[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Road Warrior email sending (SOLVED)


  • Subject: Re: [Openvpn-users] Road Warrior email sending (SOLVED)
  • From: "Jeff Boyce" <jboyce@xxxxxxxxxxxxxxx>
  • Date: Mon, 10 Dec 2007 08:27:39 -0800

There were two issues occurring here.  I changed the outgoing mail server to 
the same as my incoming mail server and selected the option in Windows Mail 
to use the same authentication as the incoming server.  Then, I put 
wireshark on the problem laptop, and the output made me suspect that it was 
a firewall issue at the public access wifi point.  I tried the same 
configuration at another public wifi point and everything worked as 
expected.


----- Original Message ----- 
From: "Jeff Boyce" <jboyce@xxxxxxxxxxxxxxx>
To: "Les Mikesell" <lesmikesell@xxxxxxxxx>; "David Balazic" 
<David.Balazic@xxxxxxxxxxxxxxxxxx>
Cc: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, December 04, 2007 10:06 AM
Subject: Re: [Openvpn-users] Road Warrior email sending (Off-Topic)


> Re: [Openvpn-users] Road Warrior email sending (Off-Topic)David -
>
>    Thanks for the response.  I think I have listed all the information you 
> requested, except I did not capture the actual error message on the 
> Windows client (stupid newbie mistake).  I believe that it was something 
> to the effect that it could not connect to SMTP server.  I am a little 
> hampered by limited access to this laptop as it is in use in the office 
> all week, and I can only test it on the weekend at my local library free 
> wifi hotspot.  I am open to all suggestions, but won't be able to test 
> them until Saturday. Thanks.
>
> Client OpenVPN Config.
> client
> dev tun
> proto udp
> remote aaa.bbb.ccc.ddd 1194
> pull
> nobind
> persist-key
> persist-tun
> tls-client
> ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
> cert "C:\\Program Files\\OpenVPN\\config\\laptop.crt"
> key "C:\\Program Files\\OpenVPN\\config\\laptop.key"
> ns-cert-type server
> resolv-retry infinite
> comp-lzo
> route-method exe
> route-delay 2
> verb 4
>
> Server OpenVPN Config.
> local 192.168.112.1
> port 1194
> proto udp
> dev tun
> tls-server
> ca /etc/openvpn/easy-rsa/keys/ca.crt
> cert /etc/openvpn/easy-rsa/keys/VPNserver.crt
> key /etc/openvpn/easy-rsa/keys/VPNserver.key
> dh /etc/openvpn/easy-rsa/keys/dh2048.pem
> server 10.8.6.0 255.255.255.0
> float
> ifconfig-pool-persist /etc/openvpn/ipp.txt 120
> push "route 192.168.112.0 255.255.255.0"
> keepalive 10 120
> comp-lzo
> user nobody
> group nobody
> persist-key
> persist-tun
> status /var/log/openvpn-status.log
> log-append /var/log/openvpn.log
> verb 4
>
> Office Network Topology
> WindowsClient (192.168.112.113) ---> Network Switch ---> DSL Router ---> 
> Internet
> Samba/OpenVPN Server (192.168.112.1) ---> Network Switch ---> DSL 
> Router ---> Internet
> DSL Router is default gateway (192.168.112.10)
>
> This client obtains an IP through OpenVPN ipp.txt of 10.8.6.24
>
> Server network settings
> [jeffb@bison jeffb] $ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:0F:1F:65:9E:CA
>          inet addr:192.168.112.1  Bcast:192.168.112.255 
> Mask:255.255.255.0
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:124211875 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:47702028 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:100
>          RX bytes:2124965032 (2026.5 Mb)  TX bytes:430228532 (410.2 Mb)
>          Base address:0xdce0 Memory:fdae0000-fdb00000
>
> lo        Link encap:Local Loopback
>          inet addr:127.0.0.1  Mask:255.0.0.0
>          UP LOOPBACK RUNNING  MTU:16436  Metric:1
>          RX packets:23210180 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:23210180 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:0
>          RX bytes:2637805388 (2515.6 Mb)  TX bytes:2637805388 (2515.6 Mb)
>
> tun0      Link encap:Point-to-Point Protocol
>          inet addr:10.8.6.1  P-t-P:10.8.6.2  Mask:255.255.255.255
>          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>          RX packets:8643 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:12426 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:100
>          RX bytes:676295 (660.4 Kb)  TX bytes:13894798 (13.2 Mb)
>
> Client Network Settings
> Windows IP Configuration
>   Host Name . . . . . . . . . . . . : JSN-D830
>   Primary Dns Suffix  . . . . . . . :
>   Node Type . . . . . . . . . . . . : Hybrid
>   IP Routing Enabled. . . . . . . . : No
>   WINS Proxy Enabled. . . . . . . . : No
>
> Ethernet adapter Local Area Connection* 7:
>   Media State . . . . . . . . . . . : Media disconnected
>   Connection-specific DNS Suffix  . :
>   Description . . . . . . . . . . . : TAP-Win32 Adapter V8
>   Physical Address. . . . . . . . . : aa-bb-cc-dd-ee-ff
>   DHCP Enabled. . . . . . . . . . . : Yes
>   Autoconfiguration Enabled . . . . : Yes
>
> Wireless LAN adapter Wireless Network Connection:
>   Media State . . . . . . . . . . . : Media disconnected
>   Connection-specific DNS Suffix  . : domain.actdsltmp
>   Description . . . . . . . . . . . : Dell Wireless 1490 Dual Band WLAN 
> Mini-Card
>   Physical Address. . . . . . . . . : bb-cc-dd-ee-ff-gg
>   DHCP Enabled. . . . . . . . . . . : Yes
>   Autoconfiguration Enabled . . . . : Yes
>
> Ethernet adapter Local Area Connection:
>   Connection-specific DNS Suffix  . :
>   Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit 
> Controller
>   Physical Address. . . . . . . . . : cc-dd-ee-ff-gg-hh
>   DHCP Enabled. . . . . . . . . . . : No
>   Autoconfiguration Enabled . . . . : Yes
>   Link-local IPv6 Address . . . . . : qqqq::rrrr:sss:tttt:c19%9(Preferred)
>   IPv4 Address. . . . . . . . . . . : 192.168.112.113(Preferred)
>   Subnet Mask . . . . . . . . . . . : 255.255.255.0
>   Default Gateway . . . . . . . . . : 192.168.112.10
>   DNS Servers . . . . . . . . . . . : 205.171.3.65
>                                       205.171.2.65
>   NetBIOS over Tcpip. . . . . . . . : Enabled
>
>
> Connection settings in Windows Mail for our laptops are:
> Incoming Mail Server is : POP3
> Incoming Mail (POP3) : electra.he.net
> Outgoing Mail (SMTP) : pop.sttl.qwest.net
>
> I tried the redirect-gateway option on the client configuration file with 
> no effect.
> I tried changing the outgoing connection setting to electra.he.net, but 
> that did not change anything.  Looking at those connection settings now in 
> Window Mail maybe this is as simple as changing the outgoing connection 
> setting to electra.he.net, then also selecting the outgoing server 
> requires authentication option (I didn't notice this before) and select 
> using the same settings as the incoming server authentication.
>
> Thanks, Jeff
>
>
>
> ----- Original Message ----- 
> From: David Balazic
> To: Jeff Boyce ; Les Mikesell
> Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Sent: Tuesday, December 04, 2007 9:03 AM
> Subject: RE: [Openvpn-users] Road Warrior email sending (Off-Topic)
>
>
> Not really off topic. At least not more than any other "I have wrong 
> routing" posts.
> For help :
> - client and server ovpn config files
> - network topology
> - network settings of non-vpn interfaces (on client and server)
> - where is the mail server located ? what protocol does it use ? what is 
> the error message you get ?
>
> Regards,
> David
>
>
>
> From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Jeff Boyce
> Sent: Tue 04-Dec-07 17:47
> To: Les Mikesell
> Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openvpn-users] Road Warrior email sending (Off-Topic)
>
>
> Les -
>
>    Thanks for the explanation.  Unfortunately it doesn't appear to help my
> situation.  We do not run a mail server at our office.  Our incoming mail
> service is provided by a third party provider.  Our outgoing mail service 
> is
> directed to the mail server at our local DSL provider.  All incoming and
> outgoing mail for the PC clients in our office therefore does not go 
> through
> our server.  My employee would love to be able to use her regular Windows
> Mail client when she is accessing the internet from wireless connections 
> at
> hotel meeting rooms.  If anyone has any other suggestions for me you can
> send them directly to me and we can take this off-list, since we are 
> clearly
> off topic now.  Thanks.
>
> Jeff
>
>
> ----- Original Message -----
> From: "Les Mikesell" <lesmikesell@xxxxxxxxx>
> To: "Jeff Boyce" <jboyce@xxxxxxxxxxxxxxx>
> Cc: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
> Sent: Tuesday, December 04, 2007 8:24 AM
> Subject: Re: [Openvpn-users] Road Warrior email sending
>
>
>> Jeff Boyce wrote:
>>>
>>>    Clearly this subject is moving off-topic for this list, but as a
>>> novice administrator for a small office I need to ask for some 
>>> additional
>>> clarification on your advice.  In your last sentence you state that if
>>> the openvpn connection is not known by the mail server, I will have to
>>> fix that up, or set up authentication.  How would I fix it up, or how
>>> would I set up authentication?  With the amount of information I 
>>> provided
>>> on my setup I don't expect you to be able to provide an specifics, but
>>> can you give me some general guidance, and terms that I can use to do
>>> some further searching on google and find documentation to read?
>>> Anything will help here.  Thanks.
>>
>> If you are running the stock RH sendmail, you probably have already fixed
>> the DAEMON_OPTIONS line in /etc/mail/sendmail.mc by removing the
>> Addr=127.0.0.1 that prevents receiving any outside mail and rebuilt
>> sendmail.cf (by running make in /etc/mail or just restarting sendmail 
>> with
>> 'service sendmail restart').  You also probably have an entry in
>> /etc/mail/access with RELAY for your lan IP range.  Add another entry to
>> cover your openvpn range that permits RELAY for them, and rebuild the
>> access.db by running make or restarting sendmail.  You should see entries
>> in /var/log/maillog for anything you send so you can tell if it was 
>> denied
>> or sent.  Authentication is somewhat more complicated, but in combination
>> with ssl encryption which virtually all mail clients do these days, it 
>> can
>> make the vpn unnecessary if all you want is mail access.
>>
>> --
>>   Les Mikesell
>>    lesmikesell@xxxxxxxxx
>>
>>
>>
>
>
> -------------------------------------------------------------------------
> SF.Net email is sponsored by: The Future of Linux Business White Paper
> from Novell.  From the desktop to the data center, Linux is going
> mainstream.  Let it simplify your IT future.
> http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users