Koozali.org formerly Contribs.org

OpenVpn - Routing problem - (SOLVED)

OpenVpn - Routing problem - (SOLVED)
« on: March 13, 2020, 02:53:43 PM »
I've configured OpenVpn in four server without problem (except the certificate incident of the previous post  :-? ).


The fifth is giving me headache: I can connect but from the windows client I'm only able to ping/connect the server itself, not other devices of the remote LAN.
I'm convinced it's not an OpenVpn problem but something concerning routing at core server level but I can't find a solution.
My brain is smoking and my eyes are tired ..... any idea for troubleshooting is welcomed  :oops:
« Last Edit: March 16, 2020, 02:47:21 PM by nicolatiana »
Consulente di Smeserver.it -  Soluzioni e supporto su Sme server in Italia.

Offline ReetP

  • *
  • 2,570
Re: OpenVpn - Routing problem
« Reply #1 on: March 13, 2020, 03:11:23 PM »
My brain is smoking and my eyes are tired ..... any idea for troubleshooting is welcomed  :oops:

Hahahaha join the rest of us..

So what settings have you got - where are you trying to ping to and from? Are these bridged, routed?

Are you bouncing around networks and need ccd files?

A bit more detail might help here...

(and come and speak to us on Rocket.Chat...)
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Re: OpenVpn - Routing problem
« Reply #2 on: March 13, 2020, 03:14:21 PM »
Hahahaha join the rest of us..

So what settings have you got - where are you trying to ping to and from? Are these bridged, routed?

Are you bouncing around networks and need ccd files?

A bit more detail might help here...

(and come and speak to us on Rocket.Chat...)  :-D :-D :-D :-D


As soon as I finish another headache I post details about VPN server config and others ....  8)
Consulente di Smeserver.it -  Soluzioni e supporto su Sme server in Italia.

Re: OpenVpn - Routing problem
« Reply #3 on: March 13, 2020, 11:08:48 PM »
OpenVPN config server-side up & running:
Quote
[root@icissmb ~]# config show openvpn-bridge
openvpn-bridge=service
    ConfigRequired=disabled
    CrlUrl=http://localhost:940/phpki/index.php?stage=dl_crl_pem
    UDPPort=1194
    access=public
    clientToClient=enabled
    endPool=192.168.0.195
    management=localhost:11194:fymKoRFjWlNt5rRcFXOzdFyLA
    maxClients=20
    redirectGW=always
    startPool=192.168.0.155
    status=enabled
    tapIf=tap0
    userAuth=CrtOnly
OpenVPN client .ovpn file:
Quote

rport 1194
proto udp
dev tap
nobind

# Uncomment the following line if your system
# support passtos (not supported on Windows)
# passtos

remote sogo.icis.it

tls-client
remote-cert-tls server

# Replace user.p12 with the certificate
# bundle in PKCS12 format
pkcs12 info-open-vpn-bridge.p12

# You can replace the pkcs12
# directive with the old ones
#ca cacert.pem
#cert user.pem
#key user-key.pem

mtu-test
comp-lzo
pull
Server hosting OpenVPN bridge runs on 192.168.0.0, single network card, server-only mode, behind a router natting port 1194 udp to server (192.168.0.127), DG for the server is 192.168.0.240 (the router), DNS server info left empty.

The client I'm connecting from runs on 192.168.35.0

I can connect with OpenVPN client form Windows client, I get 192.168.0.155 IP, then from a dos task I can ping 192.168.0.127 but any other adress on 192.168.0.0 is unreachable.
I suppose something faulty in routing but I can't find what.

The same config (appearently the same) is working fine in four other servers.  :(
« Last Edit: March 13, 2020, 11:10:58 PM by nicolatiana »
Consulente di Smeserver.it -  Soluzioni e supporto su Sme server in Italia.

Re: OpenVpn - Routing problem - SOLVED
« Reply #4 on: March 16, 2020, 01:52:42 PM »
Solved - Nothing wrong in configuration but ... :
The troubled server is a VM on ESXI 6.5U2, the working ones are phisycal.
This post:
https://forums.openvpn.net/viewtopic.php?t=21192
gave me the right path (the user had a VM with OpenVPN in a OVirt environment).

Quote
Re: OVPN Bridge Mode - No LAN Access
Post by cboggio ยป Sun Mar 06, 2016 8:50 pm
I solved the problem. The OVirt virtualized environment where I deployed this machine requires special properties be added to any physical bridge port on which a guest will be utilizing bridging of Ethernet interfaces. Promiscuous mode must be enable at the hyperviser level for the bridge to work on the guest. VMware is the same way.
...
I enabled promiscuous mode on the virtual switch of the hypervisor and now I'm able to reach all pheripherals/pc over the remote LAN.
Now I can park my brain in the ice for a few ....
 :-D
« Last Edit: March 16, 2020, 05:37:30 PM by nicolatiana »
Consulente di Smeserver.it -  Soluzioni e supporto su Sme server in Italia.

Offline ReetP

  • *
  • 2,570
Re: OpenVpn - Routing problem
« Reply #5 on: March 16, 2020, 02:07:18 PM »
Excellent and well done!
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Re: OpenVpn - Routing problem - (SOLVED)
« Reply #6 on: March 16, 2020, 03:10:47 PM »
Marked as "Solved"
Consulente di Smeserver.it -  Soluzioni e supporto su Sme server in Italia.

Offline TerryF

  • grumpy old man
  • *
  • 1,192
Re: OpenVpn - Routing problem - (SOLVED)
« Reply #7 on: March 16, 2020, 08:17:33 PM »
Well worth a small note in the wiki somewhere, just the thing that can drive you to drink :-)
--
qui scribit bis legit

Re: OpenVpn - Routing problem - (SOLVED)
« Reply #8 on: March 17, 2020, 12:48:09 AM »
 :(  no glory for me ..... in the wiki page of the contrib there was already a small note about generic problem concerning Vmware and OpenVPN. And I missed it ......
Anyhow I've improved the explanation, put two pictures and corrected some paragraph numbering.

https://wiki.contribs.org/OpenVPN_Bridge#Notes
Sending myself behind the blackboard :hammer:
Consulente di Smeserver.it -  Soluzioni e supporto su Sme server in Italia.

Offline ReetP

  • *
  • 2,570
Re: OpenVpn - Routing problem - (SOLVED)
« Reply #9 on: March 17, 2020, 01:10:39 AM »
:lol: :lol: :lol: :lol:

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline TerryF

  • grumpy old man
  • *
  • 1,192
Re: OpenVpn - Routing problem - (SOLVED)
« Reply #10 on: March 17, 2020, 01:25:09 AM »
--
qui scribit bis legit