Hello,
I am trying to setup a vpn from my chromebook to an openbsd machine at
home. Currently, I am able to establish a connection and access my
home network.
The issue is that I can't initiate any new connection after a few
minutes. Trying to ping any machine on the home network will fail but
already established SSH session still work perfectly.
I would like any pointer on what is happening, what am I doing wrong
or how to find out anything which could help me understand.
Thanks a lot
Here is the config from the machine at home. I redacted password and
psk. home.jellycopter.net is the hostname of the machine
cat /var/run/dmesg.boot
OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4179034112 (3985MB)
avail mem = 4047908864 (3860MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebec0 (46 entries)
bios0: vendor Intel Corp. version "FYBYT10H.86A.0052.2015.0923.1845"
date 09/23/2015
bios0:
\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\
M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?
\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\
M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG LPIT HPET SSDT SSDT SSDT UEFI
acpi0: wakeup devices UAR5(S4) UAR8(S4) PS2K(S3) PS2M(S3) XHC1(S4)
EHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) PWRB(S0) BRCM(S0)
BRC3(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU N2830 @ 2.16GHz, 2167.16 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,
LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 83MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU N2830 @ 2.16GHz, 2166.67 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,
LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 87 pins
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (RP01)
acpiprt2 at acpi0: bus 2 (RP02)
acpiprt3 at acpi0: bus 3 (RP03)
acpiprt4 at acpi0: bus 4 (RP04)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C1(1000@1 mwait.1)
acpicpu1 at acpi0: C1(1000@1 mwait.1)
acpipwrres0 at acpi0: PLPE
acpipwrres1 at acpi0: PLPE
acpipwrres2 at acpi0: USBC, resource for EHC1, OTG1
acpipwrres3 at acpi0: CLK0, resource for CAM1
acpipwrres4 at acpi0: CLK1, resource for CAM0, CAM2
"INT3396" at acpi0 not configured
"ITE8713" at acpi0 not configured
"DMA0F28" at acpi0 not configured
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: LID0
"BCM2E1A" at acpi0 not configured
"BCM4752" at acpi0 not configured
"INTCF0B" at acpi0 not configured
"INTCF1A" at acpi0 not configured
"INTCF1C" at acpi0 not configured
"SMO91D0" at acpi0 not configured
"ATML1000" at acpi0 not configured
"ATML2000" at acpi0 not configured
"INT33BD" at acpi0 not configured
acpivideo0 at acpi0: GFX0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Bay Trail Host" rev 0x0e
inteldrm0 at pci0 dev 2 function 0 "Intel Bay Trail Video" rev 0x0e
drm0 at inteldrm0
inteldrm0: msi
inteldrm0: 1024x768
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
ahci0 at pci0 dev 19 function 0 "Intel Bay Trail AHCI" rev 0x0e: msi, AHCI
1.3
ahci0: port 0: 3.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: <ATA, ST1000LM024 HN-M, 2BA3> SCSI3
0/direct fixed naa.50004cf20e0f34d9
sd0: 953869MB, 512 bytes/sector, 1953525168 sectors
xhci0 at pci0 dev 20 function 0 "Intel Bay Trail xHCI" rev 0x0e: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel Bay Trail HD Audio" rev 0x0e: msi
azalia0: codecs: Realtek/0x0283, Intel/0x2882, using Realtek/0x0283
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel Bay Trail I2C" rev 0x0e: msi
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 "Intel Bay Trail PCIE" rev 0x0e: msi
pci2 at ppb1 bus 2
iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless AC 7260" rev 0x73,
msi
ppb2 at pci0 dev 28 function 2 "Intel Bay Trail PCIE" rev 0x0e: msi
pci3 at ppb2 bus 3
re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x0c: RTL8168G/8111G
(0x4c00), msi, address c0:3f:d5:6c:ab:2b
rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0
ppb3 at pci0 dev 28 function 3 "Intel Bay Trail PCIE" rev 0x0e: msi
pci4 at ppb3 bus 4
pcib0 at pci0 dev 31 function 0 "Intel Bay Trail LPC" rev 0x0e
ichiic0 at pci0 dev 31 function 3 "Intel Bay Trail SMBus" rev 0x0e:
apic 1 int 18
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-12800 SO-DIMM
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
uvideo0 at uhub0 port 2 configuration 1 interface 0 "Etron Technology,
Inc. USB2.0 Camera" rev 2.00/1.01 addr 2
video0 at uvideo0
ugen0 at uhub0 port 4 "Intel product 0x07dc" rev 2.00/0.01 addr 3
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (bb7002c21395ca92.a) swap on sd0b dump on sd0b
iwm0: hw rev 0x140, fw ver 16.242414.0, address a0:a8:cd:cc:72:2a
cat /etc/npppd/npppd.conf
# $OpenBSD: npppd.conf,v 1.2 2014/03/22 04:32:39 yasuoka Exp $
# sample npppd configuration file. see npppd.conf(5)
tunnel L2TP protocol l2tp {
listen on 0.0.0.0
listen on ::
l2tp-ctrl-in-pktdump yes
}
authentication LOCAL type local {
users-file "/etc/npppd/npppd-users"
}
ipcp IPCP {
pool-address 10.0.0.2-10.0.0.254
dns-servers 8.8.8.8
}
# use pppx(4) interface. use an interface per a ppp session.
interface pppx0 address 10.0.0.1 ipcp IPCP
bind tunnel from L2TP authenticated by LOCAL to pppx0
cat /etc/npppd/npppd-users
gkr:\
:password=aaaaaa:
cat /etc/ipsec.conf
router = "192.168.31.1" # ip of the gateway on the home network
# ike dynamic esp tunnel \
from home.jellycopter.net to any \
aggressive auth "hmac-sha2-256" group "modp1024" \
psk "bbbbbb"
ike dynamic esp tunnel \
from home.jellycopter.net to any \
aggressive auth "hmac-sha1" group "modp2048" \
psk "bbbbbb" tag "whitney"
cat /etc/pf.conf
# $OpenBSD: pf.conf,v 1.54 2014/08/23 05:49:42 deraadt Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
ext_if = "re0"
vpn_net = "10.0.0.0/24"
set skip on lo
block return # block stateless traffic
pass # establish keep-state
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
pass in proto tcp to self port smtp
# vpn
pass in on $ext_if proto esp
pass in on $ext_if proto udp to port { isakmp, ipsec-nat-t }
# pass in on enc0 keep state (if-bound)
# vpn to internet
match out from $vpn_net to any nat-to ($ext_if)
--
Cordialement, Coues Ludovic
+336 148 743 42
