Re: [Openvpn-users] Issue getting to LAN behind VPN Server

On 1/12/2016 4:42 AM, Gert Doering wrote: > Hi, > > On Tue, Jan 12, 2016 at 01:41:09PM +0100, David Sommerseth wrote: >>> In the FORWARD chain, the easiest approach - and reasonably secure, >>> unless you distrust your VPN clients - is to permit everything >>> coming in via tun0 >>> >>> iptables

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

Hi, On Tue, Jan 12, 2016 at 01:41:09PM +0100, David Sommerseth wrote: > > In the FORWARD chain, the easiest approach - and reasonably secure, > > unless you distrust your VPN clients - is to permit everything > > coming in via tun0 > > > > iptables -I INPUT -i tun0 -j FORWARD > > > > (or similar

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/01/16 08:50, Gert Doering wrote: > Hi, > > On Mon, Jan 11, 2016 at 01:06:18PM -0800, Jeff Boyce wrote: >> Now, I don't want to leave my firewall with a default Accept All >> setting on the forwarding chain, so I need to identify a rule >> specif

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

Hi, Ok, this getting away from OpenVPN so just this one reply. > One small remark below: > > > >> # Set policies >> $IPTABLES -P INPUT DROP >> $IPTABLES -P FORWARD DROP >> $IPTABLES -P OUTPUT ACCEPT >> > > > Why would you allow unrestricted outgoing traffic? > I would suggest to set also tha

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

Hi Jeff, Jeff Boyce wrote: > Thanks for the pointers. I am doing some research now reading through > the iptables man page and reading other examples. I recommend this howto: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html It was written for Linux 2.4, but all the ip

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

One small remark below: -Original Message- From: Bonno Bloksma [mailto:b.blok...@tio.nl] Sent: dinsdag 12 januari 2016 8:33 To: openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] Issue getting to LAN behind VPN Server # Set policies $IPTABLES -P INPUT DROP $IPTABLES -P

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

Hi, On Mon, Jan 11, 2016 at 01:06:18PM -0800, Jeff Boyce wrote: > Now, I don't want to leave my firewall with a default Accept All setting > on the forwarding chain, so I need to identify a rule specific to the > packet type / traffic that I want to allow. I am little less > knowledgeable on f

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

Hi, [...] >>> If someone can point me in the right direction to create a specific >>> firewall rule for the forward chain I would be grateful. My thoughts [...] >>> >> If you want to allow all traffic to and from the tun network(s) to be >> forwarded then add something like >> >> iptables -

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

On 1/11/2016 1:49 PM, Jan Just Keijser wrote: > Hi Jeff, > > On 11/01/16 22:06, Jeff Boyce wrote: >> My additional diagnostic testing results are at the bottom. >> > my comments are also at the bottom ;) > >> On 1/6/2016 11:38 AM, Morten Christensen wrote: >>> Den 05-01-2016 kl. 19:34 skrev Jeff

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

Hi Jeff, On 11/01/16 22:06, Jeff Boyce wrote: > My additional diagnostic testing results are at the bottom. > my comments are also at the bottom ;) > On 1/6/2016 11:38 AM, Morten Christensen wrote: >> Den 05-01-2016 kl. 19:34 skrev Jeff Boyce: >>> Greetings - >>> >>> I have a detailed description

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

My additional diagnostic testing results are at the bottom. On 1/6/2016 11:38 AM, Morten Christensen wrote: > > Den 05-01-2016 kl. 19:34 skrev Jeff Boyce: >> Greetings - >> >> I have a detailed description of my issue posted over on the Forum, but >> am not getting any responses. >> >> My issue d

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

-0800 > > From: jbo...@meridianenv.com > > To: openvpn-users@lists.sourceforge.net > > Subject: Re: [Openvpn-users] Issue getting to LAN behind VPN Server > > > > > > > > On 1/6/2016 11:38 AM, Morten Christensen wrote: > > > > > > Den 05-01-2016

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

2:04:19 -0800 > From: jbo...@meridianenv.com > To: openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] Issue getting to LAN behind VPN Server > > > > On 1/6/2016

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

On 1/6/2016 11:38 AM, Morten Christensen wrote: > > Den 05-01-2016 kl. 19:34 skrev Jeff Boyce: >> Greetings - >> >> I have a detailed description of my issue posted over on the Forum, but >> am not getting any responses. >> >> My issue description is posted at >> https://forums.openvpn.net/topic2

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

Den 06-01-2016 kl. 10:31 skrev j.witvl...@mindef.nl: > Hi Jeff, > > When I was reading your message. Two possibilities came up: > a) smaller subnets take precedence over larger subnets, which can cause all > sorts of undesirable effects when you have overlapping networks (though not > appropriat

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

Den 05-01-2016 kl. 19:34 skrev Jeff Boyce: > Greetings - > > I have a detailed description of my issue posted over on the Forum, but > am not getting any responses. > > My issue description is posted at > https://forums.openvpn.net/topic20369.html. > > I believe that my problem is a routing issue,

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

Thanks for the review and comments. My notes interspersed below. On 1/6/2016 1:31 AM, j.witvl...@mindef.nl wrote: > Hi Jeff, > > When I was reading your message. Two possibilities came up: > a) smaller subnets take precedence over larger subnets, which can cause all > sorts of undesirable effect

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

On 1/5/2016 8:28 PM, Selva Nair wrote: On Tue, Jan 5, 2016 at 1:34 PM, Jeff Boyce wrote: My issue description is posted at https://forums.openvpn.net/to

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

Thanks for taking the time to review this. I know there is a lot of information, and that puts off a lot of people, but I find it helps most people understand the issue and see that I have done my homework. Additional comments in-line below. On 1/5/2016 3:24 PM, debbie...@gmail.com wrote: >

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

ridianenv.com] Sent: dinsdag 5 januari 2016 19:35 To: openvpn-users@lists.sourceforge.net Subject: [Openvpn-users] Issue getting to LAN behind VPN Server Greetings - I have a detailed description of my issue posted over on the Forum, but am not getting any responses. A few reads over the course of s

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

On Tue, Jan 5, 2016 at 1:34 PM, Jeff Boyce wrote: > > My issue description is posted at > https://forums.openvpn.net/topic20369.html. > > I believe that my problem is a routing issue, but I have exhausted my > avenues of research and knowledge. The configs and routes on server & router look fin

Re: [Openvpn-users] Issue getting to LAN behind VPN Server

ly you would prefer to add the logs of a connection which *does not work* as expected .. first ;) Enjoy the journey .. the destination maybe disappointing ;) - Original Message - From: "Jeff Boyce" To: Sent: Tuesday, January 05, 2016 6:34 PM Subject: [Openvpn-users] Issue g

[Openvpn-users] Issue getting to LAN behind VPN Server

Greetings - I have a detailed description of my issue posted over on the Forum, but am not getting any responses. A few reads over the course of several weeks, but no responses. I posted it to the Forum after someone on the list here suggested the Forum might be a better place for assistance.