Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] Gentoo OpenVPN-Client as Gateway
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
MasterGollom
n00b
n00b


Joined: 23 May 2016
Posts: 10
Location: Luxembourg

PostPosted: Mon May 23, 2016 9:10 am    Post subject: [solved] Gentoo OpenVPN-Client as Gateway Reply with quote

Hi guys,

I'm new to OpenVPN and I can't find any tutorials for a setup I want to achieve.

So, what I want to do is this:

Code:
                          +-------------------------+
               (public IP)|                         |
  {INTERNET}=============={     Router              |
                          |                         |
                          |         LAN switch      |
                          +------------+------------+
                                       | (192.168.1.1)
                                       |
                                       |              +-----------------------+
                                       |              |                       |
                                       |              |        OpenVPN        |  eth1: 192.168.1.207/24
                                       +--------------{eth1    Client         |  eth0: 10.0.0.1/24            +-------------------+
                                       |              |                       |                               |                   |
                                       |              |                   eth0}-------------------------------+ Other LAN clients |
                                       |              +-----------------------+                               |                   |
                                       |                                                                      |    10.0.0.0/24    |
                              +--------+-----------+                                                          |   (internal net)  |
                              |                    |                                                          +-------------------+
                              |  Other LAN clients |
                              |                    |
                              |   192.168.1.0/24   |
                              |   (internal net)   |
                              +--------------------+


I have OpenVPN installed on my Box and I've put the config file from my provider on it. When I start OpenVPN I can enter the credentials and after this it tells me something like this:

Code:

WARNING: openvpn has started, but is inactive


EDIT:
Here's the OpenVPN conf from my provider:
Code:
root@vpn # cat /etc/openvpn/openvpn.conf
client
dev tun
proto udp
remote 123.456.789.123 1194
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
#ca vpn.crt

tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
log /etc/openvpn/openvpn.log
verb 3

auth SHA256
cipher AES-256-CBC

<ca>
-----BEGIN CERTIFICATE-----
[u][b]I removed this[/b][/u]
-----END CERTIFICATE-----
</ca>                       



Here's what my openvpn.log says:
Code:
root@vpn # cat /etc/openvpn/openvpn.log
Mon May 23 16:53:50 2016 OpenVPN 2.3.11 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 22 2016
Mon May 23 16:53:50 2016 library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.08
Enter Auth Username:Enter Auth Password:
Mon May 23 16:54:01 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon May 23 16:54:01 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon May 23 16:54:01 2016 UDPv4 link local: [undef]
Mon May 23 16:54:01 2016 UDPv4 link remote: [AF_INET]81.xxx.xxx.xxx:1194
Mon May 23 16:54:01 2016 TLS: Initial packet from [AF_INET]81.xxx.xxx.xxx:1194, sid=8a65a303 7de0bc77
Mon May 23 16:54:01 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon May 23 16:54:01 2016 VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN
Mon May 23 16:54:01 2016 Validating certificate key usage
Mon May 23 16:54:01 2016 ++ Certificate has key usage  00a0, expects 00a0
Mon May 23 16:54:01 2016 VERIFY KU OK
Mon May 23 16:54:01 2016 Validating certificate extended key usage
Mon May 23 16:54:01 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon May 23 16:54:01 2016 VERIFY EKU OK
Mon May 23 16:54:01 2016 VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=vpn, name=VPN
Mon May 23 16:54:07 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon May 23 16:54:07 2016 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon May 23 16:54:07 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon May 23 16:54:07 2016 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon May 23 16:54:07 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon May 23 16:54:07 2016 [vpn] Peer Connection Initiated with [AF_INET]81.xxx.xxx.xxx:1194


and here's what I get from ipinfo.io:

Code:
root@vpn # wget http://ipinfo.io/ip -qO -
85.xxx.xxx.xxx


ifconfig -a doesn't even show me tun0.

Code:
root@vpn # ifconfig -a
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.207  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::20c:29ff:fe1e:4fdc  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:1e:4f:dc  txqueuelen 1000  (Ethernet)
        RX packets 81873  bytes 20522651 (19.5 MiB)
        RX errors 0  dropped 17  overruns 0  frame 0
        TX packets 1683  bytes 510799 (498.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.1  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::20c:29ff:fe1e:4fe6  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:1e:4f:e6  txqueuelen 1000  (Ethernet)
        RX packets 79924  bytes 20338976 (19.3 MiB)
        RX errors 0  dropped 17  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0   


/dev/tun is present an loaded, so dmesg shows it.

Code:
root@vpn # dmesg | grep tun
[   19.241340] tun: Universal TUN/TAP device driver, 1.6
[   19.241347] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>



I hope someone could help me getting this running

thanks in advance


Last edited by MasterGollom on Sat May 28, 2016 12:30 pm; edited 1 time in total
Back to top
View user's profile Send private message
patrix_neo
Guru
Guru


Joined: 08 Jan 2004
Posts: 518
Location: The Maldives

PostPosted: Wed May 25, 2016 7:44 pm    Post subject: Reply with quote

I can see right away that your config states dev tun

Here: https://wiki.gentoo.org/wiki/OpenVPN
it says dev tun0

If you haven't read the document above, I'd check my kernel config as well as any iptable rules you might have.
I had this behaviour too a while back. Not 100% sure, but make it so that you have all necessary kernel modules loaded (=m) or that your kernel supports it (=y).
Back to top
View user's profile Send private message
MasterGollom
n00b
n00b


Joined: 23 May 2016
Posts: 10
Location: Luxembourg

PostPosted: Sat May 28, 2016 12:29 pm    Post subject: Reply with quote

Got everything running now.

Due to a wrong username (my stupidity) the login on my vpn service failed and tun0 hasn't been opened.

thanks anyway
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum