VPN unable to see network resources other than hba
-
- Posts: 12
- Joined: Sun Jan 30, 2011 8:54 pm
Re: VPN unable to see network resources other than hba
Thank you.
I really need this functionality.
If there is something a beginner can help with, I'll be happy to do so
I really need this functionality.
If there is something a beginner can help with, I'll be happy to do so
Re: VPN unable to see network resources other than hba
The only thing I can suggest to help with is searching the internet for guidance. That's what I will most likely end up doing.
There has to be something out there that describes how to set OpenVPN on Ubuntu to work as desired. If you find anything, please pass it along and we can try to implement it in the app.
There has to be something out there that describes how to set OpenVPN on Ubuntu to work as desired. If you find anything, please pass it along and we can try to implement it in the app.
ßîgƒσστ65
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Re: VPN unable to see network resources other than hba
I could use the VPNand the use Remote Desktop to access all of my windows machines on my network. Now I VPN in and can't even ping them.
There is something that has changed between the amahi configuration on the VPN.
There is something that has changed between the amahi configuration on the VPN.
Re: VPN unable to see network resources other than hba
It could be an Ubuntu specific thing. Not sure what it is but we will have to investigate. Please submit a bug in the issue tracker.
https://bugs.amahi.org
Provide as many details as possible.
https://bugs.amahi.org
Provide as many details as possible.
ßîgƒσστ65
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
-
- Posts: 12
- Joined: Sun Jan 30, 2011 8:54 pm
Re: VPN unable to see network resources other than hba
I've done a ton of reading and I've gotten this to work!
I'm still a noob and needed an IT friend explain what many of these steps mean. I'm not sure I can answer a lot of the "why it works" questions. But here is what I did (and where I found it) so hopefully this can be corrected in the amahi installer. I'll try to explain things as I understand them. This may not be exactly the right terminology, so don't kill the noob . I just know that it works on my box.
I had a working VPN connection. I could connect to my Amahi box with no issues. My issue was that once I was connected I could not see anything on the rest of my home network. I really wanted to be able to use the Windows Remote Desktop tool to access my home machines. I also wanted to be able to print to my home printer. This functionality worked great on Fedora right out of the box. But when I upgraded to Ubuntu Amahi, I could ping nothing past my Amahi box and nothing worked.
These steps assume you have a working VPN.
We want the amahi box to do the NAT between the VPN client and the amahi network. In my research, I found this tutorial. In the "Configure iptables for NAT forwarding" section they have this code:
That fixed my problem. But when you reboot the server, you have to do that every time. It doesn't stay persistent.
So to make it permanent,
edit the /etc/sysctl.conf file and either add or un-comment the line that says
That fixes the the ip forward part. To fix the iptables part I found this guide
I will cut and paste the steps I did from that guide.
I hope that helps.
I'm still a noob and needed an IT friend explain what many of these steps mean. I'm not sure I can answer a lot of the "why it works" questions. But here is what I did (and where I found it) so hopefully this can be corrected in the amahi installer. I'll try to explain things as I understand them. This may not be exactly the right terminology, so don't kill the noob . I just know that it works on my box.
I had a working VPN connection. I could connect to my Amahi box with no issues. My issue was that once I was connected I could not see anything on the rest of my home network. I really wanted to be able to use the Windows Remote Desktop tool to access my home machines. I also wanted to be able to print to my home printer. This functionality worked great on Fedora right out of the box. But when I upgraded to Ubuntu Amahi, I could ping nothing past my Amahi box and nothing worked.
These steps assume you have a working VPN.
We want the amahi box to do the NAT between the VPN client and the amahi network. In my research, I found this tutorial. In the "Configure iptables for NAT forwarding" section they have this code:
Code: Select all
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
So to make it permanent,
edit the /etc/sysctl.conf file and either add or un-comment the line that says
Code: Select all
net.ipv4.ip_forward=1
I will cut and paste the steps I did from that guide.
And thenSave your firewall rules to a file
At this point you have several options. You can make changes to /etc/network/interfaces or add scripts to /etc/network/if-pre-up.d/ and /etc/network/if-post-down.d/ to achieve similar ends. The script solution allows for slightly more flexibility.Code: Select all
sudo sh -c "iptables-save > /etc/iptables.rules"
Then I just reboot my server and everything that I wanted worked! I can use Remote Desktop and my printer.Solution #2 /etc/network/if-pre-up.d and ../if-post-down.d
NOTE: This solution uses iptables-save -c to save the counters. Just remove the -c to only save the rules.
Alternatively you could add the iptables-restore and iptables-save to the if-pre-up.d and if-post-down.d directories in the /etc/network directory instead of modifying /etc/network/interface directly.
The script /etc/network/if-pre-up.d/iptablesload will contain:
and /etc/network/if-post-down.d/iptablessave will contain:Code: Select all
#!/bin/sh iptables-restore < /etc/iptables.rules exit 0
Then be sure to give both scripts execute permissions:Code: Select all
#!/bin/sh iptables-save -c > /etc/iptables.rules if [ -f /etc/iptables.downrules ]; then iptables-restore < /etc/iptables.downrules fi exit 0
Code: Select all
sudo chmod +x /etc/network/if-post-down.d/iptablessave sudo chmod +x /etc/network/if-pre-up.d/iptablesload
I hope that helps.
Re: VPN unable to see network resources other than hba
Would you mind adding this to the wiki? We would greatly appreciate it.
ßîgƒσστ65
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Re: VPN unable to see network resources other than hba
I made a script that does this, can this be added to the openvpn ubuntu app?
