Answer the question
In order to leave comments, you need to log in
K
K
Kalombyr2018-05-29 17:50:21
Kalombyr, 2018-05-29 17:50:21
How to properly configure routing when using a VPN?
Good afternoon.
I am training in setting up and understanding routing, using iptables.
I set up an openvn client
on the server, a LAN (eth0, ip via dhcp, 192.168.0.1) connects to the server, the
Internet connects via ppp0
So far, I have configured the Internet to be in LAN, the iptaqbles rules:
iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -j ACCEPT
-A FORWARD -j LOG
-A OUTPUT -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPTWhen trying to connect a vpn client:
openvpn client.confI get an error (the first in a row):
RTNETLINK answers: No such deviceHere is the full log:
Openvpn client.conf output
Tue May 29 17:36:21 2018 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
Tue May 29 17:36:21 2018 WARNING: file '*****.key' is group or others accessible
Tue May 29 17:36:21 2018 Socket Buffers: R=[212992->131072] S=[212992->131072]
Tue May 29 17:36:21 2018 UDPv4 link local: [undef]
Tue May 29 17:36:21 2018 UDPv4 link remote: [AF_INET]5.187.*.*:1194
Tue May 29 17:36:21 2018 TLS: Initial packet from [AF_INET]5.187.*.*:1194, sid=7236fb1f 0e419553
Tue May 29 17:36:22 2018 VERIFY OK: depth=1, C=RU, ST=RU, L=gorod, O=username, OU=Home, CN=usernameCA, name=server, emailAddress=email
Tue May 29 17:36:22 2018 VERIFY OK: nsCertType=SERVER
Tue May 29 17:36:22 2018 VERIFY OK: depth=0, C=RU, ST=RU, L=gorod, O=username, OU=Home, CN=server, name=server, emailAddress=email
Tue May 29 17:36:23 2018 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue May 29 17:36:23 2018 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 29 17:36:23 2018 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue May 29 17:36:23 2018 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 29 17:36:23 2018 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue May 29 17:36:23 2018 [server] Peer Connection Initiated with [AF_INET]5.187.*.*:1194
Tue May 29 17:36:25 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue May 29 17:36:25 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,dhcp-option DNS 8.8.8.8,route 10.100.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.100.0.22 10.100.0.21'
Tue May 29 17:36:25 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue May 29 17:36:25 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue May 29 17:36:25 2018 OPTIONS IMPORT: route options modified
Tue May 29 17:36:25 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue May 29 17:36:25 2018 ROUTE_GATEWAY ON_LINK IFACE=ppp0 HWADDR=00:00:00:00:00:00
Tue May 29 17:36:25 2018 TUN/TAP device tun0 opened
Tue May 29 17:36:25 2018 TUN/TAP TX queue length set to 100
Tue May 29 17:36:25 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue May 29 17:36:25 2018 /sbin/ip link set dev tun0 up mtu 1500
Tue May 29 17:36:25 2018 /sbin/ip addr add dev tun0 local 10.100.0.22 peer 10.100.0.21
Tue May 29 17:36:25 2018 /sbin/ip route add 5.187.*.*/32 via 0.0.0.0
RTNETLINK answers: No such device
Tue May 29 17:36:25 2018 ERROR: Linux route add command failed: external program exited with error status: 2
Tue May 29 17:36:25 2018 /sbin/ip route del 0.0.0.0/0
Tue May 29 17:36:25 2018 /sbin/ip route add 0.0.0.0/0 via 10.100.0.21
Tue May 29 17:36:25 2018 /sbin/ip route add 10.100.0.0/24 via 10.100.0.21
Tue May 29 17:36:25 2018 Initialization Sequence Completed
^CTue May 29 17:36:29 2018 /sbin/ip route del 10.100.0.0/24
Tue May 29 17:36:29 2018 /sbin/ip route del 5.187.*.*/32
RTNETLINK answers: No such process
Tue May 29 17:36:29 2018 ERROR: Linux route delete command failed: external program exited with error status: 2
Tue May 29 17:36:29 2018 /sbin/ip route del 0.0.0.0/0
Tue May 29 17:36:29 2018 /sbin/ip route add 0.0.0.0/0 via 0.0.0.0
RTNETLINK answers: No such device
Tue May 29 17:36:29 2018 ERROR: Linux route add command failed: external program exited with error status: 2
Tue May 29 17:36:29 2018 Closing TUN/TAP interface
Tue May 29 17:36:29 2018 /sbin/ip addr del dev tun0 local 10.100.0.22 peer 10.100.0.21
Tue May 29 17:36:29 2018 SIGINT[hard,] received, process exiting
Tue May 29 17:36:21 2018 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
Tue May 29 17:36:21 2018 WARNING: file '*****.key' is group or others accessible
Tue May 29 17:36:21 2018 Socket Buffers: R=[212992->131072] S=[212992->131072]
Tue May 29 17:36:21 2018 UDPv4 link local: [undef]
Tue May 29 17:36:21 2018 UDPv4 link remote: [AF_INET]5.187.*.*:1194
Tue May 29 17:36:21 2018 TLS: Initial packet from [AF_INET]5.187.*.*:1194, sid=7236fb1f 0e419553
Tue May 29 17:36:22 2018 VERIFY OK: depth=1, C=RU, ST=RU, L=gorod, O=username, OU=Home, CN=usernameCA, name=server, emailAddress=email
Tue May 29 17:36:22 2018 VERIFY OK: nsCertType=SERVER
Tue May 29 17:36:22 2018 VERIFY OK: depth=0, C=RU, ST=RU, L=gorod, O=username, OU=Home, CN=server, name=server, emailAddress=email
Tue May 29 17:36:23 2018 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue May 29 17:36:23 2018 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 29 17:36:23 2018 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue May 29 17:36:23 2018 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 29 17:36:23 2018 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue May 29 17:36:23 2018 [server] Peer Connection Initiated with [AF_INET]5.187.*.*:1194
Tue May 29 17:36:25 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue May 29 17:36:25 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,dhcp-option DNS 8.8.8.8,route 10.100.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.100.0.22 10.100.0.21'
Tue May 29 17:36:25 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue May 29 17:36:25 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue May 29 17:36:25 2018 OPTIONS IMPORT: route options modified
Tue May 29 17:36:25 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue May 29 17:36:25 2018 ROUTE_GATEWAY ON_LINK IFACE=ppp0 HWADDR=00:00:00:00:00:00
Tue May 29 17:36:25 2018 TUN/TAP device tun0 opened
Tue May 29 17:36:25 2018 TUN/TAP TX queue length set to 100
Tue May 29 17:36:25 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue May 29 17:36:25 2018 /sbin/ip link set dev tun0 up mtu 1500
Tue May 29 17:36:25 2018 /sbin/ip addr add dev tun0 local 10.100.0.22 peer 10.100.0.21
Tue May 29 17:36:25 2018 /sbin/ip route add 5.187.*.*/32 via 0.0.0.0
RTNETLINK answers: No such device
Tue May 29 17:36:25 2018 ERROR: Linux route add command failed: external program exited with error status: 2
Tue May 29 17:36:25 2018 /sbin/ip route del 0.0.0.0/0
Tue May 29 17:36:25 2018 /sbin/ip route add 0.0.0.0/0 via 10.100.0.21
Tue May 29 17:36:25 2018 /sbin/ip route add 10.100.0.0/24 via 10.100.0.21
Tue May 29 17:36:25 2018 Initialization Sequence Completed
^CTue May 29 17:36:29 2018 /sbin/ip route del 10.100.0.0/24
Tue May 29 17:36:29 2018 /sbin/ip route del 5.187.*.*/32
RTNETLINK answers: No such process
Tue May 29 17:36:29 2018 ERROR: Linux route delete command failed: external program exited with error status: 2
Tue May 29 17:36:29 2018 /sbin/ip route del 0.0.0.0/0
Tue May 29 17:36:29 2018 /sbin/ip route add 0.0.0.0/0 via 0.0.0.0
RTNETLINK answers: No such device
Tue May 29 17:36:29 2018 ERROR: Linux route add command failed: external program exited with error status: 2
Tue May 29 17:36:29 2018 Closing TUN/TAP interface
Tue May 29 17:36:29 2018 /sbin/ip addr del dev tun0 local 10.100.0.22 peer 10.100.0.21
Tue May 29 17:36:29 2018 SIGINT[hard,] received, process exiting
client.conf
client
dev tun
proto udp
remote myserver 1194
cipher AES-256-CBC
resolv-retry infinite
nobind
persist-key
persist-tun
ca serverCA.crt
cert test1.crt
key test1.key
ns-cert-type server
comp-lzo
verb 3
client
dev tun
proto udp
remote myserver 1194
cipher AES-256-CBC
resolv-retry infinite
nobind
persist-key
persist-tun
ca serverCA.crt
cert test1.crt
key test1.key
ns-cert-type server
comp-lzo
verb 3
At the same time, ppp0 also disappears.
I tried to search for the first error - they don’t write anything from the word at all!
Tell me, please, what is wrong?
2 answer(s)
@Kalombyr
K
Kalombyr, 2018-05-29 @Kalombyr
UPDT1:
If you manually add a route before starting, ip route add 5.187.*.*/32 ppp0
then everything rises and works (the error with the route remains), but it's not clear why these errors still come out and how to set it up correctly?
UPDT2: If you google openvpn over ppp0, the solutions are the same and they write that it is, uh, a bug/feature of openvpn
and
ppp0
Similar questions
O
B
S
K
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question