Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
When you are connected to the VPN and start browsing, the IP address that the outside world will see is the address of the outgoing server (external IP of your LAN, in case you have done NAT). In case you are using a proxy server in the LAN, the client should also use the proxy for browsing.
Regards,
--
Prasanta
But this is not what happens.
At present my IP shows as 86.xxx.xxx.1
I then connect by OpenVPN to my server and get given an ip of 10.8.x.x
When I then visit a website on my client it should show the server's IP address of 88.xxx.xxx.xxx but it still shows 86.xxx.xxx.1
Seems like you are not connected to your LAN via VPN. What is the output of `netstat -rn` and does your /etc/resolv.conf file entries remain the same before and after you connect to VPN.
Seems like you are not connected to your LAN via VPN. What is the output of `netstat -rn` and does your /etc/resolv.conf file entries remain the same before and after you connect to VPN.
Regards,
--
Prasanta
This is the client log
Code:
Mon Sep 21 14:35:40 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Mon Sep 21 14:35:40 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Sep 21 14:35:40 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Sep 21 14:35:40 2009 LZO compression initialized
Mon Sep 21 14:35:40 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep 21 14:35:40 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep 21 14:35:40 2009 Local Options hash (VER=V4): '41690919'
Mon Sep 21 14:35:40 2009 Expected Remote Options hash (VER=V4): '530fdded'
Mon Sep 21 14:35:40 2009 UDPv4 link local: [undef]
Mon Sep 21 14:35:40 2009 UDPv4 link remote: 88.xxx.xx.xxx:1194
Mon Sep 21 14:35:41 2009 TLS: Initial packet from 88.xxx.xx.xxx:1194, sid=8ea8c024 d8147039
Mon Sep 21 14:35:41 2009 VERIFY OK: depth=1, /C=UK/ST=UK/L=London/O=namehere/CN=namehere/emailAddress=a@ab.co.uk
Mon Sep 21 14:35:41 2009 VERIFY OK: depth=0, /C=UK/ST=UK/L=London/O=namehere/CN=server/emailAddress=a@ab.co.uk
Mon Sep 21 14:35:42 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 21 14:35:42 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 21 14:35:42 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 21 14:35:42 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 21 14:35:42 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Sep 21 14:35:42 2009 [server] Peer Connection Initiated with 88.xxx.xx.xxx:1194
Mon Sep 21 14:35:43 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Sep 21 14:35:43 2009 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Mon Sep 21 14:35:43 2009 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep 21 14:35:43 2009 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep 21 14:35:43 2009 OPTIONS IMPORT: route options modified
Mon Sep 21 14:35:43 2009 TAP-WIN32 device [Local Area Connection 5] opened: \\.\Global\{BF8EEE5D-7EE0-4410-9BB6-38E3F0E833CF}.tap
Mon Sep 21 14:35:43 2009 TAP-Win32 Driver Version 8.4
Mon Sep 21 14:35:43 2009 TAP-Win32 MTU=1500
Mon Sep 21 14:35:43 2009 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {BF8EEE5D-7EE0-4410-9BB6-38E3F0E833CF} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Mon Sep 21 14:35:43 2009 Successful ARP Flush on interface [3] {BF8EEE5D-7EE0-4410-9BB6-38E3F0E833CF}
Mon Sep 21 14:35:43 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Mon Sep 21 14:35:43 2009 Route: Waiting for TUN/TAP interface to come up...
Mon Sep 21 14:35:45 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Mon Sep 21 14:35:45 2009 Route: Waiting for TUN/TAP interface to come up...
Mon Sep 21 14:35:46 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Mon Sep 21 14:35:46 2009 Route: Waiting for TUN/TAP interface to come up...
Mon Sep 21 14:35:47 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Mon Sep 21 14:35:47 2009 Route: Waiting for TUN/TAP interface to come up...
Mon Sep 21 14:35:48 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Mon Sep 21 14:35:48 2009 Route: Waiting for TUN/TAP interface to come up...
Mon Sep 21 14:35:49 2009 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Mon Sep 21 14:35:49 2009 route ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Mon Sep 21 14:35:49 2009 Route addition via IPAPI succeeded
Mon Sep 21 14:35:49 2009 Initialization Sequence Completed
The client is on Windows so there is no resolv file.
That means you are able to reach the server. Try connecting any intranet website on your LAN using your LAN proxy, in case you have implemented it. In case you have you are not able to resolve try using the IP.
That means you are able to reach the server. Try connecting any intranet website on your LAN using your LAN proxy, in case you have implemented it. In case you have you are not able to resolve try using the IP.
Looks fine. That should work. You are using some kind of proxy server?
Regards,
--
Prasanta
There is a proxy server on the server but I am not connected to it in my client browser.
When I connect via VPN on the client, the IP address shown should be the server's IP address not my own PC. http://www.whatsmyip.org
I did not get what you meant to say. Anyway, I hope you have the following situation.
Office LAN -> Firewall (Proxy/VPN) -> Internet
Now, you connect to the box Firewall (Proxy/VPN) from home (client) using VPN.
You get an IP 10.8.X.X from the VPN server. When you try to browse http://10.8.x.x/sarg from the client you are getting an error. Just use proxy in the client machine browser. You need to add an acl on the Proxy Server to route VPN traffic via proxy.
I did not get what you meant to say. Anyway, I hope you have the following situation.
Office LAN -> Firewall (Proxy/VPN) -> Internet
Now, you connect to the box Firewall (Proxy/VPN) from home (client) using VPN.
You get an IP 10.8.X.X from the VPN server. When you try to browse http://10.8.x.x/sarg from the client you are getting an error. Just use proxy in the client machine browser. You need to add an acl on the Proxy Server to route VPN traffic via proxy.
I hope this helps.
Regards,
--
Prasanta
No, I am on a home LAN.
Home LAN --> VPN server --> internet
except my internet seems to be
Home LAN --> ISP server --> internet even though it should be going to the VPN first.
I shouldn't have to use a proxy in the client machine browser at all should I to get the server IP address?
If you assume there is no proxy server on the server.
The VPN should work by itself.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.