Hello.
I hope here i can find some pointers or a solution.
From home i have to connect to work via VPN, i have Fortinet VPN. In present time i connect from my laptop , win 10 with Forticlient.
From the router i can connect to my VPN at work , and connect to my server on telnet, but how can i share that connection to my LAN machines ?
I have a netgear R7800 router with voxel Firmware Version V1.0.2.83SF and with OPKG i installed openfortivpn - 1.15.0-1 .
root@Router:~$ uname -a
Linux Router 3.4.103 #1 SMP Fri Mar 12 13:53:38 UTC 2021 armv7l IPQ8065
I configure on my router openfortivpn with IP , port , username & password and is connecting to VPN server at work , creating a new interface PPP1.
Before i connect this is my route in the router
root@Router:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 0 0 0 ppp0
10.0.0.1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
239.0.0.0 * 255.0.0.0 U 0 0 0 br0
When i am starting openfortivpn connection i get this information from DEBUG
INFO: Negotiation complete.
DEBUG: pppd ---> gateway (6 bytes)
local IP address 10.212.134.17
remote IP address 192.0.2.1
DEBUG: Got Address: 10.212.134.17
DEBUG: Interface Name: ppp0
DEBUG: Interface Addr: 79.XXX.XXX.205
DEBUG: Interface Name: ppp1
DEBUG: Interface Addr: 10.212.134.17
INFO: Interface ppp1 is UP.
INFO: Setting new routes...
DEBUG: ip route show to 0.0.0.0/0.0.0.0 dev !ppp1
DEBUG: ip route show to 109.XXX.XXX.186/255.255.255.255 dev ppp1
DEBUG: Route not found.
DEBUG: ip route show to 109.XXX.XXX.186/255.255.255.255 dev !ppp1
DEBUG: Setting route to vpn server...
DEBUG: ip route show to 109.XXX.XXX.186/255.255.255.255 via 10.0.0.1 dev ppp0
DEBUG: ip route add to 109.XXX.XXX.186/255.255.255.255 via 10.0.0.1 dev ppp0
DEBUG: ip route add to 10.237.42.0/255.255.255.0 dev ppp1
DEBUG: ip route add to 10.56.4.0/255.255.255.0 dev ppp1
DEBUG: ip route add to 10.56.5.0/255.255.255.0 dev ppp1
DEBUG: ip route add to 10.141.141.0/255.255.255.0 dev ppp1
INFO: Tunnel is up and running.
after connection, the route table looks like this
root@Router:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 0 0 0 ppp0
10.0.0.1 * 255.255.255.255 UH 0 0 0 ppp0
10.56.4.0 * 255.255.255.0 U 0 0 0 ppp1
10.56.5.0 * 255.255.255.0 U 0 0 0 ppp1
10.141.141.0 * 255.255.255.0 U 0 0 0 ppp1
10.237.42.0 * 255.255.255.0 U 0 0 0 ppp1
109.XXX.XXX.186 10.0.0.1 255.255.255.255 UGH 0 0 0 ppp0
192.0.2.1 * 255.255.255.255 UH 0 0 0 ppp1
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
239.0.0.0 * 255.0.0.0 U 0 0 0 br0
Now i get no reply from pinging an IP from work = 10.56.4.254
root@Router:~$ ping 10.56.4.254
PING 10.56.4.254 (10.56.4.254): 56 data bytes
^C
--- 10.56.4.254 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
but in debug window i see this
DEBUG: pppd ---> gateway (86 bytes)
DEBUG: gateway ---> pppd (86 bytes)
DEBUG: pppd ---> gateway (114 bytes)
DEBUG: pppd ---> gateway (86 bytes)
DEBUG: gateway ---> pppd (86 bytes)
DEBUG: pppd ---> gateway (114 bytes)
DEBUG: pppd ---> gateway (86 bytes)
DEBUG: gateway ---> pppd (86 bytes)
DEBUG: pppd ---> gateway (114 bytes)
DEBUG: pppd ---> gateway (86 bytes)
DEBUG: gateway ---> pppd (86 bytes)
DEBUG: pppd ---> gateway (114 bytes)
DEBUG: pppd ---> gateway (86 bytes)
DEBUG: gateway ---> pppd (86 bytes)
DEBUG: pppd ---> gateway (114 bytes)
DEBUG: pppd ---> gateway (86 bytes)
DEBUG: gateway ---> pppd (86 bytes)
DEBUG: pppd ---> gateway (114 bytes)
if i enter this command
iptables -I INPUT -i ppp1 -j ACCEPT
the reply is starting to work,
root@Router:~$ ping 10.56.4.254
PING 10.56.4.254 (10.56.4.254): 56 data bytes
64 bytes from 10.56.4.254: icmp_seq=0 ttl=255 time=56.7 ms
64 bytes from 10.56.4.254: icmp_seq=1 ttl=255 time=56.3 ms
^C
--- 10.56.4.254 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 56.3/56.5/56.7 ms
but i can not use telnet
root@Router:~$ telnet 10.56.4.254 8443
telnet: cannot connect to remote host (10.56.4.254): Connection refused
if i enter
iptables -I OUTPUT -o ppp1 -j ACCEPT
then telnet is working
root@Router:~$ telnet 10.56.4.254 8443
Connection closed by foreign host.
