[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Another question


  • Subject: Re: [Openvpn-users] Another question
  • From: Willy Offermans <Willy@xxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 11 May 2007 10:00:02 +0200

Hello Akuma,

On Thu, May 10, 2007 at 09:02:24PM -0400, Akuma Daimao wrote:
> I'm having a lot of difficulty with this, possibly owing to my lack of
> in-depth understanding of how networking works and possibly because
> I'm trying to do something that the program wasn't designed for.
> 
> Please bear with me while I explain.
> 
> I have, at my home, a LAN set up using a Belkin router with built-in
> WAP.  This LAN is connected through the router to broadband internet.
> 
> At school, I use a laptop with a wireless connection to the school's
> network.  Access to the outside is through a proxy (not sure what
> kind), and that proxy blocks most ports (except for the basics -- SSH,
> HTML and AIM are pretty much the only ones that are open).
> 
> I have SSH running on my home machine, which we'll call the Server.
> This allows me to create SSH tunnels, since I have 22 open on the LAN
> router/gateway pointing to the Server.  So the setup is basically:
> 
> Laptop (client) --> School proxy --> Internet --> Home router --> Server
> 
> Now, I've set up OpenVPN to connect using an SSH tunnel.  I have it so
> that port 9000 on the client tunnels to port 1194 on the Server while
> the SSH connection is active.  I have successfully configured things
> so that I can connect to the OpenVPN server and ping both the OpenVPN
> server IP (172.x) and internal network addresses (192.168.x) from the
> client.
> 
> Here are the config files I am using:
> 
> CLIENT:
> client
> dev tun
> proto tcp
> remote localhost 9000 # Tunnels to 192.168.x:1194 while SSH is active
> resolv-retry infinite
> nobind
> persist-key
> persist-tun
> mute-replay-warnings
> ca ca.crt
> cert matthew.crt
> key matthew.key
> ns-cert-type server
> tls-auth ta.key 1
> cipher BF-CBC
> comp-lzo
> verb 3
> mute 20
> route 192.168.x.0 255.255.255.0
> 
> SERVER:
> port 1194
> proto tcp
> dev tun
> ca /etc/openvpn/ca.crt
> cert /etc/openvpn/cain.crt
> key /etc/openvpn/cain.key  # This file should be kept secret
> dh /etc/openvpn/dh1024.pem
> server 172.x.0.0 255.255.255.0
> ifconfig-pool-persist ipp.txt
> keepalive 10 120
> tls-auth /etc/openvpn/ta.key 0 # This file is secret
> cipher BF-CBC        # Blowfish (default)
> comp-lzo
> max-clients 10
> user nobody
> group nogroup
> persist-key
> persist-tun
> status openvpn-status.log
> verb 3
> 
> Again, using this setup I can ping the OpenVPN server using either its
> 172.x address or its 192.168.x address, and I can also ping the router
> using its 192.168.x address.
> 
> I know that it's possible to set up PuTTY to run a SOCKS proxy over a
> given port that I can then funnel traffic through using SocksCap, but
> that isn't automatic nor is it really seamless.  What I'd really like
> to do is use the OpenVPN adapter as the default for internet traffic,
> so that all of my traffic (web browsing, IM clients, online gaming)
> goes through the SSH tunnel and the VPN. Someone pointed me to a HOWTO
> to do this; it basically said that I had to add these lines to the
> server config:
> 
> push "redirect-gateway def1"
> push "dhcp-option DNS 172.x.0.1"
> 
> I do that, and the entire connection dies.  The tunnel collapses, I
> can't ping anything anymore, it basically wipes out my internet.
> 
> I notice that, when I add those options to the server file, the
> "default gateway" for my VPN device becomes 172.x.0.5; is it perhaps
> because the default gateway doesn't become 172.x.0.1 that things stop
> working?  Or am I inadvertently setting up some kind of feedback loop
> because of the SSH tunnel?  If that's the case, is there any way to
> avoid this?
> 
> Any help anyone could give would be appreciated.  I've read through
> the documentation but to a large extent I'm finding myself lost.
> 
> Thanks,
> Akuma
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users

Running openvpn via an ssh tunnel is extremely weird. Either you run
openvpn or you run ssh, but not the one on top of the other. Once you know how
to handle ssh you can tunnel any application (port) through it you
want, there is no need for (open)vpn anylonger. (Open)vpn and ssh are
equivalent so to say.

-- 
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,
De jrus wah,

Willy

*************************************
W.K. Offermans
Home:   +31 45 544 49 44
Mobile: +31 653 27 16 23
e-mail: Willy@xxxxxxxxxxxxxxxxxxx

                                       Powered by ....

                                            (__)
                                         \\\'',)
                                           \/  \ ^
                                           .\._/_)
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users