VPN set up and connected, but not talking

bumpycat · Post by **bumpycat** » Thu Jul 07, 2016 10:01 am

Hi all,

I have set up a Linux VPN server to connect a restricted VLAN to the internet. The Linux server has two NICs, one facing out with the listeners, and one (promiscuous) on the restricted VLAN. I've set up a virtual hub an a local bridge on the promiscuous NIC.

I've connected successfully with a Windows client - the logs show a successful connection and the client is also showing status "Connected". DHCP is enabled on the VPN, but the VPN virtual network adapter is getting an IP of 169.254.x.x.

The problem - I'm not able to connect to anything from the Windows client to the restricted VLAN. I'm testing with SSH and HTTP connections to servers on the VLAN.

Is there some extra routing or configuration I need to do, on the client or on the local bridge connection?

bumpycat · Post by **bumpycat** » Thu Jul 07, 2016 1:35 pm

I didn't have SecureNAT set up - I've enabled SecureNAT and now the clients are getting proper 192.168.30.x addresses.

However, I'm still not able to connect. I've tried a tcpdump on the VPN server to watch packets going to other servers, and it looks like nothing is leaving the VPN server. So there's still something more to fix there.

raafat · Post by **raafat** » Thu Jul 07, 2016 6:36 pm

Hi there!, you said that you've enabled DHCP on VPN, and you said that you've bridged one of the two NICs to your LAN, at this point it's not clear what you are trying to do, because usually, when you bridge a NIC to a LAN then you are supposed to get DHCP from your LAN, but DHCP is enabled on your VPN, please clear up that point. Also, do you connect to the Virtual hub that is bridged to your LAN or to another Virtual hub ?, is there any DHCP server on the LAN that is connected to your Virtual hub through a bridge ?, are servers, that are you are trying to communicate with them, on the same LAN that you bridge to your Virtual hub ?

Good luck

bumpycat · Post by **bumpycat** » Thu Jul 07, 2016 9:37 pm

Hi Rafaat,

Thanks for the reply!

I may be misunderstanding the purpose of the DHCP. My LAN uses static addressing without DHCP. Going from outside in:
Softether VPN client -> external-facing NIC (static IP, non-local IP range) -> virtual hub -> local bridge -> internal-facing NIC (promiscuous) -> internal LAN (static IPs, non-local IP range)

By non-local IP range I mean internet-addressable IPv4 addresses - my organisation has a lot of IPv4 space and I have a /26 for my exclusive use. That's why we don't bother with DHCP. The servers I'm trying to connect to are on this internal LAN

rayban02 · Post by **rayban02** » Mon Aug 08, 2016 4:49 am

"DHCP is enabled on the VPN, but the VPN virtual network adapter is getting an IP of 169.254.x.x."

Hi, maybe this can help you:

https://en.wikipedia.org/wiki/Link-local_address

On my debian I desinstalled the package avahi-autoipd and I did not have no more this problem of 169.254.x.x address.

Post by **thisjun** » Mon Aug 29, 2016 6:20 am

Did you solve your problem??

VPN set up and connected, but not talking

VPN set up and connected, but not talking

Re: VPN set up and connected, but not talking

Re: VPN set up and connected, but not talking

Re: VPN set up and connected, but not talking

Re: VPN set up and connected, but not talking

Re: VPN set up and connected, but not talking