#StackBounty: #ubuntu #ssh #amazon-ec2 #openvpn OpenVPN client on Amazon EC2 leading to SSH disconnect

Bounty: 200

I am running Ubuntu 14.04 on Amazon EC2.. I am trying to connect the EC2 instance to an OpenVPN so the traffic routes through the VPN..

When I do a sudo openvpn --config <config>.ovpn, the SSH connection disconnects, and I am unable to connect to it anymore

Below is the ovpn config file:

setenv FORWARD_COMPATIBLE 1
setenv UV_SERVERID 581
client
dev tun
proto udp
remote 45.64.105.207 8292
nobind
persist-key
persist-tun
ns-cert-type server
key-direction 1
push-peer-info
comp-lzo
explicit-exit-notify
verb 3
mute 20
reneg-sec 86400
mute-replay-warnings
max-routes 1000

Below is the output of the OpenVPN connection or what I last see of it..

Wed Jul 15 10:23:05 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014
Wed Jul 15 10:23:05 2015 Control Channel Authentication: tls-auth using INLINE static key file
Wed Jul 15 10:23:05 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 15 10:23:05 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 15 10:23:05 2015 Socket Buffers: R=[212992->131072] S=[212992->131072]
Wed Jul 15 10:23:05 2015 UDPv4 link local: [undef]
Wed Jul 15 10:23:05 2015 UDPv4 link remote: [AF_INET]182.18.155.184:8292
Wed Jul 15 10:23:05 2015 TLS: Initial packet from [AF_INET]182.18.155.184:8292, sid=c67100ed 4ce7c879
Wed Jul 15 10:23:07 2015 VERIFY OK: depth=1, C=.., ST=.., L=.., O=.., OU=.., CN=ASCA, emailAddress=..
Wed Jul 15 10:23:07 2015 VERIFY OK: nsCertType=SERVER
Wed Jul 15 10:23:07 2015 VERIFY OK: depth=0, C=.., ST=.., L=.., O=.., OU=.., CN=SERVER195, emailAddress=..
Wed Jul 15 10:23:12 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul 15 10:23:12 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 15 10:23:12 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul 15 10:23:12 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 15 10:23:12 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Jul 15 10:23:12 2015 [SERVER195] Peer Connection Initiated with [AF_INET]182.18.155.184:8292
Wed Jul 15 10:23:14 2015 SENT CONTROL [SERVER195]: 'PUSH_REQUEST' (status=1)
Wed Jul 15 10:23:15 2015 PUSH: Received control message: 'PUSH_REPLY,sndbuf 262144,rcvbuf 262144,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,ping 10,ping-restart 90,comp-lzo no,route-gateway 198.18.0.1,topology subnet,ifconfig 198.18.1.134 255.255.240.0'
Wed Jul 15 10:23:15 2015 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jul 15 10:23:15 2015 OPTIONS IMPORT: LZO parms modified
Wed Jul 15 10:23:15 2015 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Wed Jul 15 10:23:15 2015 Socket Buffers: R=[131072->425984] S=[131072->425984]


Get this bounty!!!

#StackBounty: #networking #network-manager #vpn #openvpn How to add openvpn connection in the GUI using .ovpn .p12 and .key files

Bounty: 200

I’m trying to install an openvpn connection on my Ubuntu 18.04 laptop.

From my openvpn provider I got a username/password and a zip containing three files:

myvpn.openvpn
myvpn.p12
myvpn.key

The myvpn.openvpn file looks like this (just replaced the ip address by stars):

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote ***.***.***.*2 1194 udp
verify-x509-name "MyVPN" name
auth-user-pass
pkcs12 myvpn.p12
tls-auth myvpn.key 1
remote-cert-tls server
redirect-gateway def1

I tried connecting from the command line, which works perfectly fine using

sudo openvpn --config myvpn.ovpn

But since I need to connect to this vpn all the time I want to be able to do it using the GUI. So I’m trying to follow this guide on askubuntu, but it doesn’t behave like in the screenshots. When I try to add a new vpn connection in the gui and select the option to “Import from file” and select the .openvpn file it automatically sets things up like this (UI is in Dutch, but I guess most of it should be understandable for English speakers):

enter image description here

The first thing that I noticed is that it selects the .p12 file for the CA-Cert, the User Cert and the User Private Key. Next to that it asks for a username and password (which I have), but also for a “Password User Key” (the last input field) of which I have no clue what it is.
I tried various combinations, but I always get the same error (also translated from Dutch):

Activation of network connection failed

I guess the variation which comes closest to the command line option is this one:

enter image description here

But that gives the same error.

Then there’s also the button “Advanced..”. Opening that scared the shit out of me. I simply have no idea where to begin in there.

Does anybody know how I can get this working somehow? Why is the command line option working perfectly, but is the UI so hard to get going? All tips are welcome!


Get this bounty!!!

#StackBounty: #iptables #openvpn Why does iptables forward from one network but not another?

