thr3ads.net - Shorewall users - OpenVPN on Bering [Apr 2004]

If this information is useful, please help other people find it:
Share via:

AdStar

2004-Apr-08 02:27 UTC

OpenVPN on Bering

Hi guys,

I''m trying to setup a VPN (openvpn version 1.5.0) connection from my
home
(ADSL, static IP) to my Office (Static IP).
Both networks have a leaf Bering machine as there firewalls, both running
shorewall 1.4.7c. I followed the guide at
http://www.shorewall.net/1.4/OPENVPN.html but I''m not 100% sure I have
got
it right. I can get the openvpn side of things to connect but cannot ping
any machines on either side of the VPN from the firewall or internal
machines.

HOME internal LAN is 10.0.10.0/24
OFFICE internal LAN is 10.0.100.0/24

HOME Tunnel endpoint 192.168.0.1
OFFICE Tunnel endpoint 192.168.0.2

HOME Firewall IP: 202.52.33.145
OFFICE Firewall IP: 67.106.134.127

OFFICE:
/etc/shorewall/zones --> added  ''vpn     VPN             VPN
network''
/etc/shorewall/interfaces --> added ''vpn     tun0           
10.0.10.255''
/etc/shorewall/policy --> added ''loc     vpn            
ACCEPT'' and ''vpn
loc             ACCEPT''
/etc/shorewall/tunnels --> added ''openvpn                 net
202.52.33.145''

openvpn.conf
dev tun
local 67.106.134.127
ifconfig 192.168.0.2 192.168.0.1
secret secret.key
verb 8


Restarted Shorewall no errors...
Start OpenVPN no errors..
Manually add the route: route add -net 10.0.10.0 netmask 255.255.255.0 gw
192.168.0.2

daemon.log
Apr  8 11:58:00 pyro openvpn[19238]: Current Parameter Settings:
Apr  8 11:58:00 pyro openvpn[19238]:   config =
''/etc/openvpn/openvpn.conf''
<snip>
Apr  8 12:00:00 pyro openvpn[32333]: Expected Remote Options hash (VER=V3):
''9af04bc6''
Apr  8 12:00:00 pyro openvpn[17555]: UDPv4 link local (bound):
67.106.134.127:5000
Apr  8 12:00:00 pyro openvpn[17555]: UDPv4 link remote: [undef]
Apr  8 12:01:46 pyro openvpn[17555]: UDPv4 READ [60] from
202.52.33.145:5000:  DATA len=60
Apr  8 12:01:46 pyro openvpn[17555]: Peer Connection Initiated with
202.52.33.145:5000
Apr  8 12:01:46 pyro openvpn[17555]: UDPv4 WRITE [188] to
202.52.33.145:5000:  DATA len=188
Apr  8 12:01:50 pyro openvpn[17555]: UDPv4 WRITE [60] to 202.52.33.145:5000:
 DATA len=60

$ ip route
192.168.0.1 dev tun0  proto kernel  scope link  src 192.168.0.2
10.0.100.0/24 dev eth1  proto kernel  scope link  src 10.0.100.1
67.106.134.0/24 dev eth0  proto kernel  scope link  src 67.106.134.127
10.0.10.0/24 via 192.168.0.2 dev tun0  scope link
default via 67.106.134.1 dev eth0


HOME:
/etc/shorewall/zones --> added  ''vpn     VPN             VPN
network''
/etc/shorewall/interfaces --> added ''vpn     tun0           
10.0.100.255''
/etc/shorewall/policy --> added ''loc     vpn            
ACCEPT'' and ''vpn
loc             ACCEPT''
/etc/shorewall/tunnels --> added ''openvpn                 net
67.106.134.127''

openvpn.conf
dev tun
local 202.52.33.145
remote 67.106.134.127
ifconfig 192.168.0.1 192.168.0.2
secret secret.key
verb 8

Restarted Shorewall no errors...
Start OpenVPN no errors..
Manually add the route: route add -net 10.0.100.0 netmask 255.255.255.0 gw
192.168.0.1

daemon.log
Apr  8 02:29:06 talon openvpn[16327]: Expected Remote Options hash (VER=V3):
''b700f892''
Apr  8 02:29:06 talon openvpn[18778]: UDPv4 link local (bound):
202.52.33.145:5000
Apr  8 02:29:06 talon openvpn[18778]: UDPv4 link remote: 67.106.134.127:5000
Apr  8 02:29:16 talon openvpn[18778]: UDPv4 WRITE [60] to
67.106.134.127:5000:  DATA len=60
Apr  8 02:29:16 talon openvpn[18778]: UDPv4 READ [188] from
67.106.134.127:5000:  DATA len=188
Apr  8 02:29:17 talon openvpn[18778]: Peer Connection Initiated with
67.106.134.127:5000
Apr  8 02:29:21 talon openvpn[18778]: UDPv4 READ [60] from
67.106.134.127:5000:  DATA len=60
Apr  8 02:29:21 talon openvpn[18778]: UDPv4 WRITE [188] to
67.106.134.127:5000:  DATA len=188

# ip route
192.168.0.2 dev tun0  proto kernel  scope link  src 192.168.0.1
172.31.31.9 dev ppp0  proto kernel  scope link  src 202.52.33.145
10.0.100.0/24 via 192.168.0.1 dev tun0  scope link
10.0.10.0/24 dev eth1  proto kernel  scope link  src 10.0.10.1
default via 172.31.31.9 dev ppp0

I try and ping the OFFICE endpoint from HOME firewall
# ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2): 56 data bytes
ping: sendto: Operation not permitted

HOME: shorewall.log
Apr  8 02:31:39 talon Shorewall:all2all:REJECT: IN= OUT=tun0
MAC=00:90:27:58:e2:dd:00:e0:7d:ba:cd:ee:08:00  SRC=192.168.0.1
DST=192.168.0.2 LEN=84 TOS=00 PREC=0x00 TTL=64 ID=63440 DF PROTO=ICMP TYPE=8
CODE=0 ID=37959 SEQ=0

The above is in my HOME shorewall.log I''m not sure how to fix this.
I''m sure my tunnels file is right. Any help would be muchly
appreciated.

Regards
Adam.

Tom Eastep

2004-Apr-08 02:40 UTC

head link

Re: OpenVPN on Bering

AdStar wrote:
> Hi guys,
> 
Please make up your mind who you want to look at this problem -- I''m
not
cross-posting on three different lists.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Shorewall users - Apr 2004 - OpenVPN on Bering

OpenVPN on Bering

Re: OpenVPN on Bering