tobipicomputers
New Member
Hello,
I have a tricky but actually simple problem.
I would like to run traffic from and to a Raspberry Pi through my Netcup server. So network traffic as well as web traffic. My Netcup server has an identifiable address and can be pinged everywhere. I want to have this on my Raspi too. For this I want to configure OpenVPN so that the connection is up (Pi <-> server). So my Pi is the cient and my server (Netcup) is my server (or host).
So here is some code for you guys:
For meaning: tobipiserver = Netcupserver and RaspiMum = Raspbery Pi.
server.config:
# OpenVPN Port, Protocol, and the Tun
port 16661
proto udp
dev tun
# OpenVPN Server Certificate - CA, server key and certificate
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/tobipiserver.crt
key /etc/openvpn/server/tobipiserver.key
#DH and CRL key
dh /etc/openvpn/server/dh.pem
#crl-verify /etc/openvpn/server/crl.pem
# Network Configuration - Internal network
# Redirect all Connection through OpenVPN Server
server 172.16.31.0 255.255.255.0
#push "redirect-gateway def1"
route 192.168.178.geschwärtzt 255.255.255.0
route 192.168.178.39 255.255.255.0
push "route 192.168.178.39 (thats the ip adress of my pi)) 255.255.255.0"
# Using the DNS from https://dns.watch
# push "dhcp-option DNS 84.200.69.80"
push "push 192.168.178.geschwärzt 255.255.255.0"
#Enable multiple clients to connect with the same certificate key !! Hinweis nu$
#duplicate-cn
# TLS Security
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher (blacked out)
auth SHA512
auth-nocache
# Other Configuration
keepalive 20 60
persist-key
persist-tun
compress lz4
#daemon
user nobody
group nogroup
# OpenVPN Log
log-append /var/log/openvpn.log
verb 3
hier meine client.conf:
client
dev tun
proto udp
remote geschwärzte IP Netcup Server 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/RaspiMum.crt
key /etc/openvpn/client/RaspiMum.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-C0
Data of my devices:
Linux RaspiMum 5.4.79-v7l+
Server:
OS: Debian GNU/Linux 10 (buster) x86_64
Host: KVM Server VPS 200 G8
Kernel: 4.19.0-11-amd64
CPU: QEMU Virtual version 2.5+ (1) @ 2.294GHz
Memory: 209MiB / 1995MiB
So but now does not work, the connection can not be established, I can only reach the Netcup server (logical, pay for it 3€ / month with access data). So what to do?
The output of some ip related information is down below:
The output of the server (Netcup Server)
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul t qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP gr oup default qlen 1000
link/ether 36:6c:be:00:a3:5f brd ff:ff:ff:ff:ff:ff
inet 152.89.104.68/22 brd 152.89.107.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a03:4000:39:75c:346c:beff:fe00:a35f/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::346c:beff:fe00:a35f/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast sta te UNKNOWN group default qlen 100
link/none
inet 172.16.31.1 peer 172.16.31.2/32 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::c8e9:3d92:f0eb:8513/64 scope link stable-privacy
valid_lft forever preferred_lft forever
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 152.89.104.1 0.0.0.0 UG 0 0 0 eth0
152.89.104.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
172.16.31.0 172.16.31.2 255.255.255.0 UG 0 0 0 tun0
172.16.31.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
sysctl net-ipv4.ip_forward
sysctl: cannot stat /proc/sys/net-ipv4/ip_forward: No such file or directory
So this is not installed at standard. How to add this?
sudo iptables -nvx -L POSTROUTING -t nat
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
On Raspberry Pi:
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul t qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group defa ult qlen 1000
link/ether dc:a6:32:5d:a9:cd brd ff:ff:ff:ff:ff:ff
inet 192.168.178.37/24 brd 192.168.178.255 scope global dynamic noprefixrout e eth0
valid_lft 863855sec preferred_lft 755855sec
inet6 2a02:8070:c38a:2d00:c483:35d7:cf61:e2e7/64 scope global dynamic mngtmp addr noprefixroute
valid_lft 7152sec preferred_lft 3552sec
inet6 fe80::29f9:a45b:f99b:50d5/64 scope link
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP g roup default qlen 1000
link/ether dc:a6:32:5d:a9:ce brd ff:ff:ff:ff:ff:ff
inet 192.168.178.39/24 brd 192.168.178.255 scope global dynamic noprefixrout e wlan0
valid_lft 863855sec preferred_lft 755855sec
inet6 2a02:8070:c38a:2d00:e96d:e96d:2f05:c669/64 scope global dynamic mngtmp addr noprefixroute
valid_lft 7152sec preferred_lft 3552sec
inet6 fe80::259b:4e43:32eb:f92/64 scope link
valid_lft forever preferred_lft forever
route -n
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.178.1 0.0.0.0 UG 202 0 0 eth0
0.0.0.0 192.168.178.1 0.0.0.0 UG 303 0 0 wlan0
192.168.178.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
192.168.178.0 0.0.0.0 255.255.255.0 U 303 0 0 wlan0
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1 also das scheint zu funktionieren und an zu sein.
sudo iptables -nvx -L POSTROUTING -t nat
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
I have a tricky but actually simple problem.
