Re: [PLUG] OpenVPN Help Adjusted

Brian Vagnoni on 8 Nov 2009 16:11:37 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] OpenVPN Help Adjusted

From: "Brian Vagnoni" <bvagnoni@v-system.net>

To: "Brian Vagnoni" <bvagnoni@v-system.net>, "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: Re: [PLUG] OpenVPN Help Adjusted

Date: Sun, 08 Nov 2009 19:11:42 -0500

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

Trying to tunnel services over openvpn, like ssh, and vnc. What am i doing wrong? SUSEfirewall2 config: FW_DEV_EXT="any eth0" FW_DEV_INT="tun0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="no" FW_MASQ_DEV="zone:ext" FW_MASQ_NETS="0/0" FW_NOMASQ_NETS="" FW_PROTECT_FROM_INT="no" FW_SERVICES_EXT_TCP="113" FW_SERVICES_EXT_UDP="1194" FW_SERVICES_EXT_IP="" FW_SERVICES_EXT_RPC="" FW_CONFIGURATIONS_EXT="sshd" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_DMZ_RPC="" FW_CONFIGURATIONS_DMZ="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_SERVICES_INT_RPC="" FW_CONFIGURATIONS_INT="" FW_SERVICES_DROP_EXT="" FW_SERVICES_DROP_DMZ="" FW_SERVICES_DROP_INT="" FW_SERVICES_REJECT_EXT="" FW_SERVICES_REJECT_DMZ="" FW_SERVICES_REJECT_INT="" FW_SERVICES_ACCEPT_EXT="0/0,tcp,113" FW_SERVICES_ACCEPT_DMZ="" FW_SERVICES_ACCEPT_INT="" FW_SERVICES_ACCEPT_RELATED_EXT="" FW_SERVICES_ACCEPT_RELATED_DMZ="" FW_SERVICES_ACCEPT_RELATED_INT="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="" FW_ALLOW_INCOMING_HIGHPORTS_UDP="" FW_FORWARD="" FW_FORWARD_REJECT="" FW_FORWARD_DROP="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG_LIMIT="" FW_LOG="" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_SOURCEQUENCH="" FW_ALLOW_FW_BROADCAST_EXT="no" FW_ALLOW_FW_BROADCAST_INT="no" FW_ALLOW_FW_BROADCAST_DMZ="no" FW_IGNORE_FW_BROADCAST_EXT="yes" FW_IGNORE_FW_BROADCAST_INT="no" FW_IGNORE_FW_BROADCAST_DMZ="no" FW_ALLOW_CLASS_ROUTING="" FW_CUSTOMRULES="" FW_REJECT="" FW_REJECT_INT="yes" FW_HTB_TUNE_DEV="" FW_IPv6="" FW_IPv6_REJECT_OUTGOING="" FW_IPSEC_TRUST="no" FW_ZONES="" FW_USE_IPTABLES_BATCH="" FW_LOAD_MODULES="nf_conntrack_netbios_ns" FW_FORWARD_ALWAYS_INOUT_DEV="" FW_FORWARD_ALLOW_BRIDGING="" SUSEfirewall2-custom config: fw_custom_before_antispoofing() { true } fw_custom_after_antispoofing() { # could also be named "before_port_splitting()" true } fw_custom_before_port_handling() { true } fw_custom_before_masq() { # could also be named "after_port_handling()" true } fw_custom_before_denyall() { # could also be named "after_forwardmasq()" iptables -A INPUT -i tun+ -j ACCEPT iptables -A OUTPUT -o tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT iptables -A FORWARD -o tun+ -j ACCEPT true } openvpn server config: ;local a.b.c.d port 1194 ;proto tcp proto udp ;dev tap dev tun ;dev-node MyTap ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key # This file should be kept secret dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 ;learn-address ./script ;push "redirect-gateway" ;push "dhcp-option DNS 10.8.0.1" ;push "dhcp-option WINS 10.8.0.1" ;client-to-client ;duplicate-cn keepalive 10 120 ;tls-auth ta.key 0 # This file is secret ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES comp-lzo ;max-clients 100 ;user nobody ;group nobody persist-key persist-tun status openvpn-status.log ;log openvpn.log ;log-append openvpn.log verb 3 ;mute 20 dmesg output: SFW2-INext-DROP-DEFLT IN=tun0 OUT= MAC= SRC=10.8.0.6 DST=10.8.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=408 DF PROTO=TCP SPT=1284 DPT=5901 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405580103030801010402) SFW2-INext-DROP-DEFLT IN=tun0 OUT= MAC= SRC=10.8.0.6 DST=10.8.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=414 DF PROTO=TCP SPT=1284 DPT=5901 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405580103030801010402) SFW2-INext-DROP-DEFLT IN=tun0 OUT= MAC= SRC=10.8.0.6 DST=10.8.0.1 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=423 DF PROTO=TCP SPT=1284 DPT=5901 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204055801010402) -------------------------------------------------- Brian Vagnoni PGP Digital Fingerprint F076 6EEE 06E5 BEEF EBBD BD36 F29E 850D FC32 3955 -------------------------------------------------- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: [PLUG] OpenVPN Help

Next by Date: Re: [PLUG] Thunderbird Lightning

Previous by thread: [PLUG] OpenVPN Help

Next by thread: Re: [PLUG] OpenVPN Help Adjusted

Index(es):

Date

Thread