel 2.6.3 (mdk10) works C++Boar Mandriva 34 12-27-2004 08:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration