Continuing my topic, which for some reason was closed(?):
First of all i am very sorry if i did something wrong, i am just trying to figure out what is wrong, yes, there might be my mistake, and probably is... i'm just trying to figure out... i still can't find...
Answer to @solo:
Yes, Server 1 is Windows 10, Server 2 is Debian. You have asked logs for server 1,
but OpenVpn clients are acctually connecting to the server 2, and then there is cascade connection from the Server 2 to the Server 1.
OpenVpn clients access to local resources only. (Previous topic closed?)
-
- Posts: 28
- Joined: Fri Jul 05, 2024 8:37 pm
OpenVpn clients access to local resources only. (Previous topic closed?)
You do not have the required permissions to view the files attached to this post.
-
- Posts: 1517
- Joined: Sun Feb 14, 2021 10:31 am
Re: OpenVpn clients access to local resources only. (Previous topic closed?)
I suppose it is SE v5 on that Debian as both "block-outside-dns" and "192.0.0.8 255.255.255.240" exist in its code. In this case use l3.ovpn to solve the problem, but it is what you initially did, so what's the error?
-
- Posts: 28
- Joined: Fri Jul 05, 2024 8:37 pm
Re: OpenVpn clients access to local resources only. (Previous topic closed?)
Yes, it is v5.01 in debian server.
Ok, i tried l3. seems like i can connect, i get IP from Server#1 (192.168.120.12 f.e.) which is correct, but i can not access anything in lan 192.168.12.0 (and can not ping), and seems like dns server address is not configured, because i can not access web pages from the browser, but i am able to ping outside, f.e. 8.8.8.8, 142.250.72.206 (google) or any other ip.
[code2024-11-07 07:28:58 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-11-07 07:28:58 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-11-07 07:28:59 MANAGEMENT: >STATE:1730960939,GET_CONFIG,,,,,,
2024-11-07 07:28:59 SENT CONTROL [blablabla.softether.net]: 'PUSH_REQUEST' (status=1)
2024-11-07 07:28:59 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,topology subnet,ifconfig 192.168.120.12 255.255.255.0,route 192.168.12.0 255.255.255.0 vpn_gateway,route 192.168.120.0 255.255.255.0 vpn_gateway,block-outside-dns'
2024-11-07 07:28:59 OPTIONS IMPORT: --ifconfig/up options modified
2024-11-07 07:28:59 OPTIONS IMPORT: route options modified
2024-11-07 07:28:59 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-11-07 07:28:59 Using peer cipher 'AES-128-CBC'
2024-11-07 07:28:59 interactive service msg_channel=624
2024-11-07 07:28:59 ROUTE_GATEWAY 192.168.55.1/255.255.255.0 I=11 HWADDR=54:bf:64:7f:0e:8d
2024-11-07 07:28:59 OpenVPN ROUTE: vpn_gateway undefined
2024-11-07 07:28:59 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.120.0
2024-11-07 07:28:59 OpenVPN ROUTE: vpn_gateway undefined
2024-11-07 07:28:59 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.12.0
2024-11-07 07:28:59 open_tun
2024-11-07 07:28:59 tap-windows6 device [OpenVPN TAP-Windows6] opened
2024-11-07 07:28:59 TAP-Windows Driver Version 9.27
2024-11-07 07:28:59 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.120.0/192.168.120.12/255.255.255.0 [SUCCEEDED]
2024-11-07 07:28:59 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.120.12/255.255.255.0 on interface {3C629F95-23F0-423D-BAA0-4880B0D7CF24} [DHCP-serv: 192.168.120.0, lease-time: 31536000]
2024-11-07 07:28:59 Successful ARP Flush on interface [83] {3C629F95-23F0-423D-BAA0-4880B0D7CF24}
2024-11-07 07:28:59 MANAGEMENT: >STATE:1730960939,ASSIGN_IP,,192.168.120.12,,,,
2024-11-07 07:28:59 IPv4 MTU set to 1500 on interface 83 using service
2024-11-07 07:28:59 Blocking outside dns using service succeeded.
2024-11-07 07:28:59 Data Channel: cipher 'AES-128-CBC', auth 'SHA1'
2024-11-07 07:28:59 Timers: ping 3, ping-restart 10
2024-11-07 07:29:04 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
2024-11-07 07:29:04 Initialization Sequence Completed
2024-11-07 07:29:04 MANAGEMENT: >STATE:1730960944,CONNECTED,SUCCESS,192.168.120.12,xx.xxx.xxx.xxx,1194,,][/code]
ipconfig:
Ok, i tried l3. seems like i can connect, i get IP from Server#1 (192.168.120.12 f.e.) which is correct, but i can not access anything in lan 192.168.12.0 (and can not ping), and seems like dns server address is not configured, because i can not access web pages from the browser, but i am able to ping outside, f.e. 8.8.8.8, 142.250.72.206 (google) or any other ip.
