› Forums › Network Management › VPN › VPN Zeroshell with Linux machine with Amazon EC2
- This topic is empty.
-
AuthorPosts
-
August 1, 2014 at 12:01 pm #44004
misterfigaro
MemberHi guys,
I’m trying to configure a VPN with Zeroshell as server and a virtual machine EC2 as client.This is the basic schema with the IP:
https://dl.dropboxusercontent.com/u/3145586/VPN/VPN.jpgI choose to use the certification authentication and this is the server config:
https://dl.dropboxusercontent.com/u/3145586/VPN/ZS_VPN.jpgAnd this is the client config file:
user nobody
group nobody
remote1195
proto tcp
ifconfig 194.0.0.2 255.255.255.0 #192.168.254.1
ca /etc/openvpn/cert/zs1_ca.pem
cert /etc/openvpn/cert/zs1.pem
key /etc/openvpn/cert/zs1.pem
–tls-client
verb 3
mute 20
resolv-retry infinite
nobind
client
dev tap
persist-key
persist-tun
keepalive 1 3
status /etc/openvpn/status/zs1-status.log
log-append /var/log/openvpn.log
The authentication works,i’m able to ping from amazon EC2 and either VPN server can ping each other and I can ping my local machines from VPN EC2 instance but I cannot reach amazons machine from my zeroshell and I cannot ping my local machines from other amazon machine, seems that only the VPN client works.I’m sure is a basic routing/forwarding problems and even if I enabled forwarding on LInux machine as follow do not works:
I set net.ipv4.ip_forward=1 on /etc/sysctl.conf and /proc/sys/net/ipv4/ip_forward to 1
I set up all route to access my local class 192.168.18.0/24 to VPN client and I set up the same route for the other amazon internal machine with gateway the IP of amazon VPN instance.
For my test all firewall are off.
This is the process line on zeroshell server:
https://dl.dropboxusercontent.com/u/3145586/VPN/ZS_VPN_SERVER.jpgWhat I miss?
Many thanks for your helpAugust 1, 2014 at 1:16 pm #53403misterfigaro
MemberI initially posted on Italian forum here (http://www.zeroshell.net/forum/viewtopic.php?p=18921#18921) where REDFIVE posted this answer:
Mmm … this is the italian forum… anyway, if Zs 1 is the default gateway for the network 192.168.18.0/24 , and aws ec2 is the the default gateway for the network 10.0.0.0/24 , add, , on ZS1 a static route ,
10.0.0.0 255.255.255.0 via 194.0.0.2 (but be aware, this is actually a pubblic ip address used as inner ip address of the tunnel) and on aws ec2 , 192.168.10.0 255.255.255.0 via 194.0.0.1…. should work, ….if I haven’t missed something…
RegardsAugust 1, 2014 at 1:21 pm #53404misterfigaro
MemberI did it, this is the routing table of Zeroshell
Destination Netmask Type Metric Gateway Interface Flags State Source
DEFAULT GATEWAY 0.0.0.0 Net 0 193.0.0.1 ETH02 UG Up Auto
10.0.0.0 255.255.255.0 Net 0 194.0.0.2 VPN00 UG Up Static
192.168.18.0 255.255.255.0 Net 0 none ETH03 U Up Auto
192.168.50.0 255.255.255.0 Net 0 none ETH00 U Up Auto
193.0.0.0 255.255.255.248 Net 0 none ETH02 U Up Auto
193.0.1.0 255.255.255.248 Net 0 none ETH01 U Up Auto
194.0.0.0 255.255.255.0 Net 0 none VPN00 U Up AutoAnd this is the Linux machine
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.169.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.18.0 194.0.0.1 255.255.255.0 UG 0 0 0 tap0
194.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0Any ideas?
August 1, 2014 at 6:22 pm #53405redfive
ParticipantIsn’t so clear, at least for me, btw…in the first drawing there isn’t any public ip address declared, but looking at the second one, seems that the Zs is connected to the remote machine, on the public ip address, for the vpn….and , based on the ZS’s routing table, seems that its def-gw is 192.0.0.1 , on ETH02 ( but isn’t this the ip address of the VPN00 interface ?) , while on the second machine, I can’t see any default gw…
So , ..could you explain, how exactly is the network topology ?
Remove the lines –route-gateway xxx and –push-route xxx in Parameters , if you have declared the routes as static routes in the routing table, you don’t need these lines.
RegardsAugust 1, 2014 at 11:15 pm #53406misterfigaro
MemberHi redfive,
yes sorry I forgot to mention the public ip addresses but I only mentioned the private ip, of course there are public ip as well so you can consider that the tunnel work.
Anyway I manage to solve it and I describe the process on my website, this is the post:
http://davidecostantini.it/2014/08/create-linux-gateway-using-amazon-ec2-instance-and-zeroshell/
How can I set the title as SOLVED ?
Cheers
-
AuthorPosts
- You must be logged in to reply to this topic.