Hi,
On Thu, May 26, 2016 at 4:00 PM, Scott Crooks <scott.cro...@gmail.com>
wrote:
>
> So I did some testing with forwarding rules in place. Still having a bit
> of trouble understanding why it's not working. As David recommended, I used
> the wiki page here as a reference:
> https://community.openvpn.net/openvpn/wiki/BridgingAndRouting. The
> section "Using routing and OpenVPN not running on the default gateway" is
> more the type of setup I have.
>
> The setup is a test machine in AWS EC2 with a dedicated Elastic IP in a
> VPC environment. I turned off source/destination check in the AWS console
> so that it's not blocking packets not intended for/originating from the
> test VPN machine.
>
> OpenVPN config file:
> https://gist.github.com/sc250024/f115b1638180e337bf79b0a7a87d6288
> Client-connect script:
> https://gist.github.com/sc250024/93da38dbc6fc4e317a901004ddfcfcce
> Server IPTables commands, output, and server networking information:
> https://gist.github.com/sc250024/1799754356170a0d000740a25cc74512
> Client networking information:
> https://gist.github.com/sc250024/2f154068a42db0ca682c2dcf915e934f
> TCPDump from VPN server of connected client trying to reach a server they
> have access to over VPN:
> https://gist.github.com/sc250024/12e226a2dae7126a3c13074f4e6fbabb
> <https://gist.github.com/sc250024/12e226a2dae7126a3c13074f4e6fbabb>
>
> The process is:
>
> 1. User connects via TCP (for now), and receives two routes from
> `client-connect` for servers they can access; no Internet traffic goes
> through the VPN
> 2. IPTables rules are setup on the server side to forward from the user's
> VPN DHCP IP address to the servers they can access.
> 3. On the client computer, client runs a `telnet 10.0.31.7 22` or `telnet
> 10.0.10.107 22` to check if they have connectivity to those servers.
> 4. In the FORWARD chain, the rules are being hit correctly (you can see
> packets in the counter) but the telnet commands above are not working.
>
> Did I miss something in the iptables commands?
>
Hard to say without seeing the routing table on the ssh servers (10.0.31.7
and 10.0.10.107) as well.
My guess: there is no route on those machines to the VPN netwrok
(10.255.250/23)
Selva
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
