openVPN on N900 - configuring route to internet via VPN server (Win XP)
I have openVPN set up on N900, to connect back to my Win XP home desktop (also running openVPN). The VPN is set up as tap (so I can browse to other PC's on my LAN) and I've got the network bridge setup on on XP.
I can connect the VPN and the N900 gets allocated an IP by my home router (netgear DG834PN flashed with DGTeam firmware). The router is set to serve DHCP, and I've restricted the pool of local LAN IP's, with the VPN server config allocating a separate pool to connecting VPN clients. That is all working fine and I can ping/Remote Desktop/VNC into my local machines on their local IP's over the VPN (while on a 3G connection) no problems. Also managed to mount local share on the server via wizzard mounter (albeit painfully slow to fresh contents of folders with many entries). One additional thing I want to do is to be able to route ALL ip traffic over the VPN tunnel (not just stuff aimed at ip's on my local LAN) - so that when I'm on public wifi or gprs, I can surf securely when needed. I've set my XP's .conf to do this (push redirect-gateway def1). However in practice I can't access the internet via my home DSL this way, it fails . I've read a lot on here about the fact that maemo doesn't properly set the deault gateway, but I'm using openVPN applet which includes a fix for that. I initially thought that the problem may be that I needed to NAT the traffic on XP that comes from the VPN client so it can find its way out to the net over my LAN - I set IPEnableRouter in the registry and installed & configured NAT and enabled routing & remote Access service on XP, but no joy. After much random hacking about, I have managed to get my VPN client onto the internet via my home router - but only by running udhcpc -fnq -i tap0 in xterm while the VPN is active. This causes my router's DHCP to serve a new IP to the client from the "main" pool of local IP addresses, replacing the VPN-specific IP it received when openVPN connected. My networking skillz are pretty weak, and my head is now hurting. Given that I've made it work, I *know* there must be some elegant solution to this, but I can't see it for looking right now. If any guru out there can advise how I should change things so that I don't need to negotiate a new lease form my DHCP server while on the VPN in order to route to internet via home DSL connection in the above scenario, I'd be very grateful. Full details: Router is 192.168.0.1, and DHCP serves 192.168.0.2 to 192.168.0.99 XP box is 192.168.0.10 (static IP). server .ovpn config file on XP is: Code:
local 192.168.0.10 Code:
script-security 2 Code:
Code:
/etc/openvpn # udhcpc -fnq -i tap0 |
Re: openVPN on N900 - configuring route to internet via VPN server (Win XP)
Wow, this post is pretty timely. I just bought an N900 about 5 days ago. We have an existing OpenVPN network Bridging setup at my office and I just got around to trying to connect to it through my N900. I am connecting alright, but I haven't been able to route my internet connection through there. I will try out some parts of your conf file, hope it works for me.
|
Re: openVPN on N900 - configuring route to internet via VPN server (Win XP)
ah - thought this thread was going to die without trace :-)
quick update - the "udhcpc -fnq -i tap0" command does, as I said, result in being able to browse the net, but I'm not happy about it and I wouldn't reccomend it as an approach (at least until someone more net-admin savvy can confirm it's not risky ... I really don't understand well if there are any security implications to it grabbing a new ip from my router/DHCP server when it already has one form the VPN pool). Meantime, I've come up with another bodge - I've setup a proxy server (freeProxy) on the same XP Box that hosts my openVPN. Once I'm connected to my VPN from the N900, I open a browser window (which fails, as expected) and then I just set it to use the local proxy server 192.168.0.10 using about:config. As examples: network.proxy.http=192.168.0.10 network.proxy.http.port=995 network.proxy.ssl=192.168.0.10 network.proxy.ssl.port=995 (the above can be set from settings->internet connections->connections->(select your connection)->edit etc. and they will be retained even if the proxy is disabled) network.proxy.type=1 (default=0 for no proxy) Once you enable the proxy, you can still access all addresses on the local LAN OK and you can browse the internet too via the proxy. It's another crap solution (and in fact little better than just setting the browser to use my proxy via my router's public IP, port forwarded to my XP