Re: Tutorial - Install OpenVPN on Ubuntu 10.04
c-m,
Ok, I think that I understand your situation now.
It is possible that 11.11 has a different setup from 10.04. You will probably have to search for a tutorial that specifically addresses how to install OpenVPN on 11.11.
I designed the guide around 10.04, because it is the long term release. I plan on revising it when the next long term release comes out, 12.04 is released. I figure that most people will probably use an LTS for their servers.
Kevdog has a comment above that discusses a change in 10.10 that might impact you.
Look in the Troubleshooting section of the guide. It will show you how to enable server side logging.
Re: Tutorial - Install OpenVPN on Ubuntu 10.04
Code:
carl@mine ~ $ ifconfig
br0 Link encap:Ethernet HWaddr 52:b5:7d:44:2a:2c
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::8865:2eff:fec2:b991/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:299 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:28 (28.0 B) TX bytes:34635 (34.6 KB)
eth1 Link encap:Ethernet HWaddr 00:22:4d:54:86:c1
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::222:4dff:fe54:86c1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13599 errors:0 dropped:0 overruns:0 frame:0
TX packets:13582 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4906449 (4.9 MB) TX bytes:1646911 (1.6 MB)
Interrupt:43 Base address:0xe000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:376 errors:0 dropped:0 overruns:0 frame:0
TX packets:376 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:40881 (40.8 KB) TX bytes:40881 (40.8 KB)
tap0 Link encap:Ethernet HWaddr 52:b5:7d:44:2a:2c
inet6 addr: fe80::50b5:7dff:fe44:2a2c/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:23 errors:0 dropped:0 overruns:0 frame:0
TX packets:291 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1934 (1.9 KB) TX bytes:35239 (35.2 KB)
vmnet1 Link encap:Ethernet HWaddr 00:50:56:c0:00:01
inet addr:172.16.186.1 Bcast:172.16.186.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:153 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vmnet8 Link encap:Ethernet HWaddr 00:50:56:c0:00:08
inet addr:192.168.110.1 Bcast:192.168.110.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:147 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Server is 192.168.100
Gateway is 192.168.1
On the server pinging 192.168.1 fails.
It must be something to do with the bridge, as before i did that, I could ping from the server, to the gateway.
Despite not being able to ping the gateway, the server still has full internet access.
Re: Tutorial - Install OpenVPN on Ubuntu 10.04
My ifconfig statement is slightly different than yours.
I'm not getting any IP address assigned on eth0 (I think this is the correct outcome) I'm running 10.0.1.199 as my server address however the actual IP address isn't really that important. You should be able to access your router and within the clients table you should see the local ip address of your router actually listed:
Code:
br0 Link encap:Ethernet HWaddr 00:15:60:9c:06:ec
inet addr:10.0.1.199 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::215:60ff:fe9c:6ec/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18024 errors:0 dropped:0 overruns:0 frame:0
TX packets:15055 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8946767 (8.9 MB) TX bytes:2855486 (2.8 MB)
eth0 Link encap:Ethernet HWaddr 00:15:60:9c:06:ec
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18844 errors:0 dropped:0 overruns:0 frame:0
TX packets:14886 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9391994 (9.3 MB) TX bytes:2909188 (2.9 MB)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:72 errors:0 dropped:0 overruns:0 frame:0
TX packets:72 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10814 (10.8 KB) TX bytes:10814 (10.8 KB)
Re: Tutorial - Install OpenVPN on Ubuntu 10.04
c-m,
I'm sorry, but I don't have much to offer you in the form of a solution.
I think that you are right about the bridge. In my ifconfig br0 has a fair amount of traffic on RX and TX, but yours appears to be low.
On my system the eth0 device does not have an assigned inet addr. (It does an inet6 addr though.). So this implies that something was set up incorrectly. The TX/RX rate is roughly the same as for my br0 interface. My system also shows an "Interrupt"
eth0 Link encap:Ethernet HWaddr 12:34:56:78:90:12
inet6 addr: 1111:2222:3333:4444:5555/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13132618 errors:0 dropped:0 overruns:0 frame:0
TX packets:12410527 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3746613941 (3.7 GB) TX bytes:2929200526 (2.9 GB)
Interrupt:18
I'm not really a VPN expert, so at this point it will come down to some good web searching.
Re: Tutorial - Install OpenVPN on Ubuntu 10.04
I found this tutorial very helpful. It is easy to follow and well explained. Our company is planning to build our own openvpn server as a failover . Because we are not satisfied to the service of our VPN provider though they happens to be the leading provider in the phillipines. I was using Ubuntu for almost 2 years now. Because of intermittent and slow connection speed. so I somehow understand the flow of your wonderful procedure. great help.. thanks
Re: Tutorial - Install OpenVPN on Ubuntu 10.04
Got my bridge sorted now.
The server can access the router and can ping other computers on the network.
Setup an ubuntu client on my netbook following the guide. It connects ok, but can't access the internet or ping my network.
In my server config, i've got:
push "route 192.168.0.1 255.255.255.0"
That is my gateway, should that be the server (192.168.0.100) instead?
EDIT: The client can now access the internet via vpn. On restart it seems network manager is no longer managing the server connection. I had to manually set the DNS (i used googles's) in /etc/resolv.conf
The only remaining issue now, is that the client can't access samba shares, but that's a samba issue i think.
Re: Tutorial - Install OpenVPN on Ubuntu 10.04
Quote:
Originally Posted by
c-m
In my server config, i've got:
push "route 192.168.0.1 255.255.255.0"
That is my gateway, should that be the server (192.168.0.100) instead?
You have it correct. It should be pointed to your router, not the server that is running OpenVPN.
It sounds like something is not set up correctly on the client. What version of Ubuntu are you using on the client? Double check all the settings, especially that the ta.key and its direction are set correctly.
On the client, OpenVPN will send its log messages to /var/log/syslog. There will probably be a good clue in there.
If you can't get it working, send me an ifconfig from the client when it has a VPN connection.
What did you do to fix the bridge?
Re: Tutorial - Install OpenVPN on Ubuntu 10.04
For the bridge i just followed a few different guides and did a bit of trial and error.
The ifconfig of the netbook (11.10), is:
Code:
ifconfig
eth0 Link encap:Ethernet HWaddr 00:24:e8:9d:25:85
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:43 Base address:0x8000
eth1 Link encap:Ethernet HWaddr 00:23:08:78:f2:ad
inet addr:192.168.100.199 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::223:8ff:fe78:f2ad/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:27194 errors:0 dropped:0 overruns:0 frame:1580427
TX packets:27367 errors:50 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:20145367 (20.1 MB) TX bytes:5678500 (5.6 MB)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:707 errors:0 dropped:0 overruns:0 frame:0
TX packets:707 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:53525 (53.5 KB) TX bytes:53525 (53.5 KB)
tap0 Link encap:Ethernet HWaddr 12:bd:21:34:57:93
inet addr:192.168.0.200 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::10bd:21ff:fe34:5793/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34 errors:0 dropped:0 overruns:0 frame:0
TX packets:75 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3182 (3.1 KB) TX bytes:11600 (11.6 KB)
as you can see tap0 is given a an ip on my home network, so that appears ok.
Re: Tutorial - Install OpenVPN on Ubuntu 10.04
The ifconfig looks good.
It is probably something in your server.conf. The fact that the client is not retrieving DNS entries is a red flag. You shouldn't have to set these manually.
It sounds like one of the changes that you made in order to get the server working, broke the ability of the client to traffic trough the VPN.
Was there any info in the server log?
Re: Tutorial - Install OpenVPN on Ubuntu 10.04
Hello,
I also have used your guide, in combination with official OpenVPN HOWTO, to create a VPN between two Ubuntu servers. However, I'm a little concerned about security. I have tried to copy the entire easy-rsa/keys folder and the client.conf file to another Ubuntu computer and was able to start the VPN connection. The original VPN client went down.
Does anybody know what's the best way to prevent private keys copy to another system? I have tried encfs and openssl commands, but I can't use them as we start the OpenVPN client as a server.
Thanks
Oct
