openvpn/dns issues on ubuntu 14.04
Paolo De Michele
paolo at paolodemichele.it
Wed Apr 8 08:43:17 UTC 2015
hi Henk te Sligte,
thanks for your reply and your help
about your questions:
- the vpn server is configured so that if the request is a particular
client takes a particular IP address and vice versa; in this case the
vpn server in its configuration has 2 routes:
192.168.40.x and 10.8.0.x
- if I not use a particular certificate and key file I've an ip like
this: 10.8.0.x while if I use another one certeficate and key file
I've 192.168.40.x. in my laptop with lubuntu I simulated both
situations and I have no problem. this mean that the vpn server works
correctly
- if I try the same configuration in a client by ubuntu I can not be
able to view the webpage (as if the problem were side dns).
all addresses are resolved with the dig command. if I try via hostname
doesn't works, if I try via ip address it works.
yes, that's weird.
I saw your image and works fine for my scope
so, I'm interested in your configuration
please let me know, thanks in advance
regards
On Tue, 07 Apr 2015, Henk te Sligte wrote:
> That's weird.. The ip addresses are in different networks.. Which clients
> are these? Is one Lubuntu and another one Ubuntu? Which is which?
>
> From what I understand from you, your network looks like this:
> http://tmp.hjts.nl/vpn-ubuntu.png - is that correct?
> I'd be happy to share my configuration, I actually first built the whole
> network in VirtualBox and then implemented it. It looks like this:
> http://tmp.hjts.nl/vpn-virtualbox.png Let me know if you are interested.
>
> On Tue, Apr 7, 2015 at 4:56 PM, Paolo De Michele <paolo at paolodemichele.it>
> wrote:
>
> >
> > lubuntu use lxde and network manager
> > 2 clients with ubuntu use unity as DE
> >
> > about your questions:
> >
> > - all clients does the openvpn connection via cli (command line)
> > - the connection from client to server works properly
> >
> > when I do the ifconfig on all clients, I have:
> >
> > loopback and eth0 egual (change only the ip address)
> > tun0 is a bit different (also here change the ip address)
> >
> > tun0 Link encap:UNSPEC
> > HWaddr00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> > inet addr:192.168.40.130 P-t-P:192.168.40.129
> > Mask:255.255.255.255
> > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1378 Metric:1
> > RX packets:157 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:188 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:100
> > RX bytes:72840 (72.8 KB) TX bytes:41759 (41.7 KB)
> >
> > tun0 Link encap:UNSPEC
> > HWaddr00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> > inet addr:10.8.0.14 P-t-P:10.8.0.13 Mask:255.255.255.255
> > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1378 Metric:1
> > RX packets:225 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:257 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:100
> > RX bytes:92662 (92.6 KB) TX bytes:49045 (49.0 KB)
> >
> > On my client (it works) I tried both ip addresses and it works properly
> >
> >
> > On Tue, 07 Apr 2015, Henk te Sligte wrote:
> >
> > > So the difference is only lubuntu or ubuntu? I'm not sure if lubuntu has
> > > Network Manager, how do you connect with the clients? Do you use Network
> > > Manager or the console application? Do you see the clients making the
> > > openvpn connection on the server? Just to make sure, can you do ifconfig
> > on
> > > all clients?
> > >
> > >
> > > On Tue, Apr 7, 2015 at 3:50 PM, Paolo De Michele <
> > paolo at paolodemichele.it>
> > > wrote:
> > >
> > > >
> > > > thanks for your reply
> > > > I do not think it is a server problem because a client is working
> > properly
> > > > if you see the previous email dig works fine but when I request that
> > web
> > > > page from a browser can not display the page
> > > >
> > > > I have this problem only with two clients that use ubuntu.
> > > > the client with lubuntu works properly.
> > > >
> > > > can I verify anything else?
> > > > thanks in advance
> > > >
> > > > regards
> > > >
> > > > On Tue, 07 Apr 2015, Henk te Sligte wrote:
> > > >
> > > > > Just yesterday I configured a debian openvpn server and ubuntu
> > clients.