And from the router i can connect to telnet and work .
i found about tcpdump . I run it on router, tcpdump -i ppp1
After i start openfortivpn interface =ppp1 and ip = 10.212.134.17 , i try a ping 10.56.4.21 from router
20:33:07.375390 IP 10.212.134.17 > 10.56.4.21: ICMP echo request, id 39201, seq 0, length 64
20:33:07.440994 IP 10.56.4.21 > 10.212.134.17: ICMP echo reply, id 39201, seq 0, length 64
20:33:07.441057 IP 10.212.134.17 > 10.56.4.21: ICMP 10.212.134.17 protocol 1 port 34855 unreachable, length 92
20:33:08.375889 IP 10.212.134.17 > 10.56.4.21: ICMP echo request, id 39201, seq 1, length 64
20:33:08.440401 IP 10.56.4.21 > 10.212.134.17: ICMP echo reply, id 39201, seq 1, length 64
20:33:08.440463 IP 10.212.134.17 > 10.56.4.21: ICMP 10.212.134.17 protocol 1 port 2353 unreachable, length 92
i run
iptables -I INPUT -i ppp1 -j ACCEPT
iptables -I OUTPUT -o ppp1 -j ACCEPT
and again ping 10.56.4.21 and i get reply :
20:34:55.709754 IP 10.212.134.17 > 10.56.4.21: ICMP echo request, id 15139, seq 0, length 64
20:34:55.775421 IP 10.56.4.21 > 10.212.134.17: ICMP echo reply, id 15139, seq 0, length 64
20:34:56.710254 IP 10.212.134.17 > 10.56.4.21: ICMP echo request, id 15139, seq 1, length 64
20:34:56.775015 IP 10.56.4.21 > 10.212.134.17: ICMP echo reply, id 15139, seq 1, length 64
Now i try a ping 10.56.4.21 from LAN laptop=192.168.2.51 and no reply
20:36:39.149710 IP 192.168.2.51 > 10.56.4.21: ICMP echo request, id 1, seq 13940, length 40
20:36:44.094915 IP 192.168.2.51 > 10.56.4.21: ICMP echo request, id 1, seq 13946, length 40
i run this on router
iptables -t nat -A POSTROUTING -o ppp1 -j MASQUERADE
to change the original packets from LAN source 192.168.2.51 to ppp1 interface ip = 10.212.134.17
and again a ping 10.56.4.21 from laptop 192.168.2.51 , the result is
20:39:00.605630 IP 10.212.134.17 > 10.56.4.21: ICMP echo request, id 1, seq 14086, length 40
20:39:00.670422 IP 10.56.4.21 > 10.212.134.17: ICMP echo reply, id 1, seq 14086, length 40
20:39:00.670516 IP 10.212.134.17 > 10.56.4.21: ICMP 10.212.134.17 protocol 1 port 7765 unreachable, length 68
20:39:05.609004 IP 10.212.134.17 > 10.56.4.21: ICMP echo request, id 1, seq 14092, length 40
20:39:05.674484 IP 10.56.4.21 > 10.212.134.17: ICMP echo reply, id 1, seq 14092, length 40
20:39:05.674546 IP 10.212.134.17 > 10.56.4.21: ICMP 10.212.134.17 protocol 1 port 7759 unreachable, length 68
i see i send a ping to 10.56.4.21 and is replying back to 10.212.134.17 , but on the 3rd line i get this
20:39:00.670516 IP 10.212.134.17 > 10.56.4.21: ICMP 10.212.134.17 protocol 1 port 7765 unreachable, length 68
how can i instruct the router to direct the reply back to my lan laptop 192.168.2.51 which is the source of the ping ?
If you need other informations, i can provide .
Can you help me with some hints or a solution ?