[code2024-11-07 07:28:58 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-11-07 07:28:58 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-11-07 07:28:59 MANAGEMENT: >STATE:1730960939,GET_CONFIG,,,,,,
2024-11-07 07:28:59 SENT CONTROL [blablabla.softether.net]: 'PUSH_REQUEST' (status=1)
2024-11-07 07:28:59 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,topology subnet,ifconfig 192.168.120.12 255.255.255.0,route 192.168.12.0 255.255.255.0 vpn_gateway,route 192.168.120.0 255.255.255.0 vpn_gateway,block-outside-dns'
2024-11-07 07:28:59 OPTIONS IMPORT: --ifconfig/up options modified
2024-11-07 07:28:59 OPTIONS IMPORT: route options modified
2024-11-07 07:28:59 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-11-07 07:28:59 Using peer cipher 'AES-128-CBC'
2024-11-07 07:28:59 interactive service msg_channel=624
2024-11-07 07:28:59 ROUTE_GATEWAY 192.168.55.1/255.255.255.0 I=11 HWADDR=54:bf:64:7f:0e:8d
2024-11-07 07:28:59 OpenVPN ROUTE: vpn_gateway undefined
2024-11-07 07:28:59 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.120.0
2024-11-07 07:28:59 OpenVPN ROUTE: vpn_gateway undefined
2024-11-07 07:28:59 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.12.0
2024-11-07 07:28:59 open_tun
2024-11-07 07:28:59 tap-windows6 device [OpenVPN TAP-Windows6] opened
2024-11-07 07:28:59 TAP-Windows Driver Version 9.27
2024-11-07 07:28:59 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.120.0/192.168.120.12/255.255.255.0 [SUCCEEDED]
2024-11-07 07:28:59 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.120.12/255.255.255.0 on interface {3C629F95-23F0-423D-BAA0-4880B0D7CF24} [DHCP-serv: 192.168.120.0, lease-time: 31536000]
2024-11-07 07:28:59 Successful ARP Flush on interface [83] {3C629F95-23F0-423D-BAA0-4880B0D7CF24}
2024-11-07 07:28:59 MANAGEMENT: >STATE:1730960939,ASSIGN_IP,,192.168.120.12,,,,
2024-11-07 07:28:59 IPv4 MTU set to 1500 on interface 83 using service
2024-11-07 07:28:59 Blocking outside dns using service succeeded.
2024-11-07 07:28:59 Data Channel: cipher 'AES-128-CBC', auth 'SHA1'
2024-11-07 07:28:59 Timers: ping 3, ping-restart 10
2024-11-07 07:29:04 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
2024-11-07 07:29:04 Initialization Sequence Completed
2024-11-07 07:29:04 MANAGEMENT: >STATE:1730960944,CONNECTED,SUCCESS,192.168.120.12,xx.xxx.xxx.xxx,1194,,][/code]
ipconfig:
Code: Select all
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-3C-62-9F-95
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e895:7023:9402:65c9%83(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.120.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 2024 m. lapkričio 7 d., ketvirtadienis 07:29:01
Lease Expires . . . . . . . . . . : 2025 m. lapkričio 7 d., penktadienis 07:28:59
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.120.0
DHCPv6 IAID . . . . . . . . . . . : 1392574268
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-14-78-D9-54-BF-64-7F-0E-8D
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
-
- Posts: 1517
- Joined: Sun Feb 14, 2021 10:31 am
Re: OpenVpn clients access to local resources only. (Previous topic closed?)
This is clearly an error.mendoza_lt wrote: ↑Thu Nov 07, 2024 7:31 amCode: Select all
DHCP Server . . . . . . . . . . . : 192.168.120.0
Look, you are using DEVELOPER EDITION and it is buggy. Specifically, with the "topology subnet" directive, ifconfig's meaning is changed but route-gateway is missing. Try these workarounds while keeping your "access only to specific network, but not internet through it" objective in mind:
1. in l3.ovpn add "route-gateway 192.168.120.1"
2. if you don't intend to use SE clients then on server #1 SecureNAT add the above default gateway and in l3.ovpn add:
route-nopull
route 192.168.12.0 255.255.255.0
3. install the bug-free v4 server on Debian, or...
4. ask for a v5 fix here https://github.com/SoftEtherVPN/SoftEtherVPN/issues
-
- Posts: 28
- Joined: Fri Jul 05, 2024 8:37 pm
Re: OpenVpn clients access to local resources only. (Previous topic closed?)
I know, should be 192.168.120.1... But at the same time it gets correct IP from DHCP server...solo wrote: ↑Thu Nov 07, 2024 11:22 amThis is clearly an error.mendoza_lt wrote: ↑Thu Nov 07, 2024 7:31 amCode: Select all
DHCP Server . . . . . . . . . . . : 192.168.120.0
I have added "route-gateway 192.168.120.1", and now i can access the lan that i suppose to, but no internet... (or no dns, to be precise, it works with IP)
Yeah, i think i will install V4...
-
- Posts: 28
- Joined: Fri Jul 05, 2024 8:37 pm
Re: OpenVpn clients access to local resources only. (Previous topic closed?)
Ok, installed V4.43, and yeah... it works from the first click, and works the way it should (l3)... I knew that V5 "May have bugs" but i did not expect it to be that much buggy, now i learned that...
Thanks for help :)
Thanks for help :)