Hello, I am doing something similar to what is happening in this scenario:
http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/
That is, I have set my openvpn client configuration to be "remote localhost port" where port is the port my stunnel client is listening on the same box as my openvpn client.
This seems to work - I get connected to OpenVPN server fine, however, I don't seem to be able to ping the openvpn server by either of it's public or private ip addresses. In fact, it seems like when I do a tcpdump on the stunnel server, I don't see any incoming traffic on port 443. How is it possible that I am getting the VPN connection, but then the rest of the traffic just sort of stops going through stunnel?
My stunnel client service looks like the following:
[openvpn] accept = 127.0.0.1:5150 connect = stunnelserver:443
and my stunnel server looks like:
[ovpnout] cert = mycert.pem accept = 443 connect = openvpn server
Any ideas?
Hi Derek,
Use the Server IP instead of loopback address. I am sure this will work.
accept = 127.0.0.1:5150
Many Thanks!
From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Derek Cole Sent: Wednesday, July 23, 2014 4:19 AM To: stunnel-users@stunnel.org Subject: [stunnel-users] OpenVPN over stunnel
Hello,
I am doing something similar to what is happening in this scenario:
http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/
That is, I have set my openvpn client configuration to be "remote localhost port" where port is the port my stunnel client is listening on the same box as my openvpn client.
This seems to work - I get connected to OpenVPN server fine, however, I don't seem to be able to ping the openvpn server by either of it's public or private ip addresses. In fact, it seems like when I do a tcpdump on the stunnel server, I don't see any incoming traffic on port 443. How is it possible that I am getting the VPN connection, but then the rest of the traffic just sort of stops going through stunnel?
My stunnel client service looks like the following:
[openvpn] accept = 127.0.0.1:5150 connect = stunnelserver:443
and my stunnel server looks like:
[ovpnout] cert = mycert.pem accept = 443 connect = openvpn server
Any ideas?
Disclaimer : This email communication may contain privileged and confidential information and is intended for the use of the addressee only.If you are not an intended recipient you are requested not to reproduce, copy disseminate or in any manner distribute this email communication as the same is strictly prohibited. If you have received this email in error, please notify the sender immediately by return e-mail and delete the communication sent in error. Email communications cannot be guaranteed to be secure & error free and IB Technology is not liable for any errors in the email communication or for the proper, timely and complete transmission thereof.
Hrmm, I tried this, and it didn't immediately solve my problem. I think there is actually a problem here with the openvpn configuration. I have it set to "push redirect-gateway def1" and when that is the case, the openvpn client makes the initial connection (it says), but I can't even ping the openvpn server. When I take out the push redirect-gateway config option, I end up with a connection, and I can ping the openvpn servers tun address, but I don't have any rules to force all traffic over the vpn connection that way.
Any ideas?
On Wed, Jul 23, 2014 at 12:09 AM, Ahin Shaw ahin.shaw@indiabulls.com wrote:
Hi Derek,
Use the Server IP instead of loopback address. I am sure this will work.
accept = 127.0.0.1:5150
Many Thanks!
*From:* stunnel-users [mailto:stunnel-users-bounces@stunnel.org] *On Behalf Of *Derek Cole *Sent:* Wednesday, July 23, 2014 4:19 AM *To:* stunnel-users@stunnel.org *Subject:* [stunnel-users] OpenVPN over stunnel
Hello,
I am doing something similar to what is happening in this scenario:
http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/
That is, I have set my openvpn client configuration to be "remote localhost port" where port is the port my stunnel client is listening on the same box as my openvpn client.
This seems to work - I get connected to OpenVPN server fine, however, I don't seem to be able to ping the openvpn server by either of it's public or private ip addresses. In fact, it seems like when I do a tcpdump on the stunnel server, I don't see any incoming traffic on port 443. How is it possible that I am getting the VPN connection, but then the rest of the traffic just sort of stops going through stunnel?
My stunnel client service looks like the following:
[openvpn] accept = 127.0.0.1:5150 connect = stunnelserver:443
and my stunnel server looks like:
[ovpnout] cert = mycert.pem accept = 443 connect = openvpn server
Any ideas?
Disclaimer : This email communication may contain privileged and confidential information and is intended for the use of the addressee only.If you are not an intended recipient you are requested not to reproduce, copy disseminate or in any manner distribute this email communication as the same is strictly prohibited. If you have received this email in error, please notify the sender immediately by return e-mail and delete the communication sent in error. Email communications cannot be guaranteed to be secure & error free and IB Technology is not liable for any errors in the email communication or for the proper, timely and complete transmission thereof.
I've done some more digging on this. The problem was initially that I needed to add a route for stunnel itelf to get to the stunnel server. With that gateway directive, traffic as getting to the VPN route first, so the stunnel client was losing it's connection. I'm not real sure what the solution is here. It would be nice to have openvpn tell it to exclude routes I guess, but that seems clunky On Jul 23, 2014 2:09 PM, "Derek Cole" derek.cole@gmail.com wrote:
Hrmm, I tried this, and it didn't immediately solve my problem. I think there is actually a problem here with the openvpn configuration. I have it set to "push redirect-gateway def1" and when that is the case, the openvpn client makes the initial connection (it says), but I can't even ping the openvpn server. When I take out the push redirect-gateway config option, I end up with a connection, and I can ping the openvpn servers tun address, but I don't have any rules to force all traffic over the vpn connection that way.
Any ideas?
On Wed, Jul 23, 2014 at 12:09 AM, Ahin Shaw ahin.shaw@indiabulls.com wrote:
Hi Derek,
Use the Server IP instead of loopback address. I am sure this will work.
accept = 127.0.0.1:5150
Many Thanks!
*From:* stunnel-users [mailto:stunnel-users-bounces@stunnel.org] *On Behalf Of *Derek Cole *Sent:* Wednesday, July 23, 2014 4:19 AM *To:* stunnel-users@stunnel.org *Subject:* [stunnel-users] OpenVPN over stunnel
Hello,
I am doing something similar to what is happening in this scenario:
http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/
That is, I have set my openvpn client configuration to be "remote localhost port" where port is the port my stunnel client is listening on the same box as my openvpn client.
This seems to work - I get connected to OpenVPN server fine, however, I don't seem to be able to ping the openvpn server by either of it's public or private ip addresses. In fact, it seems like when I do a tcpdump on the stunnel server, I don't see any incoming traffic on port 443. How is it possible that I am getting the VPN connection, but then the rest of the traffic just sort of stops going through stunnel?
My stunnel client service looks like the following:
[openvpn] accept = 127.0.0.1:5150 connect = stunnelserver:443
and my stunnel server looks like:
[ovpnout] cert = mycert.pem accept = 443 connect = openvpn server
Any ideas?
Disclaimer : This email communication may contain privileged and confidential information and is intended for the use of the addressee only.If you are not an intended recipient you are requested not to reproduce, copy disseminate or in any manner distribute this email communication as the same is strictly prohibited. If you have received this email in error, please notify the sender immediately by return e-mail and delete the communication sent in error. Email communications cannot be guaranteed to be secure & error free and IB Technology is not liable for any errors in the email communication or for the proper, timely and complete transmission thereof.