Thank you
I hope here i can find some pointers or a solution.
From home i have to connect to work via VPN, i have Fortinet VPN. In present time i connect from my laptop , win 10 with Forticlient.
From the router i can connect to my VPN at work , and connect to my server on telnet, but how can i share that connection to my LAN machines ?
I have a netgear R7800 router with voxel Firmware Version V1.0.2.83SF and with OPKG i installed openfortivpn - 1.15.0-1 .
root@Router:~$ uname -a
Linux Router 3.4.103 #1 SMP Fri Mar 12 13:53:38 UTC 2021 armv7l IPQ8065
I configure on my router openfortivpn with IP , port , username & password and is connecting to VPN server at work , creating a new interface PPP1.
Before i connect this is my route in the router
root@Router:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 0 0 0 ppp0
10.0.0.1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
239.0.0.0 * 255.0.0.0 U 0 0 0 br0
When i am starting openfortivpn connection i get this information from DEBUG
INFO: Negotiation complete.
DEBUG: pppd ---> gateway (6 bytes)
local IP address 10.212.134.17
remote IP address 192.0.2.1
DEBUG: Got Address: 10.212.134.17
DEBUG: Interface Name: ppp0
DEBUG: Interface Addr: 79.XXX.XXX.205
DEBUG: Interface Name: ppp1
DEBUG: Interface Addr: 10.212.134.17
INFO: Interface ppp1 is UP.
INFO: Setting new routes...
DEBUG: ip route show to 0.0.0.0/0.0.0.0 dev !ppp1
DEBUG: ip route show to 109.XXX.XXX.186/255.255.255.255 dev ppp1
DEBUG: Route not found.
DEBUG: ip route show to 109.XXX.XXX.186/255.255.255.255 dev !ppp1
DEBUG: Setting route to vpn server...
DEBUG: ip route show to 109.XXX.XXX.186/255.255.255.255 via 10.0.0.1 dev ppp0
DEBUG: ip route add to 109.XXX.XXX.186/255.255.255.255 via 10.0.0.1 dev ppp0
DEBUG: ip route add to 10.237.42.0/255.255.255.0 dev ppp1
DEBUG: ip route add to 10.56.4.0/255.255.255.0 dev ppp1
DEBUG: ip route add to 10.56.5.0/255.255.255.0 dev ppp1
DEBUG: ip route add to 10.141.141.0/255.255.255.0 dev ppp1
INFO: Tunnel is up and running.
after connection, the route table looks like this
root@Router:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 0 0 0 ppp0
10.0.0.1 * 255.255.255.255 UH 0 0 0 ppp0
10.56.4.0 * 255.255.255.0 U 0 0 0 ppp1
10.56.5.0 * 255.255.255.0 U 0 0 0 ppp1
10.141.141.0 * 255.255.255.0 U 0 0 0 ppp1
10.237.42.0 * 255.255.255.0 U 0 0 0 ppp1
109.XXX.XXX.186 10.0.0.1 255.255.255.255 UGH 0 0 0 ppp0
192.0.2.1 * 255.255.255.255 UH 0 0 0 ppp1
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
239.0.0.0 * 255.0.0.0 U 0 0 0 br0
Now i get no reply from pinging an IP from work = 10.56.4.254
root@Router:~$ ping 10.56.4.254
PING 10.56.4.254 (10.56.4.254): 56 data bytes
^C
--- 10.56.4.254 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
but in debug window i see this
DEBUG: pppd ---> gateway (86 bytes)
DEBUG: gateway ---> pppd (86 bytes)
DEBUG: pppd ---> gateway (114 bytes)
DEBUG: pppd ---> gateway (86 bytes)
DEBUG: gateway ---> pppd (86 bytes)
DEBUG: pppd ---> gateway (114 bytes)
DEBUG: pppd ---> gateway (86 bytes)
DEBUG: gateway ---> pppd (86 bytes)
DEBUG: pppd ---> gateway (114 bytes)
DEBUG: pppd ---> gateway (86 bytes)
DEBUG: gateway ---> pppd (86 bytes)
DEBUG: pppd ---> gateway (114 bytes)
DEBUG: pppd ---> gateway (86 bytes)
DEBUG: gateway ---> pppd (86 bytes)
DEBUG: pppd ---> gateway (114 bytes)
DEBUG: pppd ---> gateway (86 bytes)
DEBUG: gateway ---> pppd (86 bytes)
DEBUG: pppd ---> gateway (114 bytes)
if i enter this command
iptables -I INPUT -i ppp1 -j ACCEPT
the reply is starting to work,
root@Router:~$ ping 10.56.4.254
PING 10.56.4.254 (10.56.4.254): 56 data bytes
64 bytes from 10.56.4.254: icmp_seq=0 ttl=255 time=56.7 ms
64 bytes from 10.56.4.254: icmp_seq=1 ttl=255 time=56.3 ms
^C
--- 10.56.4.254 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 56.3/56.5/56.7 ms
but i can not use telnet
root@Router:~$ telnet 10.56.4.254 8443
telnet: cannot connect to remote host (10.56.4.254): Connection refused
if i enter
iptables -I OUTPUT -o ppp1 -j ACCEPT
then telnet is working
root@Router:~$ telnet 10.56.4.254 8443
Connection closed by foreign host.
