Linux Client Configuration
Posted: Sat Jul 28, 2018 6:42 am
Hi I have done:
SERVER/NETWORK
1) A small server at home based on raspi where I have compiled and configured a local vpn.
2)Configured it via GUI using ReactOS (I can't belive it works).
3)I have LocalBridge that connect vitual hub with phisical card.
This is the guide where I took idea and code https://liewdaryl.wordpress.com/2015/06 ... erry-pi-2/
but also those are very useful was
http://blog.lincoln.hk/blog/2013/03/19/ ... er-on-vps/
http://blog.lincoln.hk/blog/2013/05/17/ ... al-bridge/
My network is 192.168.11.xxx
I have a Router with DHCP at 192.168.11.1
I am behind double NAT network and this is not so great so i use vpnazure
CLIENT
I need:
1) The devices works remotely as connected locally to the LAN I have mobile Internet WIFI key or thetering phone.
2) The possibilities of the devices to connect also as local in the LAN (without messing up all)
3) The ability to navigate via Internet using (preferentially no vpn but real interface)
So what I have done
In Debian Laptop i have
1) make vpnclient
2) via vpncmd
2.1) Created a NIC niccreate
2.2) Created an account
2.3) Set the password
2.4) Start the connection.
And OK it say connected. Also the server say connected.
So i have this situation when in VPN
1)
wls5 wireles of laptop connected to the phone then to the internet
inet 192.168.43.229/24 brd 192.168.43.255 scope global dynamic wls5
2)vpn_test1 the nic created by softether
no ip assigned
Now I can ping my vpnazure.
ip route show
default via 192.168.43.1 dev wls5 proto static metric 600
192.168.43.0/24 dev wls5 proto kernel scope link src 192.168.43.229 metric 600
Now I can see if I am really connected
sudo dhclient vpn_test1
now i have an IP assigned by dhcp remote router
ip a
vpn_test1 the nic created by softether
inet 192.168.11.107/24 brd 192.168.11.255 scope global vpn_test1
It looks like OK but.........................................suddenly
1) accountlist shows vpn in Connecting status
2) dns can't resolve anything
3) traceroute / ping go nowhere
4) ip route show
default via 192.168.11.1 dev vpn_test1
default via 192.168.43.1 dev wls5 proto static metric 600
192.168.11.0/24 dev vpn_test1 proto kernel scope link src 192.168.11.107
192.168.43.0/24 dev wls5 proto kernel scope link src 192.168.43.229 metric 600
So I think that system try to resolve vpnazure thru the vpn itself and it goes down
if I do accountdisconnect and account connect it vpn keep the status connecting
if i do
ip addr flush dev vpn_test1
route become clear
I can do a disconnect and reconnect and it works return at the point before dhclient.
HOW TO SOLVE?
some ideas reading around.
1)create a TUN on the server a private DHCP on the server and a routing rule between TUN and real network?
2)Create a specific configuration on each client?
I think the first is the better because I can create 2 TUN 2 VirtualHUB.
The first can issue via DNS the info to use client resource to navigate in internet and vpn to reach a range of ip.
The second can issue to use VPN for each resolution exept the endpoint of vpnazure.
Is this possible.
SERVER/NETWORK
1) A small server at home based on raspi where I have compiled and configured a local vpn.
2)Configured it via GUI using ReactOS (I can't belive it works).
3)I have LocalBridge that connect vitual hub with phisical card.
This is the guide where I took idea and code https://liewdaryl.wordpress.com/2015/06 ... erry-pi-2/
but also those are very useful was
http://blog.lincoln.hk/blog/2013/03/19/ ... er-on-vps/
http://blog.lincoln.hk/blog/2013/05/17/ ... al-bridge/
My network is 192.168.11.xxx
I have a Router with DHCP at 192.168.11.1
I am behind double NAT network and this is not so great so i use vpnazure
CLIENT
I need:
1) The devices works remotely as connected locally to the LAN I have mobile Internet WIFI key or thetering phone.
2) The possibilities of the devices to connect also as local in the LAN (without messing up all)
3) The ability to navigate via Internet using (preferentially no vpn but real interface)
So what I have done
In Debian Laptop i have
1) make vpnclient
2) via vpncmd
2.1) Created a NIC niccreate
2.2) Created an account
2.3) Set the password
2.4) Start the connection.
And OK it say connected. Also the server say connected.
So i have this situation when in VPN
1)
wls5 wireles of laptop connected to the phone then to the internet
inet 192.168.43.229/24 brd 192.168.43.255 scope global dynamic wls5
2)vpn_test1 the nic created by softether
no ip assigned
Now I can ping my vpnazure.
ip route show
default via 192.168.43.1 dev wls5 proto static metric 600
192.168.43.0/24 dev wls5 proto kernel scope link src 192.168.43.229 metric 600
Now I can see if I am really connected
sudo dhclient vpn_test1
now i have an IP assigned by dhcp remote router
ip a
vpn_test1 the nic created by softether
inet 192.168.11.107/24 brd 192.168.11.255 scope global vpn_test1
It looks like OK but.........................................suddenly
1) accountlist shows vpn in Connecting status
2) dns can't resolve anything
3) traceroute / ping go nowhere
4) ip route show
default via 192.168.11.1 dev vpn_test1
default via 192.168.43.1 dev wls5 proto static metric 600
192.168.11.0/24 dev vpn_test1 proto kernel scope link src 192.168.11.107
192.168.43.0/24 dev wls5 proto kernel scope link src 192.168.43.229 metric 600
So I think that system try to resolve vpnazure thru the vpn itself and it goes down
if I do accountdisconnect and account connect it vpn keep the status connecting
if i do
ip addr flush dev vpn_test1
route become clear
I can do a disconnect and reconnect and it works return at the point before dhclient.
HOW TO SOLVE?
some ideas reading around.
1)create a TUN on the server a private DHCP on the server and a routing rule between TUN and real network?
2)Create a specific configuration on each client?
I think the first is the better because I can create 2 TUN 2 VirtualHUB.
The first can issue via DNS the info to use client resource to navigate in internet and vpn to reach a range of ip.
The second can issue to use VPN for each resolution exept the endpoint of vpnazure.
Is this possible.