Run the following with:
openvpn_extra.sh is as follows:
Run the following with:
Code: Select all
sudo bash openvpn_extra.sh
Code: Select all
#!/bin/bash
log_file="/tmp/openvpn_extra.log"
function log()
{
echo -e "$(date +%b\ %d\ %H:%M:%S) $(hostname -s) openvpn_extra: $@" >> $log_file
echo -e "$(date +%b\ %d\ %H:%M:%S) $(hostname -s) openvpn_extra: $@"
}
# Enable it right now
if ! echo 1 > /proc/sys/net/ipv4/ip_forward; then
log "FATAL: could not enable ip_forward for immediate use"
exit 1
fi
if ! iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; then
log "FATAL: could not set iptables for immediate use"
exit 1
fi
#set it up so it does it at startup
if ! sed -i 's/#net.ipv4.ip_forward=.*\+/net.ipv4.ip_forward=1/' /etc/sysctl.conf; then
log "FATAL: could not set ip_forward permanantly"
exit 1
fi
if ! sh -c "iptables-save > /etc/iptables.rules"; then
log "FATAL: could not set iptables permanantly"
exit 1
fi
sudo cat > /etc/network/if-pre-up.d/iptablesload <<EOF
#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0
EOF
sudo cat > /etc/network/if-post-down.d/iptablessave <<EOF
#!/bin/sh
iptables-save -c > /etc/iptables.rules
if [ -f /etc/iptables.downrules ]; then
iptables-restore < /etc/iptables.downrules
fi
exit 0
EOF
if ! chmod +x /etc/network/if-post-down.d/iptablessave; then
log "FATAL: Could not chmod the iptablessave script"
exit 1
fi
if ! chmod +x /etc/network/if-pre-up.d/iptablesload; then
log "FATAL: Could not chmod the iptablesload script"
exit 1
fi
echo "Done"
exit 0
Re: VPN unable to see network resources other than hba
Please submit this as a bug in the issue tracker. We will take a look when time permits.
http://bugs.amahi.org/
FYI...we are not dedicating much to Ubuntu apps until Amahi 7 is fully functional. Not saying this cannot be done, but it may be a few days.
You could also add this to the wiki.
http://bugs.amahi.org/
FYI...we are not dedicating much to Ubuntu apps until Amahi 7 is fully functional. Not saying this cannot be done, but it may be a few days.
You could also add this to the wiki.
ßîgƒσστ65
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
-
- Posts: 42
- Joined: Tue Jan 22, 2013 3:36 pm
Re: VPN unable to see network resources other than hba
Thank you for your post. I do have a question for you. Did you follow the instructions in the wiki for VPN bridging prior to doing this, or did you not follow those at all?I've done a ton of reading and I've gotten this to work!
I'm still a noob and needed an IT friend explain what many of these steps mean. I'm not sure I can answer a lot of the "why it works" questions. But here is what I did (and where I found it) so hopefully this can be corrected in the amahi installer. I'll try to explain things as I understand them. This may not be exactly the right terminology, so don't kill the noob . I just know that it works on my box.
I had a working VPN connection. I could connect to my Amahi box with no issues. My issue was that once I was connected I could not see anything on the rest of my home network. I really wanted to be able to use the Windows Remote Desktop tool to access my home machines. I also wanted to be able to print to my home printer. This functionality worked great on Fedora right out of the box. But when I upgraded to Ubuntu Amahi, I could ping nothing past my Amahi box and nothing worked.
These steps assume you have a working VPN.
We want the amahi box to do the NAT between the VPN client and the amahi network. In my research, I found this tutorial. In the "Configure iptables for NAT forwarding" section they have this code:
That fixed my problem. But when you reboot the server, you have to do that every time. It doesn't stay persistent.Code: Select all
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
So to make it permanent,
edit the /etc/sysctl.conf file and either add or un-comment the line that says
That fixes the the ip forward part. To fix the iptables part I found this guideCode: Select all
net.ipv4.ip_forward=1
I will cut and paste the steps I did from that guide.
And thenSave your firewall rules to a file
At this point you have several options. You can make changes to /etc/network/interfaces or add scripts to /etc/network/if-pre-up.d/ and /etc/network/if-post-down.d/ to achieve similar ends. The script solution allows for slightly more flexibility.Code: Select all
sudo sh -c "iptables-save > /etc/iptables.rules"
Then I just reboot my server and everything that I wanted worked! I can use Remote Desktop and my printer.Solution #2 /etc/network/if-pre-up.d and ../if-post-down.d
NOTE: This solution uses iptables-save -c to save the counters. Just remove the -c to only save the rules.
Alternatively you could add the iptables-restore and iptables-save to the if-pre-up.d and if-post-down.d directories in the /etc/network directory instead of modifying /etc/network/interface directly.
The script /etc/network/if-pre-up.d/iptablesload will contain:
and /etc/network/if-post-down.d/iptablessave will contain:Code: Select all
#!/bin/sh iptables-restore < /etc/iptables.rules exit 0
Then be sure to give both scripts execute permissions:Code: Select all
#!/bin/sh iptables-save -c > /etc/iptables.rules if [ -f /etc/iptables.downrules ]; then iptables-restore < /etc/iptables.downrules fi exit 0
Code: Select all
sudo chmod +x /etc/network/if-post-down.d/iptablessave sudo chmod +x /etc/network/if-pre-up.d/iptablesload
I hope that helps.
-
- Posts: 42
- Joined: Tue Jan 22, 2013 3:36 pm
Re: VPN unable to see network resources other than hba
I just ran this script on my HDA and I can confirm it works, even after restart! EXCELLENT!
Who is online
Users browsing this forum: No registered users and 9 guests