OpenVPN on OpenVZ with Ubuntu 16.04

Ken D'Ambrosio ken at jots.org
Mon Jul 30 01:08:58 UTC 2018 


On 2018-07-29 15:53, Helmut Schneider wrote:
> Hi,
> 
> I set up OpenVPN on Ubuntu 16.04. From the shell I can conect to all
> services behind the VPN server:

OK.  What would be really helpful is if
a) you tried not to use pronouns (e.g., "when it tries to forward 
mails", I'm not sure what "it" refers to),
b) you specified which hosts have which IPs, and
c) said which host is trying to send e-mail where, and by what 
mechanism.

Unless you've set up firewall rules, it's much more likely either an MX 
issue (where your mail client is pulling hosts/IPs from MX record 
lookups), or a routing issue.  But without getting the additional stuff 
mentioned above, it's super-duper hard to know.

-Ken


> helmut at h2786452:~$ sudo tcpdump -n -i tun0 port 25
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
> 21:44:17.180104 IP 10.0.124.18.32836 > 192.168.124.249.25: Flags [S],
> seq 239848268, win 14600, options [mss 1460,sackOK,TS val 2150393196
> ecr 0,nop,wscale 7], length 0
> 21:44:17.205351 IP 192.168.124.249.25 > 10.0.124.18.32836: Flags [S.],
> seq 2923799854, ack 239848269, win 8192, options [mss 1288,nop,wscale
> 8,sackOK,TS val 100173603 ecr 2150393196], length 0
> 21:44:17.205401 IP 10.0.124.18.32836 > 192.168.124.249.25: Flags [.],
> ack 1, win 115, options [nop,nop,TS val 2150393222 ecr 100173603],
> length 0
> [...]
> helmut at h2786452:~$
> 
> My VM is running on OpenVZ with a public IP. Postfix is bound to that
> public IP. When it tries to forward mails to my Postfix server is seems
> to use the public IP:
> 
> 21:48:53.945114 IP 81.169.210.199.45236 > 192.168.124.249.25: Flags
> [S], seq 4069537415, win 14600, options [mss 1460,sackOK,TS val
> 2150669961 ecr 0,nop,wscale 7], length 0
> 21:48:54.944247 IP 81.169.210.199.45236 > 192.168.124.249.25: Flags
> [S], seq 4069537415, win 14600, options [mss 1460,sackOK,TS val
> 2150670961 ecr 0,nop,wscale 7], length 0
> 21:48:56.944277 IP 81.169.210.199.45236 > 192.168.124.249.25: Flags
> [S], seq 4069537415, win 14600, options [mss 1460,sackOK,TS val
> 2150672961 ecr 0,nop,wscale 7], length 0
> 21:49:00.944260 IP 81.169.210.199.45236 > 192.168.124.249.25: Flags
> [S], seq 4069537415, win 14600, options [mss 1460,sackOK,TS val
> 2150676961 ecr 0,nop,wscale 7], length 0
> 21:49:08.944250 IP 81.169.210.199.45236 > 192.168.124.249.25: Flags
> [S], seq 4069537415, win 14600, options [mss 1460,sackOK,TS val
> 2150684961 ecr 0,nop,wscale 7], length 0
> 
> The packages never reach my OpenVPN server and I'm not sure if is
> related to OpenVPN or a NAT rule. How would a NAT rule (iptables) look
> like? Or other ideas?
> 
> Thank you!

More information about the ubuntu-users mailing list