box, with no need of VPN at all), but it may be of some use in the scenario whre you need to be on the VPN for access to internal servers but simultaneously need an internet connection. Note #1 - the network.proxy.type value is NOT persistant - i.e. it resets back to zero every time a new browser window is opened. Not sure why, just another bit of random cr@p to befuddle me during testing I guess :-) Note #2: All my testing has been done at home, over my gprs connection (haven't got around to trying it from a public wifi yet even though that was the point of me setting it up) - From other stuff I've read here, there may be different/less/no issues getting net access over VPN if connecting via WiFi so please check before changing anything on your work LAN ... Please report back on your own success (or otherwise), and avoid my clumsy hacks if at all possible :-) |
Re: openVPN on N900 - configuring route to internet via VPN server (Win XP)
two small updates:
1) don't know what I did but I now have internet via my home router while connected via VPN - my .conf files haven't changed at all, I hacked around with the various permenant & temp resolv.conf files, trying to manually force my router to be used as the default gateway ... it didn't appear to make any difference other than one random time and I gave up after a while. Shortly thereafter I disabled a windows service on my XP box (routing and remote access, which I'd previously manually set to enabled when frigging with NAT over the bridge). I don't know if either/both of the above had some effect - but sometime thereafter, things started to "just work", and have stayed that way since. 2) unrelated to this thread, but I was also having an intermittant problem with the VPN clent connecting to the server over gprs. I spent AGES triple/quadruple checking my NAT & port forwarding on my router; my Windows Firewall exceptions on the server; I changed between UDP/TCP, changed the listening port, forced binding to the bridge adapter, changed the client to use my servers static IP instead of the associated domain name ... nothing helped, I ALWAYS got the client comm's hitting my router EVERY time, but the openVPN server was only seeing the traffic about 30% of the time. Was on the point of going mad when I finally checked peerblock (P2P software to avoid making torrent connections to undesirable IP's) ... I had set this up ages ago on my XP box with an "allow" exeception for the range of public IP's that my mobile telco (Vodafone) always allocated me when I connected (PeerBlock blocks every frigging Vodafone IP by default!!). Turns out that they'd started allocating me IP's from a different block sometimes, and peer Block was just silently blocking the ones for which I hadn't set an exception. Oh well, only took me 5 days of frustration before I sussed it out :-( |
Re: openVPN on N900 - configuring route to internet via VPN server (Win XP)
Sorry I haven't gotten back to you in a while. Actually, I accidentally bricked my phone a couple of days ago, and it's taken me quite a while to get it up and running. again. Will definitely get around to trying that again in a day or two.
In the meantime, keep the information flowing! :) |
Re: openVPN on N900 - configuring route to internet via VPN server (Win XP)
I never tried this config with the N900. However I do have experience in those kinds of setup (IPsec, SSL VPN...).
Given the fact that when using your "standard" dhcp, it works, I wonder if you have correctly defined the default gateway in your dhcp for openVPN. The second point of attention is the network range you used for the openvpn. You need to ensure that the rest of your infrastructure konws how to route back your traffic to the openVPN subnet. |
Re: openVPN on N900 - configuring route to internet via VPN server (Win XP)
Quote:
Anyway, I sorted it out - though can't 100% say HOW I did so - but thanks anyway for the feedback, appreciated :-) |
Re: openVPN on N900 - configuring route to internet via VPN server (Win XP)
anyways to get a mount script to run straight after the openvpn connection established?
|
Re: openVPN on N900 - configuring route to internet via VPN server (Win XP)
haven't tried it, but I presume adding an up or route-up in the client .conf file to call a script with the mount command within it would work? may require route-delay too to cover timing issues.
|
Re: openVPN on N900 - configuring route to internet via VPN server (Win XP)
Can anyone can give me a good vpn & its conf files for the open vpn. thanks in advance guys.
|
All times are GMT. The time now is 22:21. |
vBulletin® Version 3.8.8