OpenVPN/IPSec woes

arthurdent4242
Posts: 42
Joined: Tue Jan 22, 2013 3:36 pm

OpenVPN/IPSec woes

Postby arthurdent4242 » Mon Sep 23, 2013 4:55 pm

Hey guys, I am having two issues. I believe one is related to routing, as for the other, I am not sure.

Issue 1:

I have OpenVPN setup and I am able to connect to the tunnel from a remote location just fine. I can browse the internet just fine. I can reach the HDA and the files on the HDA without an issue, however I cannot access any of my other network clients while connected to the OpenVPN tunnel. I have been doing some digging, and it looks like this may be a routing issue, but I don't know where to start with this. I am assuming this has to happen on the server, but what configuration file do I need to edit to get this working?

Issue 2:

I also have the IPSec tunnel setup. I can connect to this tunnel from my phone and my mac and access the internet as well as all of the network shares, however I am not able to get my Ubuntu client to connect to the IPSec tunnel. I installed vpnc and network-manager-vpnc, however everytime I try to connect to it I get "vpnc: no response from target". This one has me stumped. I did some checking and found that adding the line about NAT Traversal as well as the Local Port solved it for some people. I tried and it didn't work for me. Any help would be appreciated on either issue.

My main goal here is to be able to access all of my networked clients on my home network from remote locations. I can do it from my phone and my mac, now I would like to be able to do it from my Ubuntu client.

TIA

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN/IPSec woes

Postby bigfoot65 » Mon Sep 23, 2013 5:06 pm

Suggest you check out the wiki. There is some guidance there that might help.
https://wiki.amahi.org/index.php/VPN
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

arthurdent4242
Posts: 42
Joined: Tue Jan 22, 2013 3:36 pm

Re: OpenVPN/IPSec woes

Postby arthurdent4242 » Mon Sep 23, 2013 6:28 pm

Thanks Bigfoot. I knew I recalled something along the lines of the vpn bridging on the wiki.

https://wiki.amahi.org/index.php/VPN_Bridging

I was just having a look at this and I noticed that at the point where it says to do this "​nano /etc/openvpn/openvpn-shutdown​" and has some code, well I checked the /etc/openvpn directory and there is no openvpn-shutdown file. It looks like the code provided will create one, is that correct (just by looking at the next line where it says chmod +x the /etc/openvpn/openvpn-shutdown I am assuming this is accurate).

Another question, the following set of commands says to do this "nano /etc/openvpn/amahi.conf​ " however in the /etc/openvpn/ directory there is no amahi.conf file. This set of instructions explicitly says to modify that file, so what am I to do? I have an openvpn.conf file. Is this the file I am to modify? Also, after the section about the amahi.conf file, there is a blurb of code that says this:

Code: Select all

​iptables -A INPUT -i tap0 -j ACCEPT iptables -A INPUT -i br0 -j ACCEPT iptables -A FORWARD -i br0 -j ACCEPT service openvpn restart​
But it doesn't say where that goes or what to do with it. Should the iptables stuff be added to the conf file or just run from the command line? the service restart should be run from the command line is what I assume.

I will probably try this this weekend or something. However it looks like the wiki doesn't cover the IPSec issue I am having. Any thoughts on it?

To answer my own question about tun/tap answered here in the (client configuration section somewhat answered anyway):

https://help.ubuntu.com/12.04/serverguide/openvpn.html


So yeah, how about getting IPSec working with vpnc as well? 8-)

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN/IPSec woes

Postby bigfoot65 » Tue Sep 24, 2013 6:46 am

What OS is your HDA, Ubuntu or Fedora 19?

Not sure about the amahi.conf file. The wiki guidance may have been written for Fedora 14. It would need to be updated.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

arthurdent4242
Posts: 42
Joined: Tue Jan 22, 2013 3:36 pm

Re: OpenVPN/IPSec woes

Postby arthurdent4242 » Tue Sep 24, 2013 7:31 am

What OS is your HDA, Ubuntu or Fedora 19?

Not sure about the amahi.conf file. The wiki guidance may have been written for Fedora 14. It would need to be updated.

Sorry for not including it earlier. My HDA is Amahi 6.3 on Ubuntu 12.04.

I am not so concerned about the file name if the conf file I have is right.

Any thoughts on the blurb of code I posted? Curious where it goes.

[ Post made via iPhone ] Image

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN/IPSec woes

Postby bigfoot65 » Tue Sep 24, 2013 7:58 am

Might want to do a search on your HDA for amahi.conf. If the file you have is the right one, the lines should correspond to the wiki guidance.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

arthurdent4242
Posts: 42
Joined: Tue Jan 22, 2013 3:36 pm

Re: OpenVPN/IPSec woes

Postby arthurdent4242 » Tue Sep 24, 2013 8:06 am

Might want to do a search on your HDA for amahi.conf. If the file you have is the right one, the lines should correspond to the wiki guidance.
And remove (or comment out) the lines that start with server and ifconfig-pool-persist.
The openvpn.conf file I have does have one line that corresponds to the ifconfig-pool-persist. I will do a search on the hda for the amahi.conf file. If it doesn't have one, am I to assume that the openvpn.conf file is the right one?

EDIT: I just did a search of my HDA and found an amahi.conf file, but it's in a very different location than what is outlined in the wiki entry. The file I found is located in:

/var/hda/apps/wzjcdmbnqp/elevated/openvpn-amahi/

The file does contain similar information (there are differences) to the openvpn.conf. Which should I edit?

Also, what are your comments about that blurb of code? It is in the wiki but there is nothing indicating where it should go.

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN/IPSec woes

Postby bigfoot65 » Tue Sep 24, 2013 8:16 am

I would presume if you don't find it, you have the correct one. The code you mentioned is command line. Note the last line is restarting OpenVPN.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

arthurdent4242
Posts: 42
Joined: Tue Jan 22, 2013 3:36 pm

Re: OpenVPN/IPSec woes

Postby arthurdent4242 » Tue Sep 24, 2013 8:45 am

I would presume if you don't find it, you have the correct one. The code you mentioned is command line. Note the last line is restarting OpenVPN.
That's what I had assumed about the last commands just wanted to make sure. Could the wiki be edited to make that part more clear?

Also, I did find an amahi.conf file (located in /var/hda/apps/wzjcdmbnqp/elevated/openvpn-amahi), but it is in a completely different directory than what is listed on the wiki (/etc/openvpn). So should I edit the amahi.conf I found in a very different directory, or should I edit the openVPN.conf file I found?

Next question, there is an openvpn-startup file in both the /var/hda/apps/wzjcdmbnqp/elevated directory as well as in the /etc/openvpn directory. Which one should I edit? The wiki says /etc/openvpn, but given that the wiki didn't have the right location for the amahi.conf file, I want to be sure I edit the right file.

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN/IPSec woes

Postby bigfoot65 » Tue Sep 24, 2013 9:05 am

I will made an update to the wiki. As for files to edit, only do those in /etc/vpn. The others are from the initial app install and not accessible from the app itself. Editing them will do nothing.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

Who is online

Users browsing this forum: No registered users and 16 guests