[Openvpn-users] redirect-gateway + http-proxy + ppp problem

[Laurent GUERBY <laurent@xxxxxxxxxx>]

Hi,

I have an openvpn server on a machine connected to the internet with
public IP SERVERIP and I'm trying to make a Nokia N800 (running Linux)
get all of its data through the openvpn server.

When I connect the N800 via wifi my N800 to my home network everything
works as expected: traceroute to another internet connected machine goes
through SERVERIP (so NAT seems to be properly activated on SERVERIP).

When I connect the N800 via a ppp connection to my bluetooth phone,
and when I tell the openvpn client to use http-proxy of my provider
(PROXYIP) then it doesn't work: traceroute goes through ppp
and my ISP network and not SERVERIP. 

In the client logs in the ppp case I have a "cannot read current default
gateway from system" message:

Wed Dec  5 00:31:24 2007 [server] Peer Connection Initiated with PROXYIP:80
Wed Dec  5 00:31:25 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Dec  5 00:31:27 2007 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 10.73.32.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 10.73.32.6 10.73.32.5'
Wed Dec  5 00:31:27 2007 OPTIONS IMPORT: timers and/or timeouts modified
Wed Dec  5 00:31:27 2007 OPTIONS IMPORT: --ifconfig/up options modified
Wed Dec  5 00:31:27 2007 OPTIONS IMPORT: route options modified
Wed Dec  5 00:31:27 2007 TUN/TAP device tun0 opened
Wed Dec  5 00:31:27 2007 /sbin/ifconfig tun0 10.73.32.6 pointopoint 10.73.32.5 mtu 1500
Wed Dec  5 00:31:27 2007 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Wed Dec  5 00:31:27 2007 /sbin/route add -net 10.73.32.0 netmask 255.255.255.0 gw 10.73.32.5
Wed Dec  5 00:31:27 2007 Initialization Sequence Completed

On the server I have the following:

Wed Dec  5 12:36:29 2007 us=727053 TCPv4_SERVER link local: [undef]
Wed Dec  5 12:36:29 2007 us=727080 TCPv4_SERVER link remote: PROXYIP:1335
WRWed Dec  5 12:36:31 2007 us=101407 PROXYIP:1335 TLS: Initial packet from PROXYIP:1335, sid=5912e5ca d0aadb71
WRWRRWWWWRWRWRWWRWWRWWWRWWRWRRWRWRWRWWWRWWRWWRWWRWRWRWWWWWWWWWWWWWWWRRWRRWRRWWRRRWRRRWWRRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWed Dec  5 12:37:03 2007 us=548244 PROXYIP:1335 VERIFY OK:
 depth=1, /C=FR/ST=75002/L=PARIS/O=OpenVPN-GUERBY/CN=server/emailAddress=laurent@xxxxxxxxxx
Wed Dec  5 12:37:03 2007 us=548766 PROXYIP:1335 VERIFY OK: depth=0, /C=FR/ST=75002/O=OpenVPN-GUERBY/CN=n800/emailAddress=laurent@xxxxxxxxxx
WRWRWRWRWRWRWRWRWRWed Dec  5 12:37:06 2007 us=366857 PROXYIP:1335 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Dec  5 12:37:06 2007 us=366984 PROXYIP:1335 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec  5 12:37:06 2007 us=367082 PROXYIP:1335 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Dec  5 12:37:06 2007 us=367116 PROXYIP:1335 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WWWRWWWRWed Dec  5 12:37:08 2007 us=922175 PROXYIP:1335 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Dec  5 12:37:08 2007 us=922293 PROXYIP:1335 [n800] Peer Connection Initiated with PROXYIP:1335
Wed Dec  5 12:37:08 2007 us=922429 n800/PROXYIP:1335 MULTI: Learn: 10.73.32.6 -> n800/PROXYIP:1335
Wed Dec  5 12:37:08 2007 us=922470 n800/PROXYIP:1335 MULTI: primary virtual IP for n800/PROXYIP:1335: 10.73.32.6
RWed Dec  5 12:37:09 2007 us=743831 n800/PROXYIP:1335 PUSH: Received control message: 'PUSH_REQUEST'
Wed Dec  5 12:37:09 2007 us=743967 n800/PROXYIP:1335 SENT CONTROL [n800]: 'PUSH_REPLY,redirect-gateway def1,route 10.73.32.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 10.73.32.6 10.73.32.5' (sta
tus=1)
WWWRRRWRRWRWRWRWRWRWRWRWRRWWWWWWWWWWWWWWWWWWWWWWWWWed Dec  5 12:42:41 2007 us=95446 n800/PROXYIP:1335 [n800] Inactivity timeout (--ping-restart), restarting
Wed Dec  5 12:42:41 2007 us=95576 n800/PROXYIP:1335 SIGUSR1[soft,ping-restart] received, client-instance restarting
Wed Dec  5 12:42:41 2007 us=96114 TCP/UDP: Closing socket
Wed Dec  5 12:47:28 2007 us=166556 TCP/UDP: Closing socket


