Jump to content


Photo

Help with OpenVPN on Osmio+ box


  • Please log in to reply
28 replies to this topic

Re: Help with OpenVPN on Osmio+ box #21 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 12 December 2020 - 11:24

Exactly, if you do not exactly what you're doing, don't use the TAP device (L2), use the TUN device (L3). The TUN device can be setup in two modes:

- normal mode, where each client gets it's own subnet, a bit wastful but very transparent to understand

- the multiple mode, where each client gets an address in the common ip range, but the traffic is still routed and not bridged. This is quicker to setup for multiple clients, but a bit less transparent.

 

Do NOT use NAT when not strictly required (i.e. only use it toward your ISP). It will give all sorts of surprises (like the above).


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: Help with OpenVPN on Osmio+ box #22 WanWizard

  • PLi® Core member
  • 70,523 posts

+1,810
Excellent

Posted 12 December 2020 - 13:01

The big question remains what in that setup does the NAT, as it is clear from the logs that the client gets IP address 10.0.8.2, while the endpoint sees connections coming from 192.168.2.254 (the IP of the OpenVPN server).


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Help with OpenVPN on Osmio+ box #23 jpuigs

  • Senior Member
  • 1,143 posts

+32
Good

Posted 12 December 2020 - 19:08

Exactly, if you do not exactly what you're doing, don't use the TAP device (L2), use the TUN device (L3). The TUN device can be setup in two modes:

 

... and how do I change this ? OpenvpnGUI client doesn't have any option to choose LAN2 TAP device or LAN3  TUN device.

 

If server and client configs are both "dev tun", as you can see in previous posts, it's not my "decission" that Win10 Client use TAP device.....

 

 

 

Do NOT use NAT when not strictly required (i.e. only use it toward your ISP). It will give all sorts of surprises (like the above).

 

The big question remains what in that setup does the NAT, 

 

I haven't chosen to use or not NAT. It's default behaviour.

But it's something related to RasPi, because If I connect with an enigma box instead of win10 laptop, box sees all devices too, like the win10 laptop.

 

I know Wanwizard would like to know what does NAT, me too !!!!!!!


Enigma is getting old....

 

Spoiler

Re: Help with OpenVPN on Osmio+ box #24 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 13 December 2020 - 10:56

The NAT setting is probably not in OpenVPN. I don't know an OpenVPN option to do NAT. Please check your iptables (iptables -t nat -n -v -L).


Edited by Erik Slagter, 13 December 2020 - 10:56.

* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: Help with OpenVPN on Osmio+ box #25 jpuigs

  • Senior Member
  • 1,143 posts

+32
Good

Posted 13 December 2020 - 13:31

pi@raspberrypi:~ $ sudo iptables -t nat -n -v -L
Chain PREROUTING (policy ACCEPT 9103 packets, 1423K bytes)
pkts bytes target     prot opt in     out     source               destination
Chain INPUT (policy ACCEPT 8930 packets, 1413K bytes)
pkts bytes target     prot opt in     out     source               destination
Chain POSTROUTING (policy ACCEPT 268 packets, 18577 bytes)
pkts bytes target     prot opt in     out     source               destination
  165  8770 MASQUERADE  all  --  *      eth0    10.8.0.0/24          0.0.0.0/0            /* openvpn-nat-rule */
Chain OUTPUT (policy ACCEPT 268 packets, 18577 bytes)
pkts bytes target     prot opt in     out     source               destination
pi@raspberrypi:~ $

Enigma is getting old....

 

Spoiler

Re: Help with OpenVPN on Osmio+ box #26 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 13 December 2020 - 14:03

So there we have our smoking gun, I guess!


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: Help with OpenVPN on Osmio+ box #27 WanWizard

  • PLi® Core member
  • 70,523 posts

+1,810
Excellent

Posted 13 December 2020 - 14:13

Something in the raspian package that creates that "openvpn-nat-rule" I presume, as that isn't standard...


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Help with OpenVPN on Osmio+ box #28 jpuigs

  • Senior Member
  • 1,143 posts

+32
Good

Posted 13 December 2020 - 14:56

I think I've found it.

 

I installed openvpn using the PiVPN , https://www.pivpn.io/ (VPN for dummies  :D )

when you do: curl -L https://install.pivpn.io | bash    it executes the installation script: https://raw.githubus...tall/install.sh

 

...and looking at this script.... in confNetwork()

$SUDO sed -i '/net.ipv4.ip_forward=1/s/^#//g' /etc/sysctl.conf
if ! $SUDO iptables -t nat -S | grep -q "${VPN}-nat-rule"; then
   $SUDO iptables -t nat -I POSTROUTING -s "${pivpnNET}/${subnetClass}" -o "${IPv4dev}" -j MASQUERADE -m comment --comment "${VPN}-nat-rule"
  fi

:rolleyes:  :rolleyes:  :rolleyes:


Enigma is getting old....

 

Spoiler

Re: Help with OpenVPN on Osmio+ box #29 WanWizard

  • PLi® Core member
  • 70,523 posts

+1,810
Excellent

Posted 13 December 2020 - 14:59

Mystery solved! ;)


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.



3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users