Koozali.org: home of the SME Server

Obsolete Releases => SME 9.x Contribs => Topic started by: nicolatiana on March 13, 2020, 02:53:43 PM

Title: OpenVpn - Routing problem - (SOLVED)
Post by: nicolatiana on March 13, 2020, 02:53:43 PM

I've configured OpenVpn in four server without problem (except the certificate incident of the previous post  :-? ).


The fifth is giving me headache: I can connect but from the windows client I'm only able to ping/connect the server itself, not other devices of the remote LAN.
I'm convinced it's not an OpenVpn problem but something concerning routing at core server level but I can't find a solution.
My brain is smoking and my eyes are tired ..... any idea for troubleshooting is welcomed  :oops:

Title: Re: OpenVpn - Routing problem
Post by: ReetP on March 13, 2020, 03:11:23 PM

Quote from: nicolatiana on March 13, 2020, 02:53:43 PM

My brain is smoking and my eyes are tired ..... any idea for troubleshooting is welcomed  :oops:

Hahahaha join the rest of us..

So what settings have you got - where are you trying to ping to and from? Are these bridged, routed?

Are you bouncing around networks and need ccd files?

A bit more detail might help here...

(and come and speak to us on Rocket.Chat...)

Title: Re: OpenVpn - Routing problem
Post by: nicolatiana on March 13, 2020, 03:14:21 PM

Quote from: ReetP on March 13, 2020, 03:11:23 PM

Hahahaha join the rest of us..

So what settings have you got - where are you trying to ping to and from? Are these bridged, routed?

Are you bouncing around networks and need ccd files?

A bit more detail might help here...

(and come and speak to us on Rocket.Chat...)  :-D :-D :-D :-D

As soon as I finish another headache I post details about VPN server config and others ....  8)

Title: Re: OpenVpn - Routing problem
Post by: nicolatiana on March 13, 2020, 11:08:48 PM

OpenVPN config server-side up & running:

Quote

[root@icissmb ~]# config show openvpn-bridge
openvpn-bridge=service
    ConfigRequired=disabled
    CrlUrl=http://localhost:940/phpki/index.php?stage=dl_crl_pem
    UDPPort=1194
    access=public
    clientToClient=enabled
    endPool=192.168.0.195
    management=localhost:11194:fymKoRFjWlNt5rRcFXOzdFyLA
    maxClients=20
    redirectGW=always
    startPool=192.168.0.155
    status=enabled
    tapIf=tap0
    userAuth=CrtOnly

OpenVPN client .ovpn file:

Quote

rport 1194
proto udp
dev tap
nobind

# Uncomment the following line if your system
# support passtos (not supported on Windows)
# passtos

remote sogo.icis.it

tls-client
remote-cert-tls server

# Replace user.p12 with the certificate
# bundle in PKCS12 format
pkcs12 info-open-vpn-bridge.p12

# You can replace the pkcs12
# directive with the old ones
#ca cacert.pem
#cert user.pem
#key user-key.pem

mtu-test
comp-lzo
pull

Server hosting OpenVPN bridge runs on 192.168.0.0, single network card, server-only mode, behind a router natting port 1194 udp to server (192.168.0.127), DG for the server is 192.168.0.240 (the router), DNS server info left empty.

The client I'm connecting from runs on 192.168.35.0

I can connect with OpenVPN client form Windows client, I get 192.168.0.155 IP, then from a dos task I can ping 192.168.0.127 but any other adress on 192.168.0.0 is unreachable.
I suppose something faulty in routing but I can't find what.

The same config (appearently the same) is working fine in four other servers.  :(

Title: Re: OpenVpn - Routing problem - SOLVED
Post by: nicolatiana on March 16, 2020, 01:52:42 PM

Solved - Nothing wrong in configuration but ... :
The troubled server is a VM on ESXI 6.5U2, the working ones are phisycal.
This post:
https://forums.openvpn.net/viewtopic.php?t=21192 (https://forums.openvpn.net/viewtopic.php?t=21192)
gave me the right path (the user had a VM with OpenVPN in a OVirt environment).

Quote

Re: OVPN Bridge Mode - No LAN Access
Post by cboggio » Sun Mar 06, 2016 8:50 pm
I solved the problem. The OVirt virtualized environment where I deployed this machine requires special properties be added to any physical bridge port on which a guest will be utilizing bridging of Ethernet interfaces. Promiscuous mode must be enable at the hyperviser level for the bridge to work on the guest. VMware is the same way.
...

I enabled promiscuous mode on the virtual switch of the hypervisor and now I'm able to reach all pheripherals/pc over the remote LAN.
Now I can park my brain in the ice for a few ....
 :-D

Title: Re: OpenVpn - Routing problem
Post by: ReetP on March 16, 2020, 02:07:18 PM

Excellent and well done!

Title: Re: OpenVpn - Routing problem - (SOLVED)
Post by: nicolatiana on March 16, 2020, 03:10:47 PM

Marked as "Solved"

Title: Re: OpenVpn - Routing problem - (SOLVED)
Post by: TerryF on March 16, 2020, 08:17:33 PM

Well worth a small note in the wiki somewhere, just the thing that can drive you to drink :-)

Title: Re: OpenVpn - Routing problem - (SOLVED)
Post by: nicolatiana on March 17, 2020, 12:48:09 AM

 :(  no glory for me ..... in the wiki page of the contrib there was already a small note about generic problem concerning Vmware and OpenVPN. And I missed it ......
Anyhow I've improved the explanation, put two pictures and corrected some paragraph numbering.

https://wiki.contribs.org/OpenVPN_Bridge#Notes (https://wiki.contribs.org/OpenVPN_Bridge#Notes)
Sending myself behind the blackboard :hammer:

Title: Re: OpenVpn - Routing problem - (SOLVED)
Post by: ReetP on March 17, 2020, 01:10:39 AM

:lol: :lol: :lol: :lol:

Title: Re: OpenVpn - Routing problem - (SOLVED)
Post by: TerryF on March 17, 2020, 01:25:09 AM

Quote from: nicolatiana on March 17, 2020, 12:48:09 AM

https://wiki.contribs.org/OpenVPN_Bridge#Notes (https://wiki.contribs.org/OpenVPN_Bridge#Notes)
Sending myself behind the blackboard :hammer:

Better to be  :pint: :-) and thanks