www.zeroshell.org

[Semmelbroesel]

Hi profs,

i want do to an Lan to Lan connection with bonding.
But i have trouble at first do to the lan to lan connection.
I read so many faq und documentations but non of them are really exatly an many question are still there.

On server at the ISP side i install Zeroshell then i config an new Lan to Lan VPN-> my question what do i have to write into the Remote host? Some write you must leave it empty some write the Server IP Adress.
I testet all but i get allways
23:25:16 /root/kerbynet.cgi/scripts/vpn_mii VPN00 1500 1578 init
23:25:16 SIGTERM[hard,init_instance] received, process exiting
23:25:17 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Sep 23 2008
23:25:17 TUN/TAP device VPN00 opened
23:25:17 Listening for incoming TCP connection on [undef]:1195
23:25:18 Interface VPN00 is DOWN

In the Firewall i set follow rule

INPUT Rules
Seq Input Output Description Log Active
1 * * ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp spt:1195 dpt:1195 no
2 * * ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp spt:1196 dpt:1196 no
3 * * ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp spt:1197 dpt:1197

OUTPUT Rules
Seq Input Output Description Log Active
1 * * ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp spt:1195 dpt:1195 no
2 * * ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp spt:1196 dpt:1196 no
3 * * ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp spt:1197 dpt:1197

What do iwrong on my config?
I hope anyone can help me.

Regards Mario

[Semmelbroesel]

now i changed from TCP to UDP und i got an internal connection.
But why? Is there a special for TCP?

Some many questions

[ppalias]

Apart from being connectionless UDP shouldn't have any more differences against TCP. It is generally advised to use UDP in VPN tunnels however, so this error lead you to the right path. From the logs I cannot find anything wrong. Maybe if you could try it with more verbose logging. I'll give it a shot in my lab as well, as it sparked my curiosity.

[Semmelbroesel]

Thank you for your answer.

I got connection with UDP this ok

Next error
On Server side all 3 VPN connection are are connectet over 1 DSL Line.
On client side i give each vpn connection his own Gateway from the Loadbalancer and his own port 1195,1196 an 1197.

Any ideas?

[Semmelbroesel]

is there are a problem when all gateways are in the same subnet

Gateway 1 192.168.1.1
Gateway 2 192.168.1.2
Gateway 3 192.168.1.3


???????

[atheling]

[Semmelbroesel]

Thank you for your reply.
I read the threat, i know what they mean.

But Change in what? i have 3 DSL lines 1 is from the German Telekom and the another 2 from M-Net (they have the same ISP Gateway)

My config is this:
Datacenter: Fixed IP, 3x VPN lines 1195,1196,1197 Gateway from my Datacenter provider
At home: 3x DSL lines as above T-Com, M-Net, 3x Avm Fritzbox 192.168.1.1,192.168.1.2,192.168.1.3
In the VPN config: remotehost Ip adress from Zeroshell at my datacenter ports 1195-1197 UDP Gateway 192.168.1.1 Port 1195 for VPN1, 192.168.1.2 port 1196 for VPN2 ....

VPN lines are connected, but on Datacenter als 3 VPN Lines connected to the same Ip adress.
What is wrong?

regards Mario[/img]

[Semmelbroesel]

I doesn't unterstand, if i use only netbalancer without bonding the network. Client computer behind ZS will use all three gateways to get data.

[ppalias]

Change the internal IP address of the Fritzbox to 192.168.1.1/24, 192.168.2.1/24 and 192.168.3.1/24

[Semmelbroesel]

it doesn't work It looks like does the client use only gateway 1

[ppalias]

Show us here a screenshot of the SETUP->NETWORK please.

[Semmelbroesel]

In this link you will find all pictures from the client and the server

[/url]http://www.mann-it.de/Portals/3/Mann-IT/Zeroshell/pictures.zip[url]

I found out that he use only the first Gateway in the Net Balancer menu.

I hope someone can help me.

Regards Mario[/url]

[ppalias]

First of all it is a good idea to distinguish the subnets of the Fritzboxes, as I mentioned before.
Secondly you haven't created a BOND of the VPN tunnels. If you create the BOND then you will have only one default gateway on the client ZS (the BOND IP of the server ZS).

[Semmelbroesel]

This cannot be the Problem because Netbalancer is working.
I testet many configs and allways he connect with the first Gateway in the Netbalancer.
This Line is interessting: Default Route has been changed: nexthop via 192.168.2.1 weight 1 realm 102 nexthop via 192.168.1.1 weight 1 realm 104
It looks like that he ignores my vpn Setup gateway an use only his one nexthop.
Where can i find a log to see what is he doing in the connection time. The logs that i found doesn't show deep informations.

Has no one a vpn bonding over 2 or more dsl lines? And will share his knowlege about that.

Regards Mario

[ppalias]

You are obviously doing something wrong here. The ip route log says that you are using 2 gateways with equal weight, 192.168.2.1 and 192.168.1.1 .
Check out the tutorial for the thing you want to do
http://www.linuxplanet.com/linuxplanet/tutorials/6799/1/
In general documentation and tutorial on ZS is gathered here.

[Semmelbroesel]

Im my own Hero,

i found the Problem, Zeroshell does start automatically the forwarding with static routes and so he override the settings from Netbalancer with this default setting. I disabled the forwarting in Network -> Routes and now on server side all VPN comes with every single IP Adress from my ISPs.

It was not the Problem of the Gateways. They are 192.168.1.1, 192.168.1.2, 192.168.1.3

Regards Mario