***: easymac is now known as Guest42801
joepie91_ is now known as joepie91
joepie91 has quit IRC (Changing host)
joepie91 has joined #arpnetworks
Guest42801 is now known as easymac
easymac is now known as Guest41122
Guest41122 is now known as easymac
easymac is now known as Guest34786
Guest34786 is now known as easymac
easymac is now known as Guest13705
Guest13705 is now known as easymac
easymac is now known as Guest25195
Guest25195 has quit IRC (Quit: leaving)
qbit_ is now known as qbit
avj has joined #arpnetworks
easymac has joined #arpnetworks
easymac has quit IRC (Changing host)
easymac has joined #arpnetworks
Guest13550 is now known as pjs
robonerd has quit IRC (Ping timeout: 252 seconds)
robonerd has joined #arpnetworks
robonerd has quit IRC (Changing host)
robonerd has joined #arpnetworks
sjackso has joined #arpnetworks
treshoem has joined #arpnetworks
mnathani: Has anyone tried portforwarding an external ip on an openvpn server over to an internal ip/port on an openvpn client? I am curious how this would be accomplished.
I have tried a couple of different NAT / Iptables configs but no luck as yet
brycec: Interesting. No I haven't. I would imagine that it's no different than other routing/natting. However I know that OpenVPN itself has some primitive firewalling (preventing clients from connecting to one another, unless configured to allow it)
mnathani: I came across some blog posts referring to an OpenVPN packet filter
but could not find documentation on how to disable / configure it
toddf: mnathani: you would have to (in pf syntax, presuming em0 and tun0) do something akin to .. 'pass in on em0 to (em0) port 1234 rdr-to 10.9.0.2' then 'nat out on tun0 from !(tun0) to (tun0:network)'
wow I mixed old and new syntax
the 2nd should be
'pass out on tun0 from !(tun0) to (tun0:network) nat-to (tun0)
'
bottom line is
mnathani: those pf rules would need to be translated / converted to Iptables syntax on Centos 6?
toddf: remote side of openvpn expects to see your ip / subnet and nothing more unless they are told to route to it. and I doubt you want the remote end to route to 0.0.0.0/0 through your end so translate your end of the openvpn tunnel to what the remote end is expecting to see and use rdr as needed to direct inbound packets on other interfaces across the openvpn tunnel
mnathani: I have no experience in Centos 6, but since it does iptables you'd need similar concepts, which I'd be surprised if it can't do
mnathani: I dont really mind if all 0.0.0.0/0 gets routed through the openvpn server
Its more of an experiment to see if I can connect to the openvpn client which is behind a firewall I do not have control over
hence the need to use the vpn to allow inbound access
toddf: consider what 0.0.0.0/0 means. ensure you have a static route to the openvpn server. its a matter of understanding how networking and firewalls work, nothing more. it is doable.
mnathani: nmap output: 3389/tcp filtered ms-term-serv
what does the filtered refer to?
and how is it different from closed
toddf: filtered indicates to me it has a firewall blocking it vs returning icmp unreach
if you check nmap while running a tcpdump to watch: ( 192.168.0.112 and tcp port 3389 ) or icmp
you might see more clearly what this means
mnathani: I got it working
my nat rule was too broad
toddf: woot
m0unds: right on
mnathani: I spent hours on it last night
here is the nat rule now:
iptables -t nat -A POSTROUTING -s 10.8.1.6/32 -j SNAT --to A.B.C.D
where A.B.C.D is my vpn server ip
previously it was 10.0.0.0/8
***: gcw|mbpro has joined #arpnetworks
guillaum has joined #arpnetworks
kevr has quit IRC (Changing host)
kevr has joined #arpnetworks
kevr: ;)
staticsafe: hi kevr
kevr: hello.
***: gcw|mini1 has joined #arpnetworks
gcw|mini1 has quit IRC (Client Quit)
gcw|mbpro has quit IRC (Ping timeout: 240 seconds)
CaZe: ~
brycec: !
m0unds: `;->~
***: toddf has quit IRC (Quit: leaving)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
mnathani: can OpenVPN be used to provide IPv6 connectivity to an IPv4 only client (Server would be dual stacked ofcourse)