VPN unable to see network resources other than hba

tedstriker
Posts: 12
Joined: Sun Jan 30, 2011 8:54 pm

Re: VPN unable to see network resources other than hba

Postby tedstriker » Tue May 21, 2013 9:58 am

Thank you.

I really need this functionality.

If there is something a beginner can help with, I'll be happy to do so

User avatar
bigfoot65
Project Manager
Posts: 11337
Joined: Mon May 25, 2009 4:31 pm

Re: VPN unable to see network resources other than hba

Postby bigfoot65 » Tue May 21, 2013 11:12 am

The only thing I can suggest to help with is searching the internet for guidance. That's what I will most likely end up doing.

There has to be something out there that describes how to set OpenVPN on Ubuntu to work as desired. If you find anything, please pass it along and we can try to implement it in the app.
ßîgƒσστ65
Applications Manager

itman
Posts: 1
Joined: Mon May 27, 2013 12:19 pm

Re: VPN unable to see network resources other than hba

Postby itman » Mon May 27, 2013 12:25 pm

I could use the VPNand the use Remote Desktop to access all of my windows machines on my network. Now I VPN in and can't even ping them.
There is something that has changed between the amahi configuration on the VPN.

User avatar
bigfoot65
Project Manager
Posts: 11337
Joined: Mon May 25, 2009 4:31 pm

Re: VPN unable to see network resources other than hba

Postby bigfoot65 » Mon May 27, 2013 1:38 pm

It could be an Ubuntu specific thing. Not sure what it is but we will have to investigate. Please submit a bug in the issue tracker.
https://bugs.amahi.org

Provide as many details as possible.
ßîgƒσστ65
Applications Manager

tedstriker
Posts: 12
Joined: Sun Jan 30, 2011 8:54 pm

Re: VPN unable to see network resources other than hba

Postby tedstriker » Mon Jun 10, 2013 12:01 pm

I've done a ton of reading and I've gotten this to work!

I'm still a noob and needed an IT friend explain what many of these steps mean. I'm not sure I can answer a lot of the "why it works" questions. But here is what I did (and where I found it) so hopefully this can be corrected in the amahi installer. I'll try to explain things as I understand them. This may not be exactly the right terminology, so don't kill the noob :). I just know that it works on my box.

I had a working VPN connection. I could connect to my Amahi box with no issues. My issue was that once I was connected I could not see anything on the rest of my home network. I really wanted to be able to use the Windows Remote Desktop tool to access my home machines. I also wanted to be able to print to my home printer. This functionality worked great on Fedora right out of the box. But when I upgraded to Ubuntu Amahi, I could ping nothing past my Amahi box and nothing worked.

These steps assume you have a working VPN.

We want the amahi box to do the NAT between the VPN client and the amahi network. In my research, I found this tutorial. In the "Configure iptables for NAT forwarding" section they have this code:

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
That fixed my problem. But when you reboot the server, you have to do that every time. It doesn't stay persistent.

So to make it permanent,

edit the /etc/sysctl.conf file and either add or un-comment the line that says

Code: Select all

net.ipv4.ip_forward=1
That fixes the the ip forward part. To fix the iptables part I found this guide

I will cut and paste the steps I did from that guide.
Save your firewall rules to a file

Code: Select all

sudo sh -c "iptables-save > /etc/iptables.rules"
At this point you have several options. You can make changes to /etc/network/interfaces or add scripts to /etc/network/if-pre-up.d/ and /etc/network/if-post-down.d/ to achieve similar ends. The script solution allows for slightly more flexibility.
And then
Solution #2 /etc/network/if-pre-up.d and ../if-post-down.d

NOTE: This solution uses iptables-save -c to save the counters. Just remove the -c to only save the rules.

Alternatively you could add the iptables-restore and iptables-save to the if-pre-up.d and if-post-down.d directories in the /etc/network directory instead of modifying /etc/network/interface directly.

The script /etc/network/if-pre-up.d/iptablesload will contain:

Code: Select all

#!/bin/sh iptables-restore < /etc/iptables.rules exit 0
and /etc/network/if-post-down.d/iptablessave will contain:

Code: Select all

#!/bin/sh iptables-save -c > /etc/iptables.rules if [ -f /etc/iptables.downrules ]; then iptables-restore < /etc/iptables.downrules fi exit 0
Then be sure to give both scripts execute permissions:

Code: Select all

sudo chmod +x /etc/network/if-post-down.d/iptablessave sudo chmod +x /etc/network/if-pre-up.d/iptablesload
Then I just reboot my server and everything that I wanted worked! I can use Remote Desktop and my printer.

I hope that helps.

User avatar
bigfoot65
Project Manager
Posts: 11337
Joined: Mon May 25, 2009 4:31 pm

Re: VPN unable to see network resources other than hba

Postby bigfoot65 » Mon Jun 10, 2013 12:18 pm

Would you mind adding this to the wiki? We would greatly appreciate it.
ßîgƒσστ65
Applications Manager

olson
Posts: 30
Joined: Mon Dec 03, 2012 7:57 am

Re: VPN unable to see network resources other than hba

Postby olson » Thu Aug 08, 2013 11:27 am

I made a script that does this, can this be added to the openvpn ubuntu app?

