|
|||
OpenVPN No Route To Host
Dear All,
I had tried to configure my gateway using openvpn connection but there is no route to host when ping the dns server. Quote:
Should i edit the packet filter firewall? By the way, this is my current pf configuration. Quote:
Please enlighten on this. |
|
|||
I had pass out for tun0 and doing NAT for the tun0 interface as well. What is pass out dup port1194?
I had configure the OpenVPN server and client on the same OpenBSD router. Does this configuration make sense? The purpose of I setup my own OpeVPN server is to avoid slow openvpn speed by free vpn provider and to avoid subscribe expensive openvpn plan. Please enlighten on this. |
|
||||
Quote:
Code:
pass on tun0 Code:
# more /etc/hostname.tun0 up link0 !/usr/local/sbin/openvpn --daemon --config /etc/openvpn/server-apollo.conf Code:
local xxx.xxx.xxx.xxx # replace xxx with the IP address on which you are listening proto udp dev tun ca /etc/openvpn/ca.crt cert /etc/openvpn/apollo.crt key /etc/openvpn/private/apollo.key # This file should be kept secret dh dh2048.pem server 10.9.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 192.168.6.0 255.255.255.0" # This is very important line 192.168.6.0/24 is my LAN network client-to-client # My clients can talk to each other keepalive 10 120 tls-auth /etc/openvpn/private/ta.key 0 cipher AES-256-CBC comp-lzo max-clients 20 user _openvpn group _openvpn persist-key persist-tun status openvpn-status.log verb 3 Last edited by Oko; 14th September 2015 at 03:11 AM. |
|
|||
Thanks for the brief explanation. By the way, You still did not answer my question yet.
Questions: I want to setup OpenVPN server on my OpenBSD router. I don't want use the free service because it is very slow and i don't have much budget to subscribe the VPN plan. Can OpenVPN Server and client runs on same machine (Gateway) on OpenBSD? Means all outgoing internet connection will using vpn tunnel. All my internal LAN not require to install OpenVPN. Thanks. |
|
||||
Quote:
A VPN is established between two or more endpoints. The graphic in https://en.wikipedia.org/wiki/Virtual_private_network will help, even if the text is beyond your comprehension. |
|
|||
First, thanks jggmi for pointing the reference material.
Questions: 1. Can OpenVPN servers runs gateway and client connects from internal LAN or it must be WAN(end points)? 2. I'm need understanding of how connection is send after vpn connection had established to vpn server. Client ------------> VPN Server (Packet Authentication HMAC finished) Does all the internet connection needs to go through the VPN server or client directly interacts with internet? Client -------> VPN Server --------> Internet Thanks. Last edited by Peter_APIIT; 16th September 2015 at 05:28 AM. |
|
||||
I'll try to keep this simple.
Imagine you are standing in a room that has a dozen computers in it. Imagine you are holding a single networking cable in your hands. That cable has two ends: Let us imagine that you connect each end of this cable into two of the computers. The two computers are able to send signals back and forth, over this single cable. None of the other ten computers in the room has access to the signals travelling over the cable. The two computers are able to use this cable to communicate privately. They use this cable as a private network. Imagine now, that you unplug the cable from those two computers, and carry it to a third computer. Now, imagine that you plug both ends of that cable into Ethernet ports on that single, third computer. Note that the third computer can't really use that cable for anything but talking to itself. It can't talk to any other computers in the room with it. --- That imaginary room is the Internet. That imaginary cable is a VPN. --- You keep asking how to plug both ends of a single cable into one computer, or into two computers in your home, then use that to communicate with other computers privately on the Internet. You don't. You can't. ------------------------- Edited to add: If you hire a third party VPN service, it's the same as hiring a local ISP from a security/privacy standpoint. Your communications exiting and entering the remote endpoint can still be monitored. And, depending on how encryption keys for the VPN are managed, the privacy of communication "tunnelled" within the VPN -- the virtual cable -- may be exposed. Lastly, the cable is only virtual. Encrypted traffic is still traffic. Metadata such as ip addresses, protocol, and port may disclose the VPN and its endpoints, and "side channel" metadata such as packet length and timing may disclose the type of communications being conducted. Third party VPN service provider security/privacy was discussed with you previously, beginning here. Last edited by jggimi; 16th September 2015 at 07:25 PM. Reason: clarity, security discussion added. |
|
|||
The concept of Internet and Intranet using room as boundary is well explain. Moreover, connection information leaks such as IP address, metadata such as packet length and timing.
Moreover, a reliable/trustable ISP provider and .... is to depend on. Problem solved. Thread closed. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Route to enc0 | WeakSauceIII | OpenBSD Security | 11 | 1st June 2015 07:40 PM |
No Route to Host | rtwingfield | FreeBSD Installation and Upgrading | 9 | 25th May 2015 03:05 AM |
route on openbsd | hpabsdbeginner1 | OpenBSD General | 2 | 15th April 2014 07:17 PM |
Openvpn pf/nat/route-to issue | lasstoff | OpenBSD Security | 3 | 16th January 2012 12:28 PM |
ping: sendto: No route to host | joostvgh | OpenBSD General | 2 | 29th April 2010 12:34 PM |