search for: vpn_offic

Hi, I am trying to setup a VPN between roaming users and the office. Main usage will be VNC sessions to some Linux computers sitting on the office LAN. One machine on the office LAN, VPN_office, is dedicated to run tinc. The office router is behind another router for which we have no control, so I contracted an external computer VPN_out with a public IP to act as an in between connection. All the configuration details are given in https://we.tl/t-Yms0qqB4b1 The two tunnels are working....

Hello Julien, Am Mon, 14 Jan 2019 22:15:47 +0100 schrieb Julien dupont <marcelvierzon at gmail.com>: > ** Test 1 ** > On VPN_office I use 'tcpdump -npi any icmp and host 192.168.1.3' > When pinging 192.168.1.1 from client 1, with no success, I see no packet > passing. Sorry - the tcpdump command should end with "192.168.1.1" instead of "192.168.1.3". (everything following "any" is a...

On 12/1/19 2:29 pm, Lars Kruse wrote: > Hello > > > Am Thu, 10 Jan 2019 11:58:33 +0100 > schrieb Julien dupont <marcelvierzon at gmail.com>: > >> The two tunnels are working. From a client I can ping or ssh VPN_office on >> both tunnel and LAN IPs 172.16.0.2 and 192.168.1.3. I cannot however ping >> any other computer on the LAN, I get no pong back but it is not complaining >> he has no route to host. > wild guess: maybe the response fails to find its way back to the source? > In this ca...

Le mar. 15 janv. 2019 à 03:13, Lars Kruse <lists at sumpfralle.de> a écrit : > Hello Julien, > > > Am Mon, 14 Jan 2019 22:15:47 +0100 > schrieb Julien dupont <marcelvierzon at gmail.com>: > > > > ** Test 1 ** > > On VPN_office I use 'tcpdump -npi any icmp and host 192.168.1.3' > > When pinging 192.168.1.1 from client 1, with no success, I see no packet > > passing. > > Sorry - the tcpdump command should end with "192.168.1.1" instead of > "192.168.1.3". > (everything f...

Hi Julien, Am Mon, 14 Jan 2019 18:04:40 +0100 schrieb Julien dupont <marcelvierzon at gmail.com>: > Investigating with tcpdump withoug guidelines is beyond my skills I'm > afraid. Try this on your VPN_office host: tcpdump -npi any icmp and host 192.168.1.3 In parallel you start a ping from the other network: ping 192.168.1.1 I assume, that tcpdump will show all packets from your source. Probably you will see two packets each (with a slight delay of a few milliseconds). These are the packets forward...

Hello Julien, Am Tue, 15 Jan 2019 16:33:26 +0100 schrieb Julien dupont <marcelvierzon at gmail.com>: > ip_forward was not enabled, now it is. a good step forward :) (you should do this permanently via /etc/sysctl.d/) > 'iptables -L -vn' yields: > [..] OK. The output tells us, that there are firewall rules. Now you should take a look at your firewall configuration

Hi Lars, Thanks for the help ** Test 1 ** On VPN_office I use 'tcpdump -npi any icmp and host 192.168.1.3' When pinging 192.168.1.1 from client 1, with no success, I see no packet passing. When pinging 192.168.1.3 from client 1, with success, I see packet passing: IP 172.16.0.3 > 192.168.1.3: ICMP echo request, id 2648, seq 23, length 64 IP...

Hello Am Thu, 10 Jan 2019 11:58:33 +0100 schrieb Julien dupont <marcelvierzon at gmail.com>: > The two tunnels are working. From a client I can ping or ssh VPN_office on > both tunnel and LAN IPs 172.16.0.2 and 192.168.1.3. I cannot however ping > any other computer on the LAN, I get no pong back but it is not complaining > he has no route to host. wild guess: maybe the response fails to find its way back to the source? In this case you could either m...

...t.email> a écrit : > On 12/1/19 2:29 pm, Lars Kruse wrote: > > Hello > > > > > > Am Thu, 10 Jan 2019 11:58:33 +0100 > > schrieb Julien dupont <marcelvierzon at gmail.com>: > > > >> The two tunnels are working. From a client I can ping or ssh VPN_office > on > >> both tunnel and LAN IPs 172.16.0.2 and 192.168.1.3. I cannot however > ping > >> any other computer on the LAN, I get no pong back but it is not > complaining > >> he has no route to host. > > wild guess: maybe the response fails to find its way...

In most howtos it is instructed to enable port forwarding with 'echo 1 > /proc/sys/net/ipv4/ip_forward', but they don't say it's not permanent... So it was gone when I rebooted the machine. I then disabled the firewall on the VPN_office machine... And it works! If obviously VPN_out must be highly secured, I guess there is no problem to disable the firewall on VPN_office? Everything is blocked on our LAN router.I don't understand why it was on in first place as I did not enable it. Thanks you very much Lars for your kind help...

...bnet). Thus I could imagine, that at least one of the following items is true: * "ip_forward" (/proc/sys/net/ipv4/ip_forward) is not enabled on 192.168.1.3 * firewall rules do not allow such packets to be forwarded (see the output of "iptables -L -vn") on 192.168.1.3 > On VPN_office 'tcdump -npi any icmp', on 192.168.1.100 'ping 172.16.0.3': > 192.168.1.100 > 172.16.0.3: ICMP echo request, id 11452, seq1, length 64 > 192.168.1.100 > 172.16.0.3: ICMP echo request, id 11452, seq2, length 64 > 192.168.1.100 > 172.16.0.3: ICMP echo request, id 11...

ip_forward was not enabled, now it is. Still same result: On VPN_office I use 'tcpdump -npi any icmp and host 192.168.1.1' and ping 192.168.1.1 from the client: 5:28:42.646203 IP 172.16.0.3 > 192.168.1.1: ICMP echo request, id 1584, seq 1, length 64 15:28:43.663014 IP 172.16.0.3 > 192.168.1.1: ICMP echo request, id 1584, seq 2, length 64 15:28:44.688133...