Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I have set up a openVPN tunnel using the following server side configuration:
port 1194
proto udp
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
client-to-client
log-append /var/log/openvpn
group daemon
daemon
verb 3
and client configuration file as following:
client
remote ******* 1194
dev tun
comp-lzo
ca ca.crt
cert client1.crt
key client1.key
route-delay 2
route-method exe
redirect-gateway def1
verb 3
However, upon connection, I can ping 10.8.0.1 with no problem, but I can not even visit Google.
I am running Open VPN 2.1.4, in Windows 7 Ultimate with admin rights. The server is a Ubuntu 10.04 installation with TUN enabled by default.
The only suspicious part I can find in the log is like this:
Mon Feb 21 20:44:33 2011 C:\WINDOWS\system32\route.exe ADD ********* MASK 255.255.255.255 192.168.1.1
OK!
Mon Feb 21 20:44:33 2011 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
OK!
Mon Feb 21 20:44:34 2011 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
OK!
Mon Feb 21 20:44:34 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
OK!
Mon Feb 21 20:44:34 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
The route addition failed: The object already exists.
Mon Feb 21 20:44:34 2011 Initialization Sequence Completed
Not sure if that would help.
Please help!
Thanks!
You are using the flag redirect-gateway def1 and since are redirecting all your traffic through the VPN.
I can't see from your post if you have configured NAT or any other adresse translation on your server, but my guess is, that the packets are just being routed through your VPN and then have no way to get back to your client.
If your VPN client is 10.8.0.2 and your server is 10.8.0.1 and has an internet ip that is 12.12.12.12:
your call to google will be send from 10.8.0.2 routed through the VPN and then send from there to Google. The problem is, that the originating adress will stay as 10.8.0.2 and therefore the answer packets never can find back to you. You must add some means of translation that takes the packets and translates the origin from 10.8.0.2 to 12.12.12.12 and back:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
This is also explained in OpenVPN Manual. I hope this solves your problem, but from the description I could not be sure if you have any NAT translation enabled, so maybe this is isn't helpfull at all :-)
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 2 years ago.
Improve this question
When I am trying to connect to a server via ssh it is throwing an error "ssh: connect to host 178.128.60.26 port 22: Connection timed out". My operating system is windows 10. And I am using Git bash for connecting via ssh. Checked the blocked ports in the firewall. Port number 22 is open for all networks. I already connected to the server via ssh but now I can't.
Check first if you can ping the server.
But if you do:
either the server itself is not running the ssh daemon service (but then the error woudl more likely be "connection refused")
or it is, but on a non-conventional port (your ssh call would need to be ssh -p <another_port> ...) (again, the error would more likely be "connection refused")
or its firewall rules prevents any incoming ssh request: that would actually generate a time out.
If the remote machine is a Linux one: sudo service ufw status (assuming you have access to said server, or you can ask an administrator to check)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I've read a lot of answers for this one, but none of them worked (presumably because they were written for outdated OS X versions). How do I actually share my Mac's internet connection with the beaglebone?
I will assume that you have successfully installed the necessary drivers and the beaglebone shows up in your list of network interfaces. Once that is the case, make sure you have properly configured the IP address and netmask. For the default beaglebone connection this looks something like this:
Once that is done, verify that you can connect to the beaglebone:
mac$ ssh root#192.168.7.2
Debian GNU/Linux 7
BeagleBoard.org Debian Image 2015-11-12
Support/FAQ: http://elinux.org/Beagleboard:BeagleBoneBlack_Debian
default username:password is [debian:temppwd]
Last login: Thu Nov 12 19:06:13 2015 from mac.local
root#beaglebone:~#
You are now ready to setup the nat, to allow the beaglebone to share your network connection. For that, first find the name of the network interface that's associated with your beaglebone:
$ ifconfig | grep -C 3 192.168.7.1
en9: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1486
ether 04:a3:16:ad:6c:4d
inet6 fe80::6a3:16ff:fead:6c4d%en9 prefixlen 64 scopeid 0x4
inet 192.168.7.1 netmask 0xfffffffc broadcast 192.168.7.3
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
Then, activate ip forwarding and set the appropriate firewall rule:
mac$ sudo sysctl net.inet.ip.forwarding=1
net.inet.ip.forwarding: 0 -> 1
mac$ echo "nat on en0 from en9:network to any -> (en0)" | sudo pfctl -f - -e
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
No ALTQ support in kernel
ALTQ related functions disabled
pf enabled
Naturally, you need to substitute en9 for the interface name you found in the previous step. Also, if you already have the firewall enabled, you'll want to manually add that to the firewall configuration.
Lastly, we need to set up the default gateway:
mac$ ssh root#192.168.7.1
beaglebone# route add default gw 192.168.7.1 usb0
beaglebone# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_req=1 ttl=54 time=16.6 ms
64 bytes from 8.8.8.8: icmp_req=2 ttl=54 time=20.5 ms
If everything worked, you should see the ping replies come in. If you can't connect to the beaglebone anymore, deactivate the firewall pfctl -d and verify that the rule was correct. If you can connect to the beaglebone, but the ping doesn't succeed, verify the routing table (route on the beaglebone, the nat table on the mac pfctl -s nat, and make sure that you ran the sysctl).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
Setup PPTP to access home network transparently
I have Raspberry Pi box connected to home WiFi-router and running pptpd. The local addresses is 192.168.1.32 (eth0) and 192.168.2.1 (ppp0) and local name raspberry.local.
I have iMac connected to the same router with local IP 192.168.1.27 and local name imac.local
I have Macbook somewhere in the Internet connected to Raspberry’s PPTP with 192.168.2.10 on ppp0
This picture shows more clearly.
pptpd configuration
PPTP on Raspberry was installed from this simple script.
/etc/pptpd.conf
option /etc/ppp/options.pptpd
logwtmp
localip 192.168.2.1
remoteip 192.168.2.10-100
/etc/ppp/options.pptpd
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 8.8.4.4
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
/etc/rc.local
…
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -I INPUT -p tcp --dport 1723 -j ACCEPT
iptables -I INPUT --protocol 47 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -d 0.0.0.0/0 -o eth0 -j MASQUERADE
iptables -I FORWARD -s 192.168.2.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356
…
Curent connectivity
Macbook
can connect to home PPTP and connect to Internet through the home router
can connect to iMac and Raspberry via local IPs 192.168.1.27 and 192.168.1.32
can NOT resolve raspberry.local and imac.local
Raspberry
can connect to iMac and Macbook via local IPs 192.168.1.27 and 192.168.2.10
can resolve imac.local
can NOT resolve macbook.local
iMac
can connect to Raspberry via local IP 192.168.1.32
can resolve raspberry.local
can NOT connect to Macbook via local IP 192.168.2.10 (upd: Solved by adding static route to the router)
can NOT resolve macbook.local
The goal
The goal is to connect and resolve local names from any to any. But I have no idea how to configure this: iptables, avahi, netatalk or somewhere else?
These are 2 separate goals and you have to solve them separately.
For resolution to work: You need to set up a DNS server somewhere (iMac?) and designate it as a resolver in all your devices/computers.
Or go with an easier setup, put the name <-> ip address relations into the /etc/hosts file on all your devices/computers
For connectivity: Your iMac simply "does not know" (i.e. no route) how to connect to what is behind the raspberry. However, it DOES work vice-verse since your raspberry is doing NAT for the macbook.
Do you have access to your WiFi router's routing table? If yes, you need to add a route to the PPP network (192.168.2.0/25) via raspberry's external IP address (192.168.1.32).
The exact command or configuration steps, however, depend on the vendor/model of your WiFi router, so I cannot give you a more detailed answer here.
I am trying to send an email using the postfix server on amazon EC2 instance.
The command is: sendmail xxxxxx#gmail.com
FROM:localhost
SUBJECT:Welcome
this is a test email....
.