And from the router i can connect to telnet and work .
i found about tcpdump . I run it on router, tcpdump -i ppp1
After i start openfortivpn interface =ppp1 and ip = 10.212.134.17 , i try a ping 10.56.4.21 from router
20:33:07.375390 IP 10.212.134.17 > 10.56.4.21: ICMP echo request, id 39201, seq 0, length 64
20:33:07.440994 IP 10.56.4.21 > 10.212.134.17: ICMP echo reply, id 39201, seq 0, length 64
20:33:07.441057 IP 10.212.134.17 > 10.56.4.21: ICMP 10.212.134.17 protocol 1 port 34855 unreachable, length 92
20:33:08.375889 IP 10.212.134.17 > 10.56.4.21: ICMP echo request, id 39201, seq 1, length 64
20:33:08.440401 IP 10.56.4.21 > 10.212.134.17: ICMP echo reply, id 39201, seq 1, length 64
20:33:08.440463 IP 10.212.134.17 > 10.56.4.21: ICMP 10.212.134.17 protocol 1 port 2353 unreachable, length 92
i run
iptables -I INPUT -i ppp1 -j ACCEPT
iptables -I OUTPUT -o ppp1 -j ACCEPT
and again ping 10.56.4.21 and i get reply :
20:34:55.709754 IP 10.212.134.17 > 10.56.4.21: ICMP echo request, id 15139, seq 0, length 64
20:34:55.775421 IP 10.56.4.21 > 10.212.134.17: ICMP echo reply, id 15139, seq 0, length 64
20:34:56.710254 IP 10.212.134.17 > 10.56.4.21: ICMP echo request, id 15139, seq 1, length 64
20:34:56.775015 IP 10.56.4.21 > 10.212.134.17: ICMP echo reply, id 15139, seq 1, length 64
Now i try a ping 10.56.4.21 from LAN laptop=192.168.2.51 and no reply
20:36:39.149710 IP 192.168.2.51 > 10.56.4.21: ICMP echo request, id 1, seq 13940, length 40
20:36:44.094915 IP 192.168.2.51 > 10.56.4.21: ICMP echo request, id 1, seq 13946, length 40
i run this on router
iptables -t nat -A POSTROUTING -o ppp1 -j MASQUERADE
to change the original packets from LAN source 192.168.2.51 to ppp1 interface ip = 10.212.134.17
and again a ping 10.56.4.21 from laptop 192.168.2.51 , the result is
20:39:00.605630 IP 10.212.134.17 > 10.56.4.21: ICMP echo request, id 1, seq 14086, length 40
20:39:00.670422 IP 10.56.4.21 > 10.212.134.17: ICMP echo reply, id 1, seq 14086, length 40
20:39:00.670516 IP 10.212.134.17 > 10.56.4.21: ICMP 10.212.134.17 protocol 1 port 7765 unreachable, length 68
20:39:05.609004 IP 10.212.134.17 > 10.56.4.21: ICMP echo request, id 1, seq 14092, length 40
20:39:05.674484 IP 10.56.4.21 > 10.212.134.17: ICMP echo reply, id 1, seq 14092, length 40
20:39:05.674546 IP 10.212.134.17 > 10.56.4.21: ICMP 10.212.134.17 protocol 1 port 7759 unreachable, length 68
i see i send a ping to 10.56.4.21 and is replying back to 10.212.134.17 , but on the 3rd line i get this
20:39:00.670516 IP 10.212.134.17 > 10.56.4.21: ICMP 10.212.134.17 protocol 1 port 7765 unreachable, length 68
how can i instruct the router to direct the reply back to my lan laptop 192.168.2.51 which is the source of the ping ?
If you need other informations, i can provide .
Can you help me with some hints or a solution ?
Thank you