Hi I have done:
SERVER/NETWORK
1) A small server at home based on raspi where I have compiled and configured a local vpn.
2)Configured it via GUI using ReactOS (I can't belive it works).
3)I have LocalBridge that connect vitual hub with phisical card.
This is the guide where I took idea and code https://liewdaryl.wordpress.com/2015/06 ... erry-pi-2/
but also those are very useful was
http://blog.lincoln.hk/blog/2013/03/19/ ... er-on-vps/
http://blog.lincoln.hk/blog/2013/05/17/ ... al-bridge/
My network is 192.168.11.xxx
I have a Router with DHCP at 192.168.11.1
I am behind double NAT network and this is not so great so i use vpnazure
CLIENT
I need:
1) The devices works remotely as connected locally to the LAN I have mobile Internet WIFI key or thetering phone.
2) The possibilities of the devices to connect also as local in the LAN (without messing up all)
3) The ability to navigate via Internet using (preferentially no vpn but real interface)
So what I have done
In Debian Laptop i have
1) make vpnclient
2) via vpncmd
2.1) Created a NIC niccreate
2.2) Created an account
2.3) Set the password
2.4) Start the connection.
And OK it say connected. Also the server say connected.
So i have this situation when in VPN
1)
wls5 wireles of laptop connected to the phone then to the internet
inet 192.168.43.229/24 brd 192.168.43.255 scope global dynamic wls5
2)vpn_test1 the nic created by softether
no ip assigned
Now I can ping my vpnazure.
ip route show
default via 192.168.43.1 dev wls5 proto static metric 600
192.168.43.0/24 dev wls5 proto kernel scope link src 192.168.43.229 metric 600
Now I can see if I am really connected
sudo dhclient vpn_test1
now i have an IP assigned by dhcp remote router
ip a
vpn_test1 the nic created by softether
inet 192.168.11.107/24 brd 192.168.11.255 scope global vpn_test1
It looks like OK but.........................................suddenly
1) accountlist shows vpn in Connecting status
2) dns can't resolve anything
3) traceroute / ping go nowhere
4) ip route show
default via 192.168.11.1 dev vpn_test1
default via 192.168.43.1 dev wls5 proto static metric 600
192.168.11.0/24 dev vpn_test1 proto kernel scope link src 192.168.11.107
192.168.43.0/24 dev wls5 proto kernel scope link src 192.168.43.229 metric 600
So I think that system try to resolve vpnazure thru the vpn itself and it goes down
if I do accountdisconnect and account connect it vpn keep the status connecting
if i do
ip addr flush dev vpn_test1
route become clear
I can do a disconnect and reconnect and it works return at the point before dhclient.
HOW TO SOLVE?
some ideas reading around.
1)create a TUN on the server a private DHCP on the server and a routing rule between TUN and real network?
2)Create a specific configuration on each client?
I think the first is the better because I can create 2 TUN 2 VirtualHUB.
The first can issue via DNS the info to use client resource to navigate in internet and vpn to reach a range of ip.
The second can issue to use VPN for each resolution exept the endpoint of vpnazure.
Is this possible.
Linux Client Configuration
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Linux Client Configuration
>default via 192.168.11.1 dev vpn_test1
This configuration is not good.
You don't need it.
This configuration is not good.
You don't need it.
-
- Posts: 202
- Joined: Wed Jul 10, 2013 2:07 pm
Re: Linux Client Configuration
I set vpnclient to auto-connect and use this bash script
qupfer@yogaarch ~ % cat vpnstart.sh
#!/bin/bash
sudo vpnclient start
sleep 1
sudo dhcpcd -B -G -C resolv.conf vpn_vpn #stops with ctrl+c
sudo vpnclient stop
Other solution should be to add a static route to your vpn-server. I think your problem is, that your system tries to send the encrypted vpn traffic through the vpn because you got a new default route which point to the vpn tunnel endpoint.
qupfer@yogaarch ~ % cat vpnstart.sh
#!/bin/bash
sudo vpnclient start
sleep 1
sudo dhcpcd -B -G -C resolv.conf vpn_vpn #stops with ctrl+c
sudo vpnclient stop
Other solution should be to add a static route to your vpn-server. I think your problem is, that your system tries to send the encrypted vpn traffic through the vpn because you got a new default route which point to the vpn tunnel endpoint.
-
- Posts: 3
- Joined: Fri Jul 27, 2018 6:36 am
Re: Linux Client Configuration
thisjun wrote:
> >default via 192.168.11.1 dev vpn_test1
>
> This configuration is not good.
> You don't need it.
OK this i true i have to delete it but how to avoid its creation?
> >default via 192.168.11.1 dev vpn_test1
>
> This configuration is not good.
> You don't need it.
OK this i true i have to delete it but how to avoid its creation?
-
- Posts: 3
- Joined: Fri Jul 27, 2018 6:36 am
Re: Linux Client Configuration
Yes this is the problem but dhcpcd
-B, --nobackground
-G, --nogateway
-C, --nohook script
So to stop dhcpcd from touching your DNS or MTU settings you would do:-
dhcpcd -C resolv.conf -C mtu eth0
This could be useful thanks!
qupfer wrote:
> I set vpnclient to auto-connect and use this bash script
>
> qupfer@yogaarch ~ % cat vpnstart.sh
> #!/bin/bash
> sudo vpnclient start
> sleep 1
> sudo dhcpcd -B -G -C resolv.conf vpn_vpn #stops with ctrl+c
> sudo vpnclient stop
>
>
> Other solution should be to add a static route to your vpn-server. I think
> your problem is, that your system tries to send the encrypted vpn traffic
> through the vpn because you got a new default route which point to the vpn
> tunnel endpoint.
-B, --nobackground
-G, --nogateway
-C, --nohook script
So to stop dhcpcd from touching your DNS or MTU settings you would do:-
dhcpcd -C resolv.conf -C mtu eth0
This could be useful thanks!
qupfer wrote:
> I set vpnclient to auto-connect and use this bash script
>
> qupfer@yogaarch ~ % cat vpnstart.sh
> #!/bin/bash
> sudo vpnclient start
> sleep 1
> sudo dhcpcd -B -G -C resolv.conf vpn_vpn #stops with ctrl+c
> sudo vpnclient stop
>
>
> Other solution should be to add a static route to your vpn-server. I think
> your problem is, that your system tries to send the encrypted vpn traffic
> through the vpn because you got a new default route which point to the vpn
> tunnel endpoint.