著者: onefang 日付: To: dng 題目: Re: [DNG] OpenVPN - routing things TO the OpenVPN server.
On 2023-10-08 10:00:32, marc wrote: > > At the moment anything going to any other server goes through the VPN,
> > but not stuff directly to the server.
>
> Right - so I imagine that means you have a default route on
> the client which goes out on the vpn interface to your server.
>
> Use "/sbin/route -n" to check that - look for the line with a "G" in
> its flags, and a interface device name which matches the vpn. If that
> isn't the case maybe posting the output here could help us understand things
> better.
>
> To get to the server via the encrypted link, find the IP which
> appears in the gateway column of the line mentioned above - it
> should be on the same subnet as your outgoing vpn (so encrypted)
> ip of your client, and use that. That IP should also be
> discoverable on the server if you go ifconfig there and look
> for the vpn interface.
>
> TL;DR: Use the VPN ip of the server, not its normal one. Edit
> /etc/hosts on the client, if you'd like to use a name.
Adding the domain names to /etc/hosts file for the problematic services
and the VPN IP seems to have done the trick after quick tests. Much
simpler than Ralph's suggestion, and I was aiming for simple instead of
"make the networking even more complex" coz one of the problems might be
the existing complexity.
The long term problem has been with my house move, and the Internet
supplied for free with the new house. It was so crap that I just paid
for my own. So I basically replaced their 4G LTE SIM with one I already
had, and bought a new router to plug it into. With some work that fixed
all but one problem.
I have been messing with things for weeks trying to solve the various
problems. Basically the solution for most was "switch to the better ISP
I was already using for my dumb and smart phones". Now my smart phone is
without a SIM, but I can use the WiFi in my new router, coz I rarely take
it anywhere.
The one remaining problem is that every 24 hours, one minute, and zero
seconds the 4G LTE connection resets. It's either the ISP or the router.
I have tried turning off the router's automatic reset, and also tried
turning it off and on again. The 24 hours, one minute, zero seconds is
from when I turned it on last, I tried turning it off and on again at a
different time to test that. This means it takes 24 hours, one minute,
and zero seconds to find out if my latest tweak made any difference, then
make the next tweak.
After lots of waiting and testing I figured out that anything running
through the VPN stays up, it was only a few things that avoided the VPN,
coz they are running on the VPN server itself, that dropped out.
Two of those where ssh to the server, but under different host names for
reasons. The third one is OpenSim, which has very messy networking that
isn't easily fixed. I managed to get the ssh to the host name that isn't
involved with the OpenSim to work by putting that on a different IP,
which meant having to buy one more IP for that server. It already had an
extra one for a VM I run there. Told you things are complicated.
Now it looks like I have the remaining host name running through the VPN,
so in theory it should stay up at the daily router / ISP fall over. Which
should happen in about 3:15 hours from now.
This has been an expensive exercise to replace free Internet, but you get
what you pay for. And I can take this one with me.
Everything happens at once, it didn't help that my server company had
been sold, and they where switching over the customer support stuff at
that time. I got what I suspect was a scam call claiming my domain name
was "on hold" and "doesn't have a web presence", they even knew the
domain name. No idea how they got my phone number, the domain name
people haven't answered that ticket yet. Um, a large collection of the
Devuan users use that web server for installs and updates. lol
Thanks.
--
A big old stinking pile of genius that no one wants
coz there are too many silver coated monkeys in the world.