↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
Who | What | When |
---|---|---|
*** | Guest37536 is now known as easymac
easymac is now known as Guest42801 | [00:54] |
......... (idle for 40mn) | ||
joepie91_ is now known as joepie91
joepie91 has quit IRC (Changing host) joepie91 has joined #arpnetworks | [01:35] | |
..... (idle for 20mn) | ||
Guest42801 is now known as easymac
easymac is now known as Guest41122 | [01:55] | |
............. (idle for 1h1mn) | ||
Guest41122 is now known as easymac
easymac is now known as Guest34786 | [02:56] | |
............. (idle for 1h0mn) | ||
Guest34786 is now known as easymac
easymac is now known as Guest13705 | [03:56] | |
............. (idle for 1h0mn) | ||
Guest13705 is now known as easymac
easymac is now known as Guest25195 | [04:57] | |
.......... (idle for 46mn) | ||
Guest25195 has quit IRC (Quit: leaving) | [05:44] | |
............ (idle for 58mn) | ||
qbit_ is now known as qbit | [06:42] | |
..... (idle for 23mn) | ||
avj has joined #arpnetworks | [07:05] | |
........ (idle for 37mn) | ||
easymac has joined #arpnetworks
easymac has quit IRC (Changing host) easymac has joined #arpnetworks | [07:42] | |
................................... (idle for 2h50mn) | ||
Guest13550 is now known as pjs | [10:32] | |
................................ (idle for 2h39mn) | ||
robonerd has quit IRC (Ping timeout: 252 seconds)
robonerd has joined #arpnetworks robonerd has quit IRC (Changing host) robonerd has joined #arpnetworks | [13:11] | |
....... (idle for 33mn) | ||
sjackso has joined #arpnetworks | [13:48] | |
treshoem has joined #arpnetworks | [13:55] | |
mnathani | Has anyone tried portforwarding an external ip on an openvpn server over to an internal ip/port on an openvpn client? I am curious how this would be accomplished.
I have tried a couple of different NAT / Iptables configs but no luck as yet | [13:58] |
brycec | Interesting. No I haven't. I would imagine that it's no different than other routing/natting. However I know that OpenVPN itself has some primitive firewalling (preventing clients from connecting to one another, unless configured to allow it) | [14:01] |
mnathani | I came across some blog posts referring to an OpenVPN packet filter
but could not find documentation on how to disable / configure it | [14:02] |
toddf | mnathani: you would have to (in pf syntax, presuming em0 and tun0) do something akin to .. 'pass in on em0 to (em0) port 1234 rdr-to 10.9.0.2' then 'nat out on tun0 from !(tun0) to (tun0:network)'
wow I mixed old and new syntax the 2nd should be 'pass out on tun0 from !(tun0) to (tun0:network) nat-to (tun0) ' bottom line is | [14:03] |
mnathani | those pf rules would need to be translated / converted to Iptables syntax on Centos 6? | [14:04] |
toddf | remote side of openvpn expects to see your ip / subnet and nothing more unless they are told to route to it. and I doubt you want the remote end to route to 0.0.0.0/0 through your end so translate your end of the openvpn tunnel to what the remote end is expecting to see and use rdr as needed to direct inbound packets on other interfaces across the openvpn tunnel
mnathani: I have no experience in Centos 6, but since it does iptables you'd need similar concepts, which I'd be surprised if it can't do | [14:05] |
mnathani | I dont really mind if all 0.0.0.0/0 gets routed through the openvpn server
Its more of an experiment to see if I can connect to the openvpn client which is behind a firewall I do not have control over hence the need to use the vpn to allow inbound access | [14:06] |
toddf | consider what 0.0.0.0/0 means. ensure you have a static route to the openvpn server. its a matter of understanding how networking and firewalls work, nothing more. it is doable. | [14:08] |
mnathani | nmap output: 3389/tcp filtered ms-term-serv
what does the filtered refer to? and how is it different from closed | [14:16] |
toddf | filtered indicates to me it has a firewall blocking it vs returning icmp unreach
if you check nmap while running a tcpdump to watch: ( 192.168.0.112 and tcp port 3389 ) or icmp you might see more clearly what this means | [14:21] |
mnathani | I got it working
my nat rule was too broad | [14:24] |
toddf | woot | [14:24] |
m0unds | right on | [14:24] |
mnathani | I spent hours on it last night
here is the nat rule now: iptables -t nat -A POSTROUTING -s 10.8.1.6/32 -j SNAT --to A.B.C.D where A.B.C.D is my vpn server ip previously it was 10.0.0.0/8 | [14:24] |
.... (idle for 19mn) | ||
*** | gcw|mbpro has joined #arpnetworks | [14:44] |
guillaum has joined #arpnetworks | [14:58] | |
............ (idle for 56mn) | ||
kevr has quit IRC (Changing host)
kevr has joined #arpnetworks | [15:54] | |
kevr | ;) | [15:56] |
staticsafe | hi kevr | [15:57] |
kevr | hello. | [15:58] |
............ (idle for 57mn) | ||
*** | gcw|mini1 has joined #arpnetworks
gcw|mini1 has quit IRC (Client Quit) gcw|mbpro has quit IRC (Ping timeout: 240 seconds) | [16:55] |
............................ (idle for 2h19mn) | ||
CaZe | ~ | [19:17] |
brycec | ! | [19:18] |
m0unds | `;->~ | [19:29] |
....................................... (idle for 3h13mn) | ||
*** | toddf has quit IRC (Quit: leaving)
toddf has joined #arpnetworks ChanServ sets mode: +o toddf | [22:42] |
.............. (idle for 1h8mn) | ||
mnathani | can OpenVPN be used to provide IPv6 connectivity to an IPv4 only client (Server would be dual stacked ofcourse) | [23:50] |
↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |