LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-22-2021, 09:43 PM   #31
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,435
Blog Entries: 4

Rep: Reputation: 3376Reputation: 3376Reputation: 3376Reputation: 3376Reputation: 3376Reputation: 3376Reputation: 3376Reputation: 3376Reputation: 3376Reputation: 3376Reputation: 3376

When your computer is running an OpenVPN client, a virtual tun0 device will be created and the remote subnet's traffic will be routed through it: this is how traffic originating on your machine enters the tunnel. Your OpenVPN client software sets up all of the necessary routing rules for you. Anything that is sent through this virtual device winds up in the client process's hands, and vice-versa. ("It's magic ...")

Things become more complicated, routing-wise, when a single computer on the network is running the OpenVPN software in order to serve as a router to a remote network ... for use by other clients who do not have to care how the traffic actually gets there. As far as they're concerned, the remote subnet is "simply, available to me." They're not running any special software: they're just sending traffic to some IP-address and it just gets there. They neither know nor care how it gets there.

These are the scenarios that I was describing.

Last edited by sundialsvcs; 11-22-2021 at 09:46 PM.
 
1 members found this post helpful.
Old 11-22-2021, 11:49 PM   #32
lattimro
Member
 
Registered: Jul 2021
Distribution: BSD-like, Linux-like, slack - 2 days
Posts: 87

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by michaelk View Post
Is the 192.168.1.17 a different physical or virtual machine from the server?

Now days most DHCP implementations will try to assign the same IP address so even though I don't have a reservation in my router all of my devices always have the same address.

Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.0.1        128.0.0.0       UG    0      0        0 tun0
default         ControlPanel.Ho 0.0.0.0         UG    600    0        0 wlp5s0
Since the metric is lower for tun0 then wlp5s0 traffic should be routed through the openvpn tunnel. Since you can ping over the 10.8.0.0 I would guess its working. On the same PC it would be hard to tell.
192.168.1.17 is physical but I tested VM's and same results, good.
I monitored the traffic with ifstat while sending packets through tun0/1/2 and there all good.
 
Old 11-23-2021, 04:36 AM   #33
michaelk
Moderator
 
Registered: Aug 2002
Posts: 22,084

Rep: Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441
With ip forwarding you should be able to view cups web page via the 10.x.x.x address. cups needs to be enabled for lan access but would show you that the vpn is working. If a firewall is running you might to allow tun traffic.
 
Old 11-23-2021, 10:39 AM   #34
lattimro
Member
 
Registered: Jul 2021
Distribution: BSD-like, Linux-like, slack - 2 days
Posts: 87

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by michaelk View Post
Since your public IP is in your client.conf for remote that is what openvpn client will use as the server address. Did you permanently set net.ipv4.ip_forward in your sysctl.conf or just via /proc. You need to set it in sysctl.conf for it to be configured at boot time. You might have to add some iptable rules to forward traffic through the tun interface.
persistent forwarding in sysctl.conf is turn off but /proc/sys/net/ipv4/ip_forward is on which leads me to the conclusion (and someone with more knowledge than me can confirm) that openvpn-server turns the bit to 1 at booting.
 
Old 11-24-2021, 05:29 PM   #35
lattimro
Member
 
Registered: Jul 2021
Distribution: BSD-like, Linux-like, slack - 2 days
Posts: 87

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by michaelk View Post
With ip forwarding you should be able to view cups web page via the 10.x.x.x address. cups needs to be enabled for lan access but would show you that the vpn is working. If a firewall is running you might to allow tun traffic.
localhost:631 OK but 10.8.0.1:631 and 10.8.0.2:631 refuse to connect

Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         ControlPanel.Ho 0.0.0.0         UG    100    0        0 enp4s0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun1
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 enp4s0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp4s0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
magically 128 subnet disappeared

as far I can understand tun0 is the server and tun 1 is the openvpn@client (start at boot). I disabled openvpn-server@client because tied to connect every few seconds and error.

and ping to 10.8.0.1 and 10.8.0.2 OK

also for the first time ping to 8.8.8.8 not dropped when tun1 connected. I do not know if this is good or bad still try to understand the magic

Thanks!

Last edited by lattimro; 11-25-2021 at 07:42 AM.
 
Old 11-25-2021, 11:34 AM   #36
lattimro
Member
 
Registered: Jul 2021
Distribution: BSD-like, Linux-like, slack - 2 days
Posts: 87

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by wpeckham View Post
Look for the address of the OpenVPN server node.
I hope that helps.
I wish I know where to look. Where? Is that the local IP in server.conf?
 
Old 11-25-2021, 12:00 PM   #37
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDo, tinycore, Q4OS,Manjaro
Posts: 4,088

Rep: Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904
Quote:
Originally Posted by lattimro View Post
I wish I know where to look. Where? Is that the local IP in server.conf?
INSIDE the OpenVPN server guest, run
Code:
ip address
Report or record the IPv4 "inet" value, there may be more than one. If there is only one (or only one that is not loopback: not 127.0.0.1) use that.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Error log: upstream timed out (110: Connection timed out) on Nginx nikaway Linux - Server 1 09-30-2015 03:43 PM
[error] (110)Connection timed out: proxy: HTTP: attempt to connect to xx.xx.xx.xx:80 sekarlinux Linux - Server 0 08-14-2015 10:44 AM
[SOLVED] USB: Connection timed out SYS: Connection timed out PeterUK Programming 3 07-18-2013 03:59 AM
Postgresql giving connection timed out because of iptables thatishari Linux - Security 3 07-20-2011 01:23 AM
sendmail - Connection timed out [dsn=4.0.0 stat=Deferred: Connection timed out] ananthak Linux - Software 0 04-24-2007 08:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration