| View previous topic :: View next topic |
| Author |
Message |
skorefish
Apprentice
Joined: 21 Jun 2015
Posts: 285
|
|
| Back to top |
|
 |
depontius
Advocate
Joined: 05 May 2004
Posts: 3525
|
 Posted: Mon Feb 01, 2016 4:29 pm Post subject: |
 |
|
I believe I may have seen messages like that before, I can't remember now. This is a message from your client, so start the client and then run "netstat -Nr" to see what your routing tables look like. If you see the routes you're expecting, try it out. I'm not sure about this, but "started, but inactive" might mean that the tunnel is created, but not currently being used. I'll defer to other opinions on this, but so far there appear to be none.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
skorefish
Apprentice
Joined: 21 Jun 2015
Posts: 285
|
| Posted: Tue Feb 02, 2016 1:53 pm Post subject: |
|
|
Kernel IP routing table
| Code: |
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 enp5s1
10.100.0.1 10.100.0.5 255.255.255.255 UGH 0 0 0 tun0
10.100.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp5s1
|
I can not ping 10.100.0.5 , is there something wrong with this table? |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3525
|
| Posted: Tue Feb 02, 2016 4:24 pm Post subject: |
|
|
| skorefish wrote: | Kernel IP routing table
| Code: |
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 enp5s1
10.100.0.1 10.100.0.5 255.255.255.255 UGH 0 0 0 tun0
10.100.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp5s1
|
I can not ping 10.100.0.5 , is there something wrong with this table? |
That third line doesn't look right to me, but I'm not certain. I'd have to look at one of my systems with OpenVPN running, to tell. I may have to bring my personal laptop to work tomorrow, connect on the vistors' network, and start OpenVPN to tell.
That is, unless someone else has better advice before then.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
skorefish
Apprentice
Joined: 21 Jun 2015
Posts: 285
|
| Posted: Tue Feb 02, 2016 4:55 pm Post subject: |
|
|
| depontius wrote: | | skorefish wrote: | Kernel IP routing table
| Code: |
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 enp5s1
10.100.0.1 10.100.0.5 255.255.255.255 UGH 0 0 0 tun0
10.100.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp5s1
|
I can not ping 10.100.0.5 , is there something wrong with this table? |
That third line doesn't look right to me, but I'm not certain. I'd have to look at one of my systems with OpenVPN running, to tell. I may have to bring my personal laptop to work tomorrow, connect on the vistors' network, and start OpenVPN to tell.
That is, unless someone else has better advice before then. |
thanks a lot for that !!!
when I run ifconfig I get
| Code: |
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.100.0.6 netmask 255.255.255.255 destination 10.100.0.5
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 14 bytes 1984 (1.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 50 bytes 5064 (4.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
this confuses me... When I run ssh root@10.100.0.6
I log in to the client sshd and not the one of the server running through the tunnel |
|
| Back to top |
|
|
skorefish
Apprentice
Joined: 21 Jun 2015
Posts: 285
|
| Posted: Tue Feb 02, 2016 8:53 pm Post subject: |
|
|
I think I found a test
vpn server on:
| Code: |
lenovo ~ # tracepath 10.100.0.1
1?: [LOCALHOST] pmtu 1500
1: 10.100.0.1 0.894ms reached
1: 10.100.0.1 0.785ms reached
Resume: pmtu 1500 hops 1 back 64
|
| Code: |
vpn server off
lenovo ~ # tracepath 10.100.0.1
1?: [LOCALHOST] pmtu 1500
1: no reply
^C
|
but :
| Code: | ssh root@10.100.0.1
ssh: connect to host 10.100.0.1 port 22: Connection refused
|
Why is this ? |
|
| Back to top |
|
|
audiodef
Watchman
Joined: 06 Jul 2005
Posts: 6656
Location: The soundosphere
|
|
| Back to top |
|
|
audiodef
Watchman
Joined: 06 Jul 2005
Posts: 6656
Location: The soundosphere
|
|
| Back to top |
|
|
skorefish
Apprentice
Joined: 21 Jun 2015
Posts: 285
|
| Posted: Tue Feb 02, 2016 11:03 pm Post subject: |
|
|
The tunnel is working and so is ssh
i put-> ListenAddress 0.0.0.0 -> /etc/ssh/ssd_config
maybe not the safest solution but 4 today i'm happy, maybe i can use the tunnel address  |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3525
|
| Posted: Wed Feb 03, 2016 2:23 pm Post subject: |
|
|
Testing on my known-working laptop.
| Code: | localhost ~ # /etc/init.d/openvpn start
* Starting openvpn...
* WARNING: You are dropping root privileges!
* As such openvpn may not be able to change ip, routing
* or DNS configuration. [ ok ]
* WARNING: openvpn.edgehp has started, but is inactive
localhost ~ # netstat -Nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.61.144.1 0.0.0.0 UG 0 0 0 wlan0
10.61.144.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.nn.1 192.168.nn.129 255.255.255.255 UGH 0 0 0 tun0
192.168.nn.129 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.nx.1 192.168.nn.129 255.255.255.255 UGH 0 0 0 tun0
192.168.ny.0 192.168.nn.129 255.255.255.0 UG 0 0 0 tun0
192.168.nz.0 192.168.nn.129 255.255.255.0 UG 0 0 0 tun0
localhost ~ # |
I also connected to my internal mail server and sshed to one of my (not the VPN endpoint) machines. I also push a few extra routes, so I can get to my LAN, my DMZ, and my cable modem.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
|
Networking & Security
