Linux Networking – OpenVPN Bridge Cannot Access Network Resources

linuxnetworkingserver-message-blockvpn

Desired End Result:
- Set up OpenVPN bridged network to access resources stored in NAS via SMB share over the internet
- connect to VMs via RDP (without port forwarding).
Problem:
- Laptop has successfully(?) made connection with the server. However, laptop cannot access any resources on the subnet (192.168.111.0)
- Laptop extracts the dhcp gateway (192.168.111.1), but fails to be assigned an IP address.

So this what I have made so far. I've been struggling with this for days already,(actually weeks, if I count in previous attempts which eventually ended with me giving up) and I can't figure out what the problem is.

Network Diagram]

As you see in this image, I have a linksys router connected to the internet. It has a DynDNS account connected to it, and under it there are two computers I want access to: a NAS running on Windows 10 with SMB shares, and a VM Host running Virtualbox on Windows 8.1 Embedded. VM Host runs several VMs also running Windows 10, 7 and XP, which I use for work and testing for my web design projects, as well as two Linux Servers running Ubuntu Server 18.04, one of them being the OpenVPN server in question. I have set up two network interfaces on it. One (~.191) is currently port forwarded to the internet so I can SSH into it, and the other (~.200) is set up for bridging.

I want my laptop to get assigned 192.168.111.- subnet IP and be able to access the SMB share resources and RDP into the Virtual Machines. I managed to set up the server and generate RSA Certificates, and make connection between my laptop and the VPN server, but I cannot access or ping any other computer within the network. I'm a web designer / frontend guy and I can't say I'm familiar with under-the-hood networking or Linux, so to be honest I'm not even sure if I'm doing this right. Any ideas or hints would be greatly appreciated. Thanks.

The following links are the server and client logs and config files, and ifconfig of the server. Initial setup is based on this tutorial, and made some changes based on this tutorial on the ethernet bridging.

Gist of logs and config files

Best Answer

I have the exact setup you're aiming for at my home.

I have a DynDNS account configured in my router and an OpenVPN server running on a physical Linux host which is configured with a bridged NIC and also runs several KVM machines which are also accessible from OpenVPN client machines and another Windows machine with SMB shares.

This is my setup:

My home network subnet is:

10.13.0.0/24

My OpenVPN server assigns OpenVPN client machines IPs in the following network subnet:

10.14.0.0/24

Each machine in my home subnet (10.13.0.0/24) is configured with a static route to the OpenVPN subnet (10.14.0.0/24) and each OpenVPN client machine is getting a pushed route to the home subnet from the OpenVPN server, so OpenVPN clients are able to establish a two-sided connection with machines in my home network.

Here are your action items:

Configure your OpenVPN server like so:

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
comp-lzo
dev tun
group nobody
ifconfig-pool-persist ipp.txt
keepalive 10 120
key /etc/openvpn/easy-rsa/2.0/keys/server.key  # This file should be kept secret
persist-key
persist-tun
port 1195
proto tcp
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "route 10.13.0.0 255.255.255.0"
push "route 10.14.0.0 255.255.255.0"
server 10.14.0.0 255.255.255.0
status port_1195.log
verb 3

Only change TCP to UDP if you prefer and the port number if you prefer another.

In your windows machine, add the following route (-p = Static route):

route ADD <OpenVPN subnet> MASK 255.255.255.0 <Router IP> -p

In your Linux machines, add the following route:

route add -net <OpenVPN subnet/size> gw <Router IP>

In addition to the above, you also need to configure a port forward rule in your router which looks like so:

I wrote a while back a very extensive manual for that process and even though it is written for a CentOS Linux, the routing steps which I've described in the article apply to all Linux flavors, so I recommend you to check my article for more information.

I hope I helped.

Related Solutions

VirtualBox Networking – How to Set Up Networking for Host and Guest

Try this:

Setup the virtualbox to use 2 adapters:
- The first adapter is set to NAT (that will give you the internet connection).
- The second adapter is set to host only.
Start the virtual machine and assign a static IP for the second adapter in Ubuntu (for instance 192.168.56.56). The host Windows will have 192.168.56.1 as IP for the internal network (VirtualBox Host-Only Network is the name in network connections in Windows). What this will give you is being able to access the apache server on ubuntu, from windows, by going to 192.168.56.56. Also, Ubuntu will have internet access, since the first adapter (set to NAT) will take care of that.
Now, to make the connection available both ways (accessing the windows host from the ubuntu guest) there's still one more step to be performed. Windows will automatically add the virtualbox host-only network to the list of public networks and that cannot be changed. This entails that the firewall will prevent proper access.
To overcome this and not make any security breaches in your setup:
- go to the windows firewall section, in control panel,
- click on advanced settings. In the page that pops up,
- click on inbound rules (left column), then on new rule (right column). Chose custom rule, set the rule to allow all programs, and any protocol. For the scope, add in the first box (local IP addresses) 192.168.56.1, and in the second box (remote IP) 192.168.56.56. Click next, select allow the connection, next, check all profiles, next, give it a name and save.

That's it, now you have 2 way communication, with apache/any other service available as well as internet. The final step is to setup a share. Do not use the shared folders feature in virtualbox, it's quite buggy especially with windows 7 (and 64 bit). Instead use samba shares - fast and efficient.

Follow this link for how to set that up: https://wiki.ubuntu.com/MountWindowsSharesPermanently

OpenVpn bridge interface does not respond to incoming packets from outer network !

The problem is that when the start script takes eth0 down, it destroys your default gateway route. When the script brings the interfaces up, you aren't using DHCP, you're setting the IPs and subnets manually. Normally you would get the route from DHCP without the bridge. You can either comment out parts of the script so that br0 gets eth0's IP (and thus the route as well) from DHCP, or you can add a line to manually add the route at the end of the script:

route add default gw 192.168.22.1

Best Answer

Related Solutions

VirtualBox Networking – How to Set Up Networking for Host and Guest

OpenVpn bridge interface does not respond to incoming packets from outer network !

Related Topic