However I am getting the following error in the /var/log/maillog file.
the error is:
Jan 13 09:00:37 ip-172-31-32-76 postfix/pickup[26635]: C43AE62D00: uid=222
from=
Jan 13 09:00:37 ip-172-31-32-76 postfix/cleanup[26727]: C43AE62D00:
message-id=<20140113090037.C43AE62D00#"HOSTNAME">
Jan 13 09:00:37 ip-172-31-32-76 postfix/qmgr[26636]: C43AE62D00:
from=<"MYHOSTNAME">, size=435, nrcpt=1 (queue active)
Jan 13 09:00:37 ip-172-31-32-76 postfix/smtp[26729]:
connect to 127.0.0.1[127.0.0.1]:2525: Connection refused
Jan 13 09:00:37 ip-172-31-32-76 postfix/smtp[26729]: C43AE62D00:
to=, relay=none, delay=22, delays=22/0.02/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:2525: Connection refused)
I have hidden the details for hostname and the email ID to which I want to send.
please help me out in thus regard.
I have also added the port 25 in the outbound and inbound port in the security groups for my instance.
Regards,
Anurag
I think the other service is running in the same port,
"netstat -tap" run the command and check whether the same port is using for something.
connect to 127.0.0.1[127.0.0.1]:2525: Connection refused
Something is preventing Postfix from using this port. (Port 2525 is sometimes being used instead of 587 as an alternative smtp port. )
Verify which ports are listening:
netstat -tanp | grep LISTEN
If you see sendmail (or any other MTA except for Postfix):
tcp 0 0 127.0.0.1:2525 0.0.0.0:* LISTEN 1014/sendmail
get rid of it:
service sendmail stop
yum remove sendmail
Verify settings on the first table row in:
/etc/postfix/master.cf
If it says:
smtp inet n - n - - smtpd
postfix listens on port 25 and your security group settings make sense. IF the line says
2525 inet n - n - - smtpd
you are telling postfix to listen on port 2525 for incoming smtpd connections.
The line that says:
submission inet n - n - - smtpd
does not begin with a comment.
Verify iptables rules, adjust if necessary:
iptables -L -n
This could be unrelated but I'm going to post it here because I had a hard time finding the answer to my question. I was able to get outbound email working from a vagrant virtual box by editing my /etc/resolv.conf to use Google's nameserver rather than the 10.0.x.x IP it was set to:
sudo nano /etc/resolv.conf
Change the nameserver IP:
nameserver 8.8.8.8
Then you'll need to restart postfix:
sudo /etc/init.d/postfix restart
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Setting the hostname on an archlinux machine is relatively trivial according to this - https://wiki.archlinux.org/index.php/HOSTNAME#Set_the_hostname
So on my /etc/rc.conf, I have
LOCALE="en_US.UTF-8"
TIMEZONE="UTC"
MOD_AUTOLOAD="no"
USECOLOR="yes"
USELVM="no"
DAEMONS=(syslog-ng sshd crond ec2 httpd)
HOSTNAME="archlinux"
And corresponding on my /etc/hosts, I have
127.0.0.1 archlinux.domain.org localhost.localdomain localhost archlinux
Following the docs to the tee.
But unfortunately, restarting httpd fails with the error in the error_log:
[Tue Sep 06 04:26:06 2011] [alert] (EAI 2)Name or service not known: mod_unique_id: unable to find IPv4 address of "ip-10-130-57-114"
Configuration Failed
And yes, I am aware that from https://wiki.archlinux.org/index.php/Apache#Apache - it is possible to solve this problem by commenting
LoadModule unique_id_module modules/mod_unique_id.so
But I would much prefer to solve this problem by keeping this module loaded and resolving it by making sure that I have set my hostname correctly in /etc/hosts instead.
It looks like Apache is using "ip-10-130-57-114" hostname instead of "archlinux". Have you tried adding this entry into your /etc/hosts file?
10.130.57.114 ip-10-130-57-114
* I am guessing 10.130.57.114 is the internal host ip address of you instance.
What does hostname -f say?
What is reverse DNS name for your IP?
Can you try to set host name to archlinux.<valid_domain> instead of archlinux so it is globally resolved?