#StackBounty: #networking #openvpn #remote-access #subnet Connect to connected OpenVPN client from different subnet

Bounty: 50

I have a machine running Xubuntu 17.04 that is connected as a client to a VPN via OpenVPN (2.3.11). When I have the client connected, I can access the machine remotely via SSH and VNC if I am on the same subnet (my LAN subnet, 192.168.1.0/24). I can not access it from my wireless subnet, 192.168.2.1/24. If I disconnect from OpenVPN I can connect from the wireless subnet. I do not have access to the server to make config changes as this is a paid VPN service. Is there a way to allow the incoming connection from multiple subnets while OpenVPN is running?


Get this bounty!!!

#StackBounty: #networking #virtualbox #vpn #routing #openvpn Route VM traffic through VPN, but not host traffic

Bounty: 50

I have a VPN service that I pay for, and I would like to route traffic for a (virtual box) virtual machine thorough it, but not traffic from the (linux) host.

The VPN service uses openvpn. I have a bunch of configuration files to let me connect to different servers. I can change the type of interface (tun/tap).

From what I’ve read, it seems that I need to create a bridge between tap0 and vboxnet0 (the host-only virtualbox interface). I tried a few solutions for this, but nothing seems to have worked. I fear some iptables foo might be necessary, but I don’t even know where to start with that.

Any help or even a prod in the right direction will be very much appreciated.


Get this bounty!!!

#StackBounty: #linux #proxy #openvpn #connection OpenVPN – Drop connection on header

Bounty: 50

I need ths behaviour When connecting to a special website from my client, I would like to receive a blank page as a result. For example if I connect to serverfault.com, I receive a blank page, but if I connect to google.com, I have the good website.

I’m currently using the following config:
Server 1: Client
Server 2: OpenVPN
Server 3: Proxy
Server 4: Website

The client connects to the website via curl using the proxy but the server itself is configured to use the VPN. So it simply does server 1 -> server 2 -> server 3 -> website.

I can’t modify server 3 (a proxy provider) neither server 4 (could be whatever website). I need to configure something on server 1 or server 2.

I was thinking to add an header to my request (for example: SPECIALCONNECTION: Drop), and the server 2 check if I have this header. If it is present, it just drop the connection and return a blank page. But I don’t see a way to configure OpenVPN easily to do this, so any ideas are welcome. 🙂


Get this bounty!!!

#StackBounty: #linux #networking #routing #openvpn #ipv4 OpenVPN with multiple routing tables

Bounty: 50

I am using a openvpn client, with my default configuration the default GW is overwritten. (redirect gateway on the server)
I have 2 routing tables on my linux client, 1 (default eth0), 100 = tun0 which is added by my up script.
What i need is to have split routing using 2 different routing tables.

openvpn client config:

client
dev tun
proto udp
remote blea.com
auth-user-pass
persist-key
persist-tun
remote-cert-tls server
reneg-sec 0
keepalive 10 60
route-nopull
pull-filter ignore "ifconfig-ipv6"
script-security 2
up /etc/openvpn/route-up.sh
mute-replay-warnings
explicit-exit-notify 3
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2

route-up script:

if [ $(/bin/cat /etc/iproute2/rt_tables | /bin/grep $dev | /usr/bin/wc -l) -eq 0 ]; then
/bin/echo "100 tun0" >> /etc/iproute2/rt_tables

/bin/ip route add default via $route_vpn_gateway dev $dev table $dev

There is 1 problem, when using route-nopull the $route_vpn_gateway environment variable is not populated.
When i disable route-nopull the default gateway on my default routing table is overwritten so all the traffic goes through the tunnel.
I have no access to the server so i cannot change anything there.
The default GW which i get served by the OpenVPN server is dynamic, so i cannot set this static.

How to get around this?


Get this bounty!!!

#StackBounty: #networking #router #vpn #openvpn ASUS RT-AC68U in LAN without WAN, how to use OpenVPN?

Bounty: 50

My setup

Fritz!box 7490

  • Main router and modem
  • IP: 192.168.178.1

ASUS RT-AC68U (Firmware: Asuswrt-Merlin 380.66_4)

  • Connected with LAN port
  • Here I disable the DHCP and WAN (the cables is connected on LAN port).
  • IP: 192.168.178.2

Conditions

  • The devices can connect on Fritz!box and/or on Asus
  • The Fritz!box does not have the ability to use OpenVPN.
  • The Asus can use OpenVPN Client but can’t connect without the WAN (wrong?).
  • I don’t want to split my lan in two IP family.

Question

I just want some IP pass through VPN (and I know it’s possible with the VPN rules of routing).
This is the simple rule:enter image description here

How can I fix the problem of VPN without WAN continuing to say “connecting”? And is this configuration possible? How should I configure it?
Thanks !


Log

    Jun 17 11:45:05 rc_service: httpd 5645:notify_rc start_vpnclient1
    Jun 17 11:45:08 openvpn[6148]: OpenVPN 2.4.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 26 2017
    Jun 17 11:45:08 openvpn[6148]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.08
    Jun 17 11:45:08 openvpn[6149]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun 17 11:45:08 openvpn[6149]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jun 17 11:45:08 openvpn[6149]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jun 17 11:45:08 openvpn[6149]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:443
    Jun 17 11:45:08 openvpn[6149]: Socket Buffers: R=[122880->122880] S=[122880->122880]
    Jun 17 11:45:08 openvpn[6149]: UDP link local: (not bound)
    Jun 17 11:45:08 openvpn[6149]: UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:443
    Jun 17 11:45:08 openvpn[6149]: write UDP: Network is unreachable (code=101)
    Jun 17 11:45:08 openvpn[6149]: Network unreachable, restarting
    Jun 17 11:45:08 openvpn[6149]: SIGUSR1[soft,network-unreachable] received, process restarting


Get this bounty!!!

#StackBounty: #networking #openvpn #vpn Why can I not connect to an OpenVPN server's LAN interface over the tunnel?

Bounty: 50

I setup OpenVPN between my work and my home. It’s using certificates (not pre-shared keys), is in tun mode, and works great. The networks look like this:

Diagram

I have proper routes setup to send traffic back and forth, and the client has no problems talking to either 192.168.80.1 (the server’s tunnel IP), or anything on the 192.168.5.0/24 (work) network, which is great.

The one problem I’m having is that the client can not talk to, or ping 192.168.5.10 (the server’s IP on the work network).

iptables isn’t blocking anything. Is there some OpenVPN security setting, or Linux setting I’m missing?


Get this bounty!!!

#StackBounty: #networking #openvpn #vpn Why can I not connect to an OpenVPN server's LAN interface over the tunnel?

Bounty: 50

I setup OpenVPN between my work and my home. It’s using certificates (not pre-shared keys), is in tun mode, and works great. The networks look like this:

Diagram

I have proper routes setup to send traffic back and forth, and the client has no problems talking to either 192.168.80.1 (the server’s tunnel IP), or anything on the 192.168.5.0/24 (work) network, which is great.

The one problem I’m having is that the client can not talk to, or ping 192.168.5.10 (the server’s IP on the work network).

iptables isn’t blocking anything. Is there some OpenVPN security setting, or Linux setting I’m missing?


Get this bounty!!!

#StackBounty: #networking #openvpn #vpn Why can I not connect to an OpenVPN server's LAN interface over the tunnel?

Bounty: 50

I setup OpenVPN between my work and my home. It’s using certificates (not pre-shared keys), is in tun mode, and works great. The networks look like this:

Diagram

I have proper routes setup to send traffic back and forth, and the client has no problems talking to either 192.168.80.1 (the server’s tunnel IP), or anything on the 192.168.5.0/24 (work) network, which is great.

The one problem I’m having is that the client can not talk to, or ping 192.168.5.10 (the server’s IP on the work network).

iptables isn’t blocking anything. Is there some OpenVPN security setting, or Linux setting I’m missing?


Get this bounty!!!

#StackBounty: #networking #openvpn #vpn Why can I not connect to an OpenVPN server's LAN interface over the tunnel?

Bounty: 50

I setup OpenVPN between my work and my home. It’s using certificates (not pre-shared keys), is in tun mode, and works great. The networks look like this:

Diagram

I have proper routes setup to send traffic back and forth, and the client has no problems talking to either 192.168.80.1 (the server’s tunnel IP), or anything on the 192.168.5.0/24 (work) network, which is great.

The one problem I’m having is that the client can not talk to, or ping 192.168.5.10 (the server’s IP on the work network).

iptables isn’t blocking anything. Is there some OpenVPN security setting, or Linux setting I’m missing?


Get this bounty!!!

#StackBounty: #networking #openvpn #vpn Why can I not connect to an OpenVPN server's LAN interface over the tunnel?

Bounty: 50

I setup OpenVPN between my work and my home. It’s using certificates (not pre-shared keys), is in tun mode, and works great. The networks look like this:

Diagram

I have proper routes setup to send traffic back and forth, and the client has no problems talking to either 192.168.80.1 (the server’s tunnel IP), or anything on the 192.168.5.0/24 (work) network, which is great.

The one problem I’m having is that the client can not talk to, or ping 192.168.5.10 (the server’s IP on the work network).

iptables isn’t blocking anything. Is there some OpenVPN security setting, or Linux setting I’m missing?


Get this bounty!!!