Hi all! I have been a linux user for some years although I'm very new to the networking aspects. This is the first time I will use OpenVPN and I have been strugling to make it work for a few days. I need to connect my home and work PCs (just two computers, each in a different location and with a different network) to use ssh in a way that I can access either computer. Then I could syncronize my files using the commands: sync, unison, etc.
Both computers are using Debian 12. In case this info could be relevant, one computer has the default Debian kernel: 6.1.0-30-amd64, arch: x86_64.
The other computer is using a newer kernel to achieve wifi compatibility: Kernel: 6.10.11+bpo-amd64 arch: x86_64. I would like to set both as server and client to access them from either location.
I installed the default OpenVPN in Debian 12:
OpenVPN 2.6.3 x86_64-pc-linux-gnu
library versions: OpenSSL 3.0.15 3 Sep 2024, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
First I followed the wiki debian page: https://wiki.debian.org/OpenVPN:
In that page they first cover how to install and run openvpn in a raw unsecure connection just for testing. But the test didn't go well for me. Later they continue to configure openvpn which I also did, but still it seem not to work. Then I went through more complex guides on the net, configuring certificates, etc.... no luck. I think I should focus on that first step on the debian wiki page and find out why the raw test doesn't work.
So here are the steps I followed from the debian wiki:
On the server's firewall, open up UDP 1194 (default port).
I accomplished this using firewalld (which is the recommended program to reach the nftables in Debian).I also check that the openvpn service was active and enable:And I included OpenVPN in the firewall too:Here is the output of my firewalld configuration with the command: sudo firewall-cmd --list-allSince I want to use both computers as servers I did all those steps in both computers.
From one computer (let's call it the server now) I run an openvpn instance:If I understood it well, I have to replace CLIENT_IP with the public IP of the other computer (let's call it the client). I opted to get the IP using the command:and copy/paste the IP, replacing the CLIENT_IP part in the command above.
So here is the output of: sudo openvpn --remote xxx.xxx.xxx.xxx. --dev tun1 --ifconfig 10.9.8.1 10.9.8.2.
So I got this good line saying: TUN/TAP device tun1 opened
While openvpn is running, I execute from another terminal the command "ip a" and get this output:I then continue with the debian wiki page, go to the client and run:replacing now the SERVER_IP too with the public IP of the "server" computer.
I get a very similar output as before, just exchanging the 10.9.8.1 and 10.9.8.2.
I am also supposed to be able to ping the server: ping 10.9.8.1, but it doesn't work:
PING 10.9.8.1 (10.9.8.1) 56(84) bytes of data.
--- 10.9.8.1 ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 10312ms
So please, could anyone help me about how and where could I start searching for the issue in my openvpn or my computers? What commands could I run for debugging? Could it be something with my router instead? In that case, how can I configure my router to let openvpn connections?
Both computers are using Debian 12. In case this info could be relevant, one computer has the default Debian kernel: 6.1.0-30-amd64, arch: x86_64.
The other computer is using a newer kernel to achieve wifi compatibility: Kernel: 6.10.11+bpo-amd64 arch: x86_64. I would like to set both as server and client to access them from either location.
I installed the default OpenVPN in Debian 12:
OpenVPN 2.6.3 x86_64-pc-linux-gnu
library versions: OpenSSL 3.0.15 3 Sep 2024, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
First I followed the wiki debian page: https://wiki.debian.org/OpenVPN:
In that page they first cover how to install and run openvpn in a raw unsecure connection just for testing. But the test didn't go well for me. Later they continue to configure openvpn which I also did, but still it seem not to work. Then I went through more complex guides on the net, configuring certificates, etc.... no luck. I think I should focus on that first step on the debian wiki page and find out why the raw test doesn't work.
So here are the steps I followed from the debian wiki:
Code:
sudo apt-get install openvpnsudo apt-get install network-manager-openvpn-gnome
I accomplished this using firewalld (which is the recommended program to reach the nftables in Debian).
Code:
sudo apt install firewalldsudo systemctl start firewalldsudo systemctl enable firewalldsudo firewall-cmd --add-port=1194/udp
Code:
sudo systemctl start openvpn.service
Code:
sudo systemctl enable openvpn.service
Code:
sudo firewall-cmd --add-service openvpn.service
Code:
public (active)target: defaulticmp-block-inversion: nointerfaces: wlp7s0sources:services: dhcpv6-client openvpn sshports: 1194/udpprotocols:forward: yesmasquerade: noforward-ports:source-ports:icmp-blocks:rich rules:
From one computer (let's call it the server now) I run an openvpn instance:
Code:
sudo openvpn --remote CLIENT_IP --dev tun1 --ifconfig 10.9.8.1 10.9.8.2
Code:
curl https://api.ipify.org
So here is the output of: sudo openvpn --remote xxx.xxx.xxx.xxx. --dev tun1 --ifconfig 10.9.8.1 10.9.8.2.
Code:
2025-01-23 19:42:08 DEPRECATION: No tls-client or tls-server option in configuration detected. OpenVPN 2.7 will remove the functionality to run a VPN without TLS. See the examples section in the manual page for examples of a similar quick setup with peer-fingerprint.2025-01-23 19:42:08 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]2025-01-23 19:42:08 library versions: OpenSSL 3.0.15 3 Sep 2024, LZO 2.102025-01-23 19:42:08 DCO version: N/A2025-01-23 19:42:08 ******* WARNING *******: '--cipher none' was specified. This means NO encryption will be performed and tunnelled data WILL be transmitted in clear text over the network! PLEASE DO RECONSIDER THIS SETTING!2025-01-23 19:42:08 ******* WARNING *******: '--auth none' was specified. This means no authentication will be performed on received packets, meaning you CANNOT trust that the data received by the remote side have NOT been manipulated. PLEASE DO RECONSIDER THIS SETTING!2025-01-23 19:42:08 ******* WARNING *******: All encryption and authentication features disabled -- All data will be tunnelled as clear text and will not be protected against man-in-the-middle changes. PLEASE DO RECONSIDER THIS CONFIGURATION!2025-01-23 19:42:08 TUN/TAP device tun1 opened2025-01-23 19:42:08 net_iface_mtu_set: mtu 1500 for tun12025-01-23 19:42:08 net_iface_up: set tun1 up2025-01-23 19:42:08 net_addr_ptp_v4_add: 10.9.8.1 peer 10.9.8.2 dev tun12025-01-23 19:42:08 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:11942025-01-23 19:42:08 UDPv4 link local (bound): [AF_INET][undef]:11942025-01-23 19:42:08 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
While openvpn is running, I execute from another terminal the command "ip a" and get this output:
Code:
tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500 link/none inet 10.9.8.1 peer 10.9.8.2/32 scope global tun1 valid_lft forever preferred_lft forever
Code:
sudo openvpn --remote SERVER_IP --dev tun1 --ifconfig 10.9.8.2 10.9.8.1
I get a very similar output as before, just exchanging the 10.9.8.1 and 10.9.8.2.
I am also supposed to be able to ping the server: ping 10.9.8.1, but it doesn't work:
PING 10.9.8.1 (10.9.8.1) 56(84) bytes of data.
--- 10.9.8.1 ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 10312ms
So please, could anyone help me about how and where could I start searching for the issue in my openvpn or my computers? What commands could I run for debugging? Could it be something with my router instead? In that case, how can I configure my router to let openvpn connections?
Statistics: Posted by anndreih — 2025-01-23 20:08 — Replies 0 — Views 37