Client OpenVPN assigned IP: 10.8.0.2 ↓ TCP on 1194 Internet ↓ Router port-forwards 1194 to server- Public IP 104.162.67.198 ↓ Server LAN IP: 10.8.0.1 I think the above is what I am trying to do (the 10.8.0.0/24 is the assigned IP).
I am trying to route multiple remote clients via TCP to my OpenVPN server (otherwise functioning as a samba file share) running Ubuntu 14.04.
As you can see, in my server.conf, I'm push "route ... ..."almost every option with my server assigned IP address, server internal IP address, an my network public IP address, because I am unsure which needs to be routed.
See the details and troubleshooting I have done below, and any suggestions would be much appreciated.
server.conf
port 1194 proto tcp mode server dev tun ca ca.crt cert sambasrv.crt sambasrv.key dh dh2048.pem ifconfig-pool-persis ipp.txt push "route 192.168.0.19 255.255.255.0" push "route 10.8.0.1 255.255.255.0" push "route 10.0.0.0 255.0.0.0" push "route 104.173.62.178 255.255.0" push "route 10.8.0.1/24 104.173.62.178" client-config ccd route 10.8.0.2 255.255.255.0 keepalive 10 20 max-clinets 100 user nobody group nogroup persist-key persist-tun log-append openvpn.log verb 4 client.conf
client dev tun remote 104.173.62.178 1194 resolv-retry infinite nobind user nobody group no group persist key persist tun ;mute-replay-warnings ca ca.crt cert client1.crt key client1.key comp-lzo verb 4 I am now getting the socket bind failed on local address[undef], though with different configurations throughout the day, I have had success in getting the OpenVPN server to initialize, but has gone back to it's fatal error state after reboot/ more trouble shooting.
/etc/openvpn server.conf Tue Dec 11 17:36:18 2012 Socket Buffers: R=[87380->131072] S=[16384->131072] Tue Dec 11 17:36:18 2012 TCP/UDP: Socket bind failed on local address [undef]: Address already in use Tue Dec 11 17:36:18 2012 Exiting due to fatal error The server is able to ping itself (10.8.0.1), but not the client.
client ping 10.8.0.1 (server) times out.
Here are some more results from test that have been recommended in previous posts:
telnet 10.8.0.1 1194 doesn't connect #which I read that means that OpenVPN is fine, but the network isn't
netstat -nlp | grep 1194 udp 0 0 0.0.0:1194 0.0.0.0:* 3593/openvpn For the above netstat, I don't know why it's udp instead of tcp. Maybe there is an issue there?
Interface config
ifconfig tun0 connect inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 ip route show:
default via 192.168.1.1 dev em1 10.8.0.0/24 via 10.8.0.2 dev tun0 10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1 192.168.1.0/24 dev em1 proto kernel scope link src 192.168.1.34 I've tried:
$iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE $iptables -A INPUT -i tun0 -j ACCEPT Enable IP forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
Also note that on the client side, I am trying to connect to the server with Tunnelblick, and have successfully added the client.conf, ca.crt, client1.ct, and clinet1.key. Upon trying to connect, there is activity with packets going out, but not in.
openvpnserver process that is already listening, with different configuration by any chance (I say this due to the "Address already in use" bit)? Usefuser -n tcp 1194to see which process is using tcp port 1194.netstat -nlp |grep 1194i get a one line output:udp 0 0 0.0.0.0:1194 0.0.0.0:* 9077/openvpn