I would like to run traffic from and to a Raspberry Pi through my Netcup server. So network traffic as well as web traffic. My Netcup server has an identifiable address and can be pinged everywhere. I want to have this on my Raspi too. For this I want to configure OpenVPN so that the connection is up (Pi <-> server). So my Pi is the cient and my server (Netcup) is my server (or host).
So here is some code for you guys:
For meaning: tobipiserver = Netcupserver and RaspiMum = Raspbery Pi.
server.config:
# OpenVPN Port, Protocol, and the Tun
port 16661
proto udp
dev tun
# OpenVPN Server Certificate - CA, server key and certificate
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/tobipiserver.crt
key /etc/openvpn/server/tobipiserver.key
#DH and CRL key
dh /etc/openvpn/server/dh.pem
#crl-verify /etc/openvpn/server/crl.pem
# Network Configuration - Internal network
# Redirect all Connection through OpenVPN Server
server 172.16.31.0 255.255.255.0
#push "redirect-gateway def1"
route 192.168.178.geschwärtzt 255.255.255.0
route 192.168.178.39 255.255.255.0
push "route 192.168.178.39 (thats the ip adress of my pi)) 255.255.255.0"
# Using the DNS from https://dns.watch
# push "dhcp-option DNS 84.200.69.80"
push "push 192.168.178.geschwärzt 255.255.255.0"
#Enable multiple clients to connect with the same certificate key !! Hinweis nu$
#duplicate-cn
# TLS Security
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher (blacked out)
auth SHA512
auth-nocache
# Other Configuration
keepalive 20 60
persist-key
persist-tun
compress lz4
#daemon
user nobody
group nogroup
# OpenVPN Log
log-append /var/log/openvpn.log
verb 3
hier meine client.conf:
client
dev tun
proto udp
remote geschwärzte IP Netcup Server 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/RaspiMum.crt
key /etc/openvpn/client/RaspiMum.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-C0
Data of my devices:
Linux RaspiMum 5.4.79-v7l+
Server:
OS: Debian GNU/Linux 10 (buster) x86_64
Host: KVM Server VPS 200 G8
Kernel: 4.19.0-11-amd64
CPU: QEMU Virtual version 2.5+ (1) @ 2.294GHz
Memory: 209MiB / 1995MiB
So but now does not work, the connection can not be established, I can only reach the Netcup server (logical, pay for it 3€ / month with access data). So what to do?
The output of some ip related information is down below:
The output of the server (Netcup Server)
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul t qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP gr oup default qlen 1000
link/ether 36:6c:be:00:a3:5f brd ff:ff:ff:ff:ff:ff
inet 152.89.104.68/22 brd 152.89.107.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a03:4000:39:75c:346c:beff:fe00:a35f/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::346c:beff:fe00:a35f/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast sta te UNKNOWN group default qlen 100
link/none
inet 172.16.31.1 peer 172.16.31.2/32 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::c8e9:3d92:f0eb:8513/64 scope link stable-privacy
valid_lft forever preferred_lft forever
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 152.89.104.1 0.0.0.0 UG 0 0 0 eth0
152.89.104.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
172.16.31.0 172.16.31.2 255.255.255.0 UG 0 0 0 tun0
172.16.31.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
sysctl net-ipv4.ip_forward
sysctl: cannot stat /proc/sys/net-ipv4/ip_forward: No such file or directory
So this is not installed at standard. How to add this?
sudo iptables -nvx -L POSTROUTING -t nat
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
On Raspberry Pi:
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul t qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group defa ult qlen 1000
link/ether dc:a6:32:5d:a9:cd brd ff:ff:ff:ff:ff:ff
inet 192.168.178.37/24 brd 192.168.178.255 scope global dynamic noprefixrout e eth0
valid_lft 863855sec preferred_lft 755855sec
inet6 2a02:8070:c38a:2d00:c483:35d7:cf61:e2e7/64 scope global dynamic mngtmp addr noprefixroute
valid_lft 7152sec preferred_lft 3552sec
inet6 fe80::29f9:a45b:f99b:50d5/64 scope link
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP g roup default qlen 1000
link/ether dc:a6:32:5d:a9:ce brd ff:ff:ff:ff:ff:ff
inet 192.168.178.39/24 brd 192.168.178.255 scope global dynamic noprefixrout e wlan0
valid_lft 863855sec preferred_lft 755855sec
inet6 2a02:8070:c38a:2d00:e96d:e96d:2f05:c669/64 scope global dynamic mngtmp addr noprefixroute
valid_lft 7152sec preferred_lft 3552sec
inet6 fe80::259b:4e43:32eb:f92/64 scope link
valid_lft forever preferred_lft forever
route -n
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.178.1 0.0.0.0 UG 202 0 0 eth0
0.0.0.0 192.168.178.1 0.0.0.0 UG 303 0 0 wlan0
192.168.178.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
192.168.178.0 0.0.0.0 255.255.255.0 U 303 0 0 wlan0
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1 also das scheint zu funktionieren und an zu sein.
sudo iptables -nvx -L POSTROUTING -t nat
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination