Carmageddon
Technical User
Hi, I am trying to setup a VPN tunnel between my computer at the campus (with lots of limitations, such as no outgoing UDP traffic at all, limited outgoing tcp ports as well), and my home computer - which sits behind a router Netgear WGT624.
This (campus computer at my dorms) is also behind a router - Linksys WGT54GL with DD-WRT firmware).
To connect to the network, I am getting an IP from CheckPoint firewall via DHCP, and then to finally get access, I need to telnet to it, and write user/pass provided by uni - method of control after uni resources were abused in the past to launch attacks against US targets...
Anyhow, my LAN in uni is at 192.168.1.1 for router, 1.2 for the desktop computer I am using (the VPN client).
Home LAN is 10.1.1.1, with designated VPN server being 1.2
VPN server is defined to work at the 10.10.10.1 range, however for some reason, it seems the server doesnt get the .1 ip assigned, but different one, not sure how significant it is.
Anyhow:
Here is routing table print from both ends:
SERVER:
CLIENT:
Now, server config file:
(I've cleared out all the # comments, to make it easier to read.
Now the Client config file:
It seems I can ping 10.10.10.1 just fine and gettin reply back - which means tunnel works great (uni blocks ICMP packets too.
Which leaves me with only few problems:
1) How do I route single IP through the VPN exactly?
I have tried to test with ipchicken.com for example (209.68.27.16), trying various route syntaxes, one of them:
route add 209.68.27.16 mask 255.255.255.255 10.1
0.10.6 metric 1
This however makes the site unreachable at all (although I think it still manages to DNS it into IP when used from Avant browser - did not even try IE7).
2) How do I route specific IPs through the VPN? do I need special route paths added on client as well as server? if so which ones?
3) How do I route a certain application through the VPN interface? my main problem, is Ventrilo 3.0.1 (VoIP popular in various games), which since upgrade from 2.3.1 uses UDP - which I cant relay through regular SOCKs proxy, and it 'calls home, as well as the specific clan server on UDP ports - hence why I need to route the whole application through VPN.
4) Last but not least - I'd welcome any suggestions and further ideas on how to improve and get the system working
PS my uni IP from DHCP is 132.72.151.107 - if thats of any help.
Thanks in advance to all those who get through this long post, and help
This (campus computer at my dorms) is also behind a router - Linksys WGT54GL with DD-WRT firmware).
To connect to the network, I am getting an IP from CheckPoint firewall via DHCP, and then to finally get access, I need to telnet to it, and write user/pass provided by uni - method of control after uni resources were abused in the past to launch attacks against US targets...
Anyhow, my LAN in uni is at 192.168.1.1 for router, 1.2 for the desktop computer I am using (the VPN client).
Home LAN is 10.1.1.1, with designated VPN server being 1.2
VPN server is defined to work at the 10.10.10.1 range, however for some reason, it seems the server doesnt get the .1 ip assigned, but different one, not sure how significant it is.
Anyhow:
Here is routing table print from both ends:
SERVER:
Code:
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...7a 79 05 b1 fe 0d ...... Hamachi Network Interface
0x3 ...00 c0 9f 69 ad d8 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - ?
???-?÷??? ?? ?·µ?? ???·
0x4 ...00 90 4b 9f fd 91 ...... Broadcom 802.11b/g WLAN - ????-?÷??? ?? ?·µ?? ??
?·
0x10006 ...00 ff 54 b6 e6 d5 ...... TAP-Win32 Adapter V8 - ????-?÷??? ?? ?·µ?? ?
??·
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.2 25
5.0.0.0 255.0.0.0 5.177.254.13 5.177.254.13 20
5.177.254.13 255.255.255.255 127.0.0.1 127.0.0.1 20
5.255.255.255 255.255.255.255 5.177.254.13 5.177.254.13 20
10.1.1.0 255.255.255.0 10.1.1.2 10.1.1.2 25
10.1.1.2 255.255.255.255 127.0.0.1 127.0.0.1 25
10.10.10.0 255.255.255.252 10.10.10.1 10.10.10.1 30
10.10.10.0 255.255.255.0 10.10.10.2 10.10.10.1 1
10.10.10.1 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.1.1.2 10.1.1.2 25
10.255.255.255 255.255.255.255 10.10.10.1 10.10.10.1 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 5.177.254.13 5.177.254.13 20
224.0.0.0 240.0.0.0 10.1.1.2 10.1.1.2 25
224.0.0.0 240.0.0.0 10.10.10.1 10.10.10.1 30
255.255.255.255 255.255.255.255 5.177.254.13 3 1
255.255.255.255 255.255.255.255 5.177.254.13 5.177.254.13 1
255.255.255.255 255.255.255.255 10.1.1.2 10.1.1.2 1
255.255.255.255 255.255.255.255 10.10.10.1 10.10.10.1 1
Default Gateway: 10.1.1.1
===========================================================================
Persistent Routes:
None
Code:
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...04 4b 80 80 80 03 ...... NVIDIA nForce Networking Controller
0x3 ...04 4b 80 80 80 03 ...... NVIDIA nForce Networking Controller #2
0x4 ...00 ff 8e 65 d4 ba ...... TAP-Win32 Adapter V8
0x5 ...00 11 b1 07 a3 30 ...... Bluetooth PAN Network Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
10.10.10.1 255.255.255.255 10.10.10.5 10.10.10.6 1
10.10.10.4 255.255.255.252 10.10.10.6 10.10.10.6 30
10.10.10.6 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.10.10.6 10.10.10.6 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
192.168.50.0 255.255.255.0 192.168.50.1 192.168.50.1 30
192.168.50.1 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.50.255 255.255.255.255 192.168.50.1 192.168.50.1 30
224.0.0.0 240.0.0.0 10.10.10.6 10.10.10.6 30
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.50.1 192.168.50.1 30
255.255.255.255 255.255.255.255 10.10.10.6 10.10.10.6 1
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
255.255.255.255 255.255.255.255 192.168.50.1 3 1
255.255.255.255 255.255.255.255 192.168.50.1 192.168.50.1 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
Now, server config file:
Code:
local 10.1.1.2
port 443
# TCP or UDP server?
proto tcp
;proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.10.10.0 255.255.255.0
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway"
;push "dhcp-option DNS 10.8.0.1"
;push "dhcp-option WINS 10.8.0.1"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
mute 20
(I've cleared out all the # comments, to make it easier to read.
Now the Client config file:
Code:
client
;dev tap
dev tun
;dev-node MyTap
proto tcp
;proto udp
remote uniproxy.dyndns.org 443
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert Desktop.crt
key Desktop.key
;ns-cert-type server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
mute 20
It seems I can ping 10.10.10.1 just fine and gettin reply back - which means tunnel works great (uni blocks ICMP packets too.
Which leaves me with only few problems:
1) How do I route single IP through the VPN exactly?
I have tried to test with ipchicken.com for example (209.68.27.16), trying various route syntaxes, one of them:
route add 209.68.27.16 mask 255.255.255.255 10.1
0.10.6 metric 1
This however makes the site unreachable at all (although I think it still manages to DNS it into IP when used from Avant browser - did not even try IE7).
2) How do I route specific IPs through the VPN? do I need special route paths added on client as well as server? if so which ones?
3) How do I route a certain application through the VPN interface? my main problem, is Ventrilo 3.0.1 (VoIP popular in various games), which since upgrade from 2.3.1 uses UDP - which I cant relay through regular SOCKs proxy, and it 'calls home, as well as the specific clan server on UDP ports - hence why I need to route the whole application through VPN.
4) Last but not least - I'd welcome any suggestions and further ideas on how to improve and get the system working
PS my uni IP from DHCP is 132.72.151.107 - if thats of any help.
Thanks in advance to all those who get through this long post, and help