I have put below route -n / ifconfig before and after starting the
openvpn client in the situation where it works and the situation where
it doesn't work together with version and configuration on client and
server.

I'm probably missing something trivial but I'm not a specialist,
please let me know if some useful information is missing from
this report.

Thanks in advance for your help,

Laurent

#server openvpn version
Wed Dec  5 09:30:53 2007 us=289676 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Jan 21 2007

#client openvpn version
Wed Dec  5 12:36:34 2007 OpenVPN 2.0.9 arm-unknown-linux-gnueabi [SSL] [LZO] [EPOLL] built on Nov 17 2007

#server config
port 443
proto tcp-server
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.73.32.0 255.255.255.0
ifconfig-pool-persist ipp443.txt
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
float
comp-lzo
persist-key
persist-tun
status xopenvpn-status.log
log-append  xopenvpn.log
verb 5

#client config
client
dev tun
proto tcp-client
remote SERVERIP 443
resolv-retry infinite
nobind
persist-key
persist-tun
http-proxy-retry # retry on connection failures
http-proxy PROXYIP 80
ca ca.crt
cert n800.crt
key n800.key
ns-cert-type server
comp-lzo
verb 3
log-append  x.log

#working as expected when connected on my home wifi without http-proxy-* lines in the client config:

situation before starting openvpn
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
#ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:187 errors:0 dropped:0 overruns:0 frame:0
          TX packets:187 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:13062 (12.7 KiB)  TX bytes:13062 (12.7 KiB)

wlan0     Link encap:Ethernet  HWaddr 00:19:4F:9E:97:6D  
          inet addr:192.168.1.108  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:29074 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11182 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2249426 (2.1 MiB)  TX bytes:1798664 (1.7 MiB)

after openvpn is started

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
SERVERIP    192.168.1.1     255.255.255.255 UGH   0      0        0 wlan0
10.73.32.5      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
10.73.32.0      10.73.32.5      255.255.255.0   UG    0      0        0 tun0
0.0.0.0         10.73.32.5      128.0.0.0       UG    0      0        0 tun0
128.0.0.0       10.73.32.5      128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0

# ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:187 errors:0 dropped:0 overruns:0 frame:0
          TX packets:187 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:13062 (12.7 KiB)  TX bytes:13062 (12.7 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.73.32.6  P-t-P:10.73.32.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:17 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:1080 (1.0 KiB)  TX bytes:1456 (1.4 KiB)

wlan0     Link encap:Ethernet  HWaddr 00:19:4F:9E:97:6D  
          inet addr:192.168.1.108  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:28938 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11103 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2238347 (2.1 MiB)  TX bytes:1787384 (1.7 MiB)

Traceroute shows going through SERVERIP and then going out to the internet.

#not working when the same device is connected via PPP instead of wifi.

before starting openvpn

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.6.6.6        0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
#ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:247 errors:0 dropped:0 overruns:0 frame:0
          TX packets:247 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:17142 (16.7 KiB)  TX bytes:17142 (16.7 KiB)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.13.104.75  P-t-P:10.6.6.6  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:47 errors:0 dropped:0 overruns:0 frame:0
          TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:8137 (7.9 KiB)  TX bytes:7166 (6.9 KiB)

after openvpn has started

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.73.32.5      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.6.6.6        0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
10.73.32.0      10.73.32.5      255.255.255.0   UG    0      0        0 tun0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
# ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:217 errors:0 dropped:0 overruns:0 frame:0
          TX packets:217 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:15012 (14.6 KiB)  TX bytes:15012 (14.6 KiB)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.5.14.7  P-t-P:10.6.6.6  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:64 errors:0 dropped:0 overruns:0 frame:0
          TX packets:74 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:12256 (11.9 KiB)  TX bytes:8760 (8.5 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.73.32.6  P-t-P:10.73.32.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

and traceroute goes through ppp0 and internal ISP network instead of through SERVERIP



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users