> > > > On
> > > > > the server, you need to have IP forwarding enabled, and iptables
> > should
> > > > > forward all traffic.
> > > > >
> > > > > First, enable IP forwarding:
> > > > > sudo sysctl -w net.ipv4.ip_forward=1
> > > > > sudo /etc/init.d/procps restart
> > > > >
> > > > > Then, let iptables forward all traffic:
> > > > > iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
> > > > > iptables -A FORWARD -i tun0 -o tun0 -j ACCEPT # vpn to vpn
> > > > > iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT # vpn to ethernet
> > > > > iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT # ethernet to vpn
> > > > >
> > > > > Note that this doesn't filter any traffic, it just makes sure that
> > you
> > > > can
> > > > > communicate with the ethernet. If you want to block certain traffic
> > and
> > > > > allow other traffic, I suggest to read some more about iptables.
> > > > >
> > > > >
> > > > >
> > > > > On Tue, Apr 7, 2015 at 11:14 AM, Paolo De Michele <
> > > > paolo at paolodemichele.it>
> > > > > wrote:
> > > > >
> > > > > > anyone can help me?
> > > > > > thanks in advance
> > > > > >
> > > > > > regards
> > > > > >
> > > > > > On 3 April 2015 at 12:25, Paolo De Michele <
> > paolo at paolodemichele.it>
> > > > > > wrote:
> > > > > >
> > > > > >> hi there,
> > > > > >>
> > > > > >> this is my scenario:
> > > > > >>
> > > > > >> - 1 server (I installed openvpn and bind via docker in 2 different
> > > > > >> instances)
> > > > > >> - 3 clients (first one with lubuntu 14.04 x64 and the last two
> > clients
> > > > > >> with ubuntu 14.04 x64)
> > > > > >>
> > > > > >> the vpn server works correctly
> > > > > >> if I connect to the server with vpn client installed lubuntu I
> > have no
> > > > > >> problem.
> > > > > >> if I try ubuntu by clients, same problems.
> > > > > >>
> > > > > >> let me explain:
> > > > > >>
> > > > > >> the connection to the vpn server works correctly
> > > > > >> I have an additional interface called tun0 with a regular ip
> > address
> > > > > >> I have also the new dns servers: the first one private (my dns
> > server)
> > > > > >> and the other two (publics)
> > > > > >>
> > > > > >> if I try to solve an hostname by dig command, works perfectly
> > > > > >> if I try to view the same hostname via browser I cannot be able to
> > > > > >> visualize the webpage
> > > > > >> If I try the ip address, works perfectly
> > > > > >>
> > > > > >> can I do other tests?
> > > > > >> anyone can help me please?
> > > > > >>
> > > > > >> thanks in advance
> > > > > >> regards
> > > > > >>
> > > > > >
> > > > > >
> > > > > > --
> > > > > > ubuntu-users mailing list
> > > > > > ubuntu-users at lists.ubuntu.com
> > > > > > Modify settings or unsubscribe at:
> > > > > > https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> > > > > >
> > > > > >
> > > >
> > > > > --
> > > > > ubuntu-users mailing list
> > > > > ubuntu-users at lists.ubuntu.com
> > > > > Modify settings or unsubscribe at:
> > > > https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> > > >
> > > > --
> > > > ubuntu-users mailing list
> > > > ubuntu-users at lists.ubuntu.com
> > > > Modify settings or unsubscribe at:
> > > > https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> > > >
> >
> > > --
> > > ubuntu-users mailing list
> > > ubuntu-users at lists.ubuntu.com
> > > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> >
> >
> > --
> > Paolo De Michele
> > Finger Print: 038F 13HS 9339
> >
> > --
> > ubuntu-users mailing list
> > ubuntu-users at lists.ubuntu.com
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> >
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
--
Paolo De Michele
Finger Print: 038F 13HS 9339
More information about the ubuntu-users
mailing list