Bounty: 50

I have LAN (10.20.1.0/24) and WLAN (172.16.20.0/24) traffic arriving on ens32 and destined for 10.21.0.1 via OpenVPN tun0 on a Debian 9 system. iptables is forwarding from LAN, but not from WLAN.

Using a TRACE rule in iptables, I get the following via the LAN:

May 14 15:03:07 vpnsrv kernel: [2357925.893248] TRACE: raw:PREROUTING:policy:2 IN=ens32 OUT= MAC=... SRC=10.20.1.12 DST=10.21.0.1 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=57269 DPT=22 SEQ=3284245311 ACK=0 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 OPT (020405B4010303050101080A0E55489B0000000004020000) 
May 14 15:03:07 vpnsrv kernel: [2357925.893288] TRACE: nat:PREROUTING:policy:2 IN=ens32 OUT= MAC=... SRC=10.20.1.12 DST=10.21.0.1 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=57269 DPT=22 SEQ=3284245311 ACK=0 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 OPT (020405B4010303050101080A0E55489B0000000004020000) 
May 14 15:03:07 vpnsrv kernel: [2357925.893317] TRACE: filter:FORWARD:rule:1 IN=ens32 OUT=tun0 MAC=... SRC=10.20.1.12 DST=10.21.0.1 LEN=64 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=TCP SPT=57269 DPT=22 SEQ=3284245311 ACK=0 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 OPT (020405B4010303050101080A0E55489B0000000004020000) 
May 14 15:03:07 vpnsrv kernel: [2357925.893347] TRACE: filter:ufw-before-logging-forward:return:1 IN=ens32 OUT=tun0 MAC=... SRC=10.20.1.12 DST=10.21.0.1 LEN=64 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=TCP SPT=57269 DPT=22 SEQ=3284245311 ACK=0 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 OPT (020405B4010303050101080A0E55489B0000000004020000) 
May 14 15:03:07 vpnsrv kernel: [2357925.893365] TRACE: filter:FORWARD:rule:2 IN=ens32 OUT=tun0 MAC=... SRC=10.20.1.12 DST=10.21.0.1 LEN=64 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=TCP SPT=57269 DPT=22 SEQ=3284245311 ACK=0 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 OPT (020405B4010303050101080A0E55489B0000000004020000) 
May 14 15:03:07 vpnsrv kernel: [2357925.893388] TRACE: filter:ufw-before-forward:rule:8 IN=ens32 OUT=tun0 MAC=... SRC=10.20.1.12 DST=10.21.0.1 LEN=64 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=TCP SPT=57269 DPT=22 SEQ=3284245311 ACK=0 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 OPT (020405B4010303050101080A0E55489B0000000004020000) 
May 14 15:03:07 vpnsrv kernel: [2357925.893404] TRACE: nat:POSTROUTING:policy:3 IN= OUT=tun0 SRC=10.20.1.12 DST=10.21.0.1 LEN=64 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=TCP SPT=57269 DPT=22 SEQ=3284245311 ACK=0 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 OPT (020405B4010303050101080A0E55489B0000000004020000) 

but only the first part via the WLAN:

May 14 15:08:44 vpnsrv kernel: [2358263.328390] TRACE: raw:PREROUTING:policy:2 IN=ens32 OUT= MAC=... SRC=172.16.20.12 DST=10.21.0.1 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=57342 DPT=22 SEQ=3290971808 ACK=0 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 OPT (020405B4010303050101080A0E5A69C30000000004020000)
May 14 15:08:44 vpnsrv kernel: [2358263.328430] TRACE: nat:PREROUTING:policy:2 IN=ens32 OUT= MAC=... SRC=172.16.20.12 DST=10.21.0.1 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=57342 DPT=22 SEQ=3290971808 ACK=0 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 OPT (020405B4010303050101080A0E5A69C30000000004020000)

Relevant filter rules are:

-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A ufw-before-forward -i ens32 -o tun0 -j ACCEPT

Why doesn’t traffic from WLAN get forwarded?


Get this bounty!!!

#StackBounty: #cisco #openvpn #nat #port-forwarding Port forwarding is not working on CISCO router

Bounty: 50

I have installed Open VPN Access server on a ESXI server.

To access it from outside , I have added port forwarding to CISCO router using following command.

#conf t
#ip nat inside source static tcp 10.201.102.163 443 <MY_EXTERNAL_IP> 443
#ip nat inside source static udp 10.201.102.163 443 <MY_EXTERNAL_IP> 443

There were no errors or any messages after executing these commands.

But when I navigate to https://<MY_EXTERNAL_IP>, I am not able to reach access server?


Get this bounty!!!

#StackBounty: #debian #iptables #routing #openvpn #vpn How to route specific VPN traffic via specific VPN client?

