Hi Brian, For any AstLinux VPN to work properly, the Firewall must be enabled. The openvpn-server plugin will automatically be enabled (1.0.6 and later) to allow the external access. Make sure you also "Pass EXT->Local" TCP 80,443,22 (HTTP/HTTPS and SSH) before enabling the firewall or you will be locked out with a single interface.
Basically, with the firewall enabled, the 10.0.8.0/24 is treated as a LAN subnet, even if you have only a single ethernet interface. In order for 10.0.8.0/24 to be reached upstream it is NAT'ed via the external interface. You should not need your linux gateway router (10.0.8.0/24 -> 192.168.5.13) static route. My guess is you almost got it working but were missing enabling packet forwarding, regardless you should just enable the firewall. Enabling the Adaptive Ban firewall plugin for 'asterisk' would also be a good idea. Firewall Plugins: http://doc.astlinux.org/userdoc:tt_firewall_plugins#adaptive-ban http://doc.astlinux.org/userdoc:tt_firewall_plugins#openvpn-server IMHO, it is best practice to always enable the firewall in AstLinux, even if only a single ethernet interface is used. Lonnie On Jan 30, 2013, at 12:09 PM, Brian Barr wrote: > I'm having some difficulty making openvpn work and am looking for some > pointers as to what I may be doing wrong. > > Now that there is an official Openvpn client for IOS devices I am revisiting > this and would really like to make it work. > > Setup: > > Gateway router using nat (snapgear/linux based) connected to local lan. > Astlinux box on lan behind gateway router as a single nic appliance. > Astlinux handles pbx duties fine. > Gateway router set to forward iax packets and openvpn packets to Astlinux > box. > > Goal is to allow external laptop/IOS device to access all resources on lan > using nat'd astlinux box as a gateway. > > I configured the openvpn server in the webinterface and exported the client > config to laptop. > > addressing: > Gateway Router LAN addess: 192.168.5.1 > LAN 192.168.5.0/24 > OpenVpnNet 10.0.8.0/24 > Astlinux box 192.168.5.13 > > "route 192.168.5.0/24" is in "push" section of openvpn config. > > Laptop (os x) using viscosity client connects just fine to astlinux box from > the outside. > Viscosity reports assigned address is 10.0.8.14 > > I also put a static route in the linux gateway router (10.0.8.0/24 -> > 192.168.5.13) > > I can access the astlinux web interface on the astlinux box just fine from > the connected laptop at 10.0.8.1 and 192.168.5.13 -- but I can't get > anywhere else on the internal lan. > > It appears the astlinux box is not forwarding packets to the lan or something > else is amiss. What am I missing? Do I need to enable the firewall on the > astlinux box and enable the openvpn plugin? > > > Laptop routing table: > BB-MacBookPRO:~ brianbarr$ netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif > Expire > default 192.168.10.1 UGSc 41 0 en1 > 10.8.0.1/32 10.8.0.13 UGSc 0 0 tun0 > 10.8.0.13 10.8.0.14 UH 5 0 tun0 > 127 127.0.0.1 UCS 0 0 lo0 > 127.0.0.1 127.0.0.1 UH 6 4163 lo0 > 169.254 link#5 UCS 0 0 en1 > 192.168.5 10.8.0.13 UGSc 3 0 tun0 > 192.168.10 link#5 UCS 6 0 en1 > 192.168.10.1 0:d0:cf:2:91:a4 UHLWIi 40 255 en1 > 1173 > 192.168.10.108 7c:c5:37:13:8b:bb UHLWIi 0 0 en1 > 1144 > 192.168.10.110 link#5 UHLWIi 0 1 en1 > 192.168.10.118 link#5 UHLWIi 0 2 en1 > 192.168.10.127 20:c9:d0:98:55:60 UHLWIi 0 0 en1 > 321 > 192.168.10.129 74:e1:b6:9c:dc:47 UHLWIi 0 0 en1 > 743 > 192.168.10.171 127.0.0.1 UHS 0 0 lo0 > > > Astlinux routing table: > pbx-chi ~ # netstat -rn > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt Iface > 10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 > 192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 > 0.0.0.0 192.168.5.1 0.0.0.0 UG 0 0 0 eth0 > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_jan > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. > > ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
