Author Topic: OpenVPN + Samba + only 1 NIC  (Read 3199 times)

drdebian

  • Zen Apprentice
  • *
  • Posts: 37
  • Karma: +0/-0
    • View Profile
OpenVPN + Samba + only 1 NIC
« on: April 09, 2008, 03:13:34 pm »
I'm looking at replacing a friend's old server running Debian 3.1 with a new one running Ubuntu 8.04 server and Ebox.

He has a Samba PDC as well as OpenVPN installed on that server, using port forwarding on his router to connect using port 1194.

Now, the trouble is that somehow Ebox insists on having OpenVPN use an "external" NIC, while Samba on Ebox only listens to an "internal" NIC. The way it is now, I can use only Samba OR OpenVPN, but not both at the same time, since he only has one NIC.

With his setup, he'd only need one NIC that can do both services using an internal IP-address.

Is there any proper way to work around this constraint?

javi

  • Zen Hero
  • *****
  • Posts: 1042
  • Karma: +0/-0
    • View Profile
Re: OpenVPN + Samba + only 1 NIC
« Reply #1 on: April 10, 2008, 12:07:17 am »
You won't have any problem with the samba PDC stuff, but with the openVPN you will need at least two network interfaces.

I can tell you how to workaround but you will have to modify a couple of files

drdebian

  • Zen Apprentice
  • *
  • Posts: 37
  • Karma: +0/-0
    • View Profile
Re: OpenVPN + Samba + only 1 NIC
« Reply #2 on: April 10, 2008, 03:49:00 am »
You won't have any problem with the samba PDC stuff, but with the openVPN you will need at least two network interfaces.

I can tell you how to workaround but you will have to modify a couple of files

I'd be interested to hear how to do it, since I'm not scared of modifying files. ;)

But I really think that this behaviour is a bit of a design flaw, since I know of a number of people who have their VPN endpoint inside their private LANs on hardware with only one NIC. Forcing this internal/external gateway-mode stuff on them will certainly not make their lifes any easier.

ccbadd

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: OpenVPN + Samba + only 1 NIC
« Reply #3 on: May 03, 2008, 04:34:13 pm »
I would like to know how to do this also if you could?
Thanks

dmeireles

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +1/-0
  • Masturbation, the human version of autoexec.bat
    • View Profile
Re: OpenVPN + Samba + only 1 NIC
« Reply #4 on: May 23, 2008, 03:45:06 pm »
Hi.
Would like to make this too, since I'm only using one NIC and need the eBox server to act as a openvpn client
« Last Edit: May 30, 2008, 12:34:07 pm by dmeireles »

dmeireles

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +1/-0
  • Masturbation, the human version of autoexec.bat
    • View Profile
Re: OpenVPN + Samba + only 1 NIC
« Reply #5 on: May 30, 2008, 12:39:39 pm »
Ok, I've tried the following, but didn't work out...
Edited openvpn-client.mas, and on the device line, removed the originsal line and typed "dev tun"

Why does the eBox OpenVPN module uses tap instead of tun? Anyway, if there is a way to make this work with only I nic, could you please explain how?

Thanks

javi

  • Zen Hero
  • *****
  • Posts: 1042
  • Karma: +0/-0
    • View Profile
Re: OpenVPN + Samba + only 1 NIC
« Reply #6 on: May 30, 2008, 05:25:03 pm »
Hi,

In the last release 0.11.100 you only have to tick the Masquerade option when you configure your openVPN server

dmeireles

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +1/-0
  • Masturbation, the human version of autoexec.bat
    • View Profile
Re: OpenVPN + Samba + only 1 NIC
« Reply #7 on: May 30, 2008, 05:31:18 pm »
Hi,

In the last release 0.11.100 you only have to tick the Masquerade option when you configure your openVPN server

My problem is with the client part... I have a client, which has an OpenVPN Server, and for me to give them remote assistence, they have created a crt for my company. So, I wanna put the cert on my eBox to make it the gateway to reach the client's network, but the eBox machine refuses to make the connection, and from what I understood, that's because there is only 1 NIC...

javi

  • Zen Hero
  • *****
  • Posts: 1042
  • Karma: +0/-0
    • View Profile
Re: OpenVPN + Samba + only 1 NIC
« Reply #8 on: May 30, 2008, 06:10:02 pm »
You are right.

I think you are problem might be caused by a missconfiguration on the firewall.

To test it quickly:

Add a rule to firewall->packet filter->filtering rules for traffic coming out from eBox

Add a rule to allow everything there, save changes and take a look at the openVPN logs under /var/log/openvpn

dmeireles

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +1/-0
  • Masturbation, the human version of autoexec.bat
    • View Profile
Re: OpenVPN + Samba + only 1 NIC
« Reply #9 on: May 30, 2008, 06:31:32 pm »
You are right.

I think you are problem might be caused by a missconfiguration on the firewall.

To test it quickly:

Add a rule to firewall->packet filter->filtering rules for traffic coming out from eBox

Add a rule to allow everything there, save changes and take a look at the openVPN logs under /var/log/openvpn


I did what you told me, althrough I don't have the Firewall module activated. After that, I've recreated the OpenVPN Client, clicked Create, then save changes, then save... It gives me an error (it always does when creating OpenVPN Clients, I supose due to the fact that there is only one NIC) saying that the changes to the modules below were not saved, but there is no module below, and I've checked the config of the client (both via eBox portal and viewing the files via ssh) and everything is there. The connection is also showed in the status screen, althrough with vpn interface status "No active". I will try to test this again with another NIC during next week, but I really just wanted to use one card....

PS: If I run the openvpn command with a costum .ovpn/.conf file via ssh, I can get connected, but still, I wanted to use the eBox interface for this...

PS2: About the tun/tap thing... Is there a way to use tun insted of tap, or to tune the configuration of the client (thing like tun, lzo, etc etc etc...)

Thanks for your attention