Bounty: 50

I have VPN network based on OpenVPN software. I need route all network traffic in VPN network where destination IP is from specific country via one specific client on this VPN network (VPN client IP address) – Mikrotik router where is configured NAT (MASQUERADE) for main internet interface (PPPoE). I need get public, dynamic IP address owned by this VPN client (Mikrotik router – PPPoE interface) for all this traffic. So on VPN server I created iptables mangle rule and I use geoip iptables module:

iptables -A PREROUTING -t mangle -i tun0 -m geoip --destination-country COUNTRY_CODE -j MARK --set-mark 1

So I have marked all traffic from client which have destination IP from this specific country. Next I have tried use this solution: Create specific route table and add default route. But default route can be only for next hop on this network. So when I use this command:

ip route add default via specific_VPN_client dev tun0 table CountryRoute 

I get this error:

RTNETLINK answers: Network is unreachable

Is possible route specific traffic to specific client, but not to next hop please?

I tried this iptables rule too:

iptables -A PREROUTING -i tun0 -m geoip --destination-country COUNTRY_CODE -j DNAT --to-destination Mikrotik_VPN_IP

But traffic ends on Mikrotik router. Maybe would be possible solve this problem on this router?

Thank you for your help.


Get this bounty!!!

#StackBounty: #windows-8 #vpn #internet #openvpn I can connect to VPN using openvpn but I can't get internet

Bounty: 50

I cannot ping google.com or bing.com while connected to my VPN or access any website. I can connect to my VPN, but I do not have internet access while connected.

Below is what I have tried

  • Disabling windows firewall and comodo firewall
  • Setup my DNS routing to Cloudflare 1.1.1.1 and Google Public DNS 8.8.8.8
  • Uninstalled my wireless driver then installed it again as administrator then uninstall openvpn client and install it again as administrator
  • Make the openvpn client run as administrator
  • Change the interface metric for my wifi adapter to 15 or 350
  • See below

netsh winsock reset
netsh winsock reset catalog
ipconfig /flushdns
ipconfig /release
ipconfig /renew
netsh int ip reset 
netsh int ip reset.log
netsh winsock reset catalog

How can I make my vpn connection have internet. I am using Windows 8.1 64 bit. The VPN connection works on my android phone.


Get this bounty!!!

#StackBounty: #windows-8 #vpn #internet #openvpn I can connect to VPN using openvpn but I can't get internet

Bounty: 50

I cannot ping google.com or bing.com while connected to my VPN or access any website. I can connect to my VPN, but I do not have internet access while connected.

Below is what I have tried

  • Disabling windows firewall and comodo firewall
  • Setup my DNS routing to Cloudflare 1.1.1.1 and Google Public DNS 8.8.8.8
  • Uninstalled my wireless driver then installed it again as administrator then uninstall openvpn client and install it again as administrator
  • Make the openvpn client run as administrator
  • Change the interface metric for my wifi adapter to 15 or 350
  • See below

netsh winsock reset
netsh winsock reset catalog
ipconfig /flushdns
ipconfig /release
ipconfig /renew
netsh int ip reset 
netsh int ip reset.log
netsh winsock reset catalog

How can I make my vpn connection have internet. I am using Windows 8.1 64 bit. The VPN connection works on my android phone.


Get this bounty!!!

#StackBounty: #windows-8 #vpn #internet #openvpn I can connect to VPN using openvpn but I can't get internet

Bounty: 50

I cannot ping google.com or bing.com while connected to my VPN or access any website. I can connect to my VPN, but I do not have internet access while connected.

Below is what I have tried

  • Disabling windows firewall and comodo firewall
  • Setup my DNS routing to Cloudflare 1.1.1.1 and Google Public DNS 8.8.8.8
  • Uninstalled my wireless driver then installed it again as administrator then uninstall openvpn client and install it again as administrator
  • Make the openvpn client run as administrator
  • Change the interface metric for my wifi adapter to 15 or 350
  • See below

netsh winsock reset
netsh winsock reset catalog
ipconfig /flushdns
ipconfig /release
ipconfig /renew
netsh int ip reset 
netsh int ip reset.log
netsh winsock reset catalog

How can I make my vpn connection have internet. I am using Windows 8.1 64 bit. The VPN connection works on my android phone.


Get this bounty!!!

#StackBounty: #windows-8 #vpn #internet #openvpn I can connect to VPN using openvpn but I can't get internet

Bounty: 50

I cannot ping google.com or bing.com while connected to my VPN or access any website. I can connect to my VPN, but I do not have internet access while connected.

Below is what I have tried

  • Disabling windows firewall and comodo firewall
  • Setup my DNS routing to Cloudflare 1.1.1.1 and Google Public DNS 8.8.8.8
  • Uninstalled my wireless driver then installed it again as administrator then uninstall openvpn client and install it again as administrator
  • Make the openvpn client run as administrator
  • Change the interface metric for my wifi adapter to 15 or 350
  • See below

netsh winsock reset
netsh winsock reset catalog
ipconfig /flushdns
ipconfig /release
ipconfig /renew
netsh int ip reset 
netsh int ip reset.log
netsh winsock reset catalog

How can I make my vpn connection have internet. I am using Windows 8.1 64 bit. The VPN connection works on my android phone.


Get this bounty!!!