Run the following with:

Code: Select all

sudo bash openvpn_extra.sh
openvpn_extra.sh is as follows:

Code: Select all

#!/bin/bash log_file="/tmp/openvpn_extra.log" function log() { echo -e "$(date +%b\ %d\ %H:%M:%S) $(hostname -s) openvpn_extra: $@" >> $log_file echo -e "$(date +%b\ %d\ %H:%M:%S) $(hostname -s) openvpn_extra: $@" } # Enable it right now if ! echo 1 > /proc/sys/net/ipv4/ip_forward; then log "FATAL: could not enable ip_forward for immediate use" exit 1 fi if ! iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; then log "FATAL: could not set iptables for immediate use" exit 1 fi #set it up so it does it at startup if ! sed -i 's/#net.ipv4.ip_forward=.*\+/net.ipv4.ip_forward=1/' /etc/sysctl.conf; then log "FATAL: could not set ip_forward permanantly" exit 1 fi if ! sh -c "iptables-save > /etc/iptables.rules"; then log "FATAL: could not set iptables permanantly" exit 1 fi sudo cat > /etc/network/if-pre-up.d/iptablesload <<EOF #!/bin/sh iptables-restore < /etc/iptables.rules exit 0 EOF sudo cat > /etc/network/if-post-down.d/iptablessave <<EOF #!/bin/sh iptables-save -c > /etc/iptables.rules if [ -f /etc/iptables.downrules ]; then iptables-restore < /etc/iptables.downrules fi exit 0 EOF if ! chmod +x /etc/network/if-post-down.d/iptablessave; then log "FATAL: Could not chmod the iptablessave script" exit 1 fi if ! chmod +x /etc/network/if-pre-up.d/iptablesload; then log "FATAL: Could not chmod the iptablesload script" exit 1 fi echo "Done" exit 0

User avatar
bigfoot65
Project Manager
Posts: 11337
Joined: Mon May 25, 2009 4:31 pm

Re: VPN unable to see network resources other than hba

Postby bigfoot65 » Thu Aug 08, 2013 11:51 am

Please submit this as a bug in the issue tracker. We will take a look when time permits.
http://bugs.amahi.org/

FYI...we are not dedicating much to Ubuntu apps until Amahi 7 is fully functional. Not saying this cannot be done, but it may be a few days.

You could also add this to the wiki.
ßîgƒσστ65
Applications Manager

arthurdent4242
Posts: 42
Joined: Tue Jan 22, 2013 3:36 pm

Re: VPN unable to see network resources other than hba

Postby arthurdent4242 » Sun Sep 29, 2013 12:05 pm

I've done a ton of reading and I've gotten this to work!

I'm still a noob and needed an IT friend explain what many of these steps mean. I'm not sure I can answer a lot of the "why it works" questions. But here is what I did (and where I found it) so hopefully this can be corrected in the amahi installer. I'll try to explain things as I understand them. This may not be exactly the right terminology, so don't kill the noob :). I just know that it works on my box.

I had a working VPN connection. I could connect to my Amahi box with no issues. My issue was that once I was connected I could not see anything on the rest of my home network. I really wanted to be able to use the Windows Remote Desktop tool to access my home machines. I also wanted to be able to print to my home printer. This functionality worked great on Fedora right out of the box. But when I upgraded to Ubuntu Amahi, I could ping nothing past my Amahi box and nothing worked.

These steps assume you have a working VPN.

We want the amahi box to do the NAT between the VPN client and the amahi network. In my research, I found this tutorial. In the "Configure iptables for NAT forwarding" section they have this code:

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
That fixed my problem. But when you reboot the server, you have to do that every time. It doesn't stay persistent.

So to make it permanent,

edit the /etc/sysctl.conf file and either add or un-comment the line that says

Code: Select all

net.ipv4.ip_forward=1
That fixes the the ip forward part. To fix the iptables part I found this guide

I will cut and paste the steps I did from that guide.
Save your firewall rules to a file

Code: Select all

sudo sh -c "iptables-save > /etc/iptables.rules"
At this point you have several options. You can make changes to /etc/network/interfaces or add scripts to /etc/network/if-pre-up.d/ and /etc/network/if-post-down.d/ to achieve similar ends. The script solution allows for slightly more flexibility.
And then
Solution #2 /etc/network/if-pre-up.d and ../if-post-down.d

NOTE: This solution uses iptables-save -c to save the counters. Just remove the -c to only save the rules.

Alternatively you could add the iptables-restore and iptables-save to the if-pre-up.d and if-post-down.d directories in the /etc/network directory instead of modifying /etc/network/interface directly.

The script /etc/network/if-pre-up.d/iptablesload will contain:

Code: Select all

#!/bin/sh iptables-restore < /etc/iptables.rules exit 0
and /etc/network/if-post-down.d/iptablessave will contain:

Code: Select all

#!/bin/sh iptables-save -c > /etc/iptables.rules if [ -f /etc/iptables.downrules ]; then iptables-restore < /etc/iptables.downrules fi exit 0
Then be sure to give both scripts execute permissions:

Code: Select all

sudo chmod +x /etc/network/if-post-down.d/iptablessave sudo chmod +x /etc/network/if-pre-up.d/iptablesload
Then I just reboot my server and everything that I wanted worked! I can use Remote Desktop and my printer.

I hope that helps.
Thank you for your post. I do have a question for you. Did you follow the instructions in the wiki for VPN bridging prior to doing this, or did you not follow those at all?

arthurdent4242
Posts: 42
Joined: Tue Jan 22, 2013 3:36 pm

Re: VPN unable to see network resources other than hba

Postby arthurdent4242 » Mon Oct 21, 2013 2:41 pm

I just ran this script on my HDA and I can confirm it works, even after restart! EXCELLENT!

Who is online

Users browsing this forum: No registered users and 3 guests