VPN Zeroshell with Linux machine with Amazon EC2

Forums Network Management VPN VPN Zeroshell with Linux machine with Amazon EC2

  • This topic is empty.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • August 1, 2014 at 12:01 pm #44004
    misterfigaro
    Member

    Hi guys,
    I’m trying to configure a VPN with Zeroshell as server and a virtual machine EC2 as client.

    This is the basic schema with the IP:
    https://dl.dropboxusercontent.com/u/3145586/VPN/VPN.jpg

    I choose to use the certification authentication and this is the server config:
    https://dl.dropboxusercontent.com/u/3145586/VPN/ZS_VPN.jpg

    And this is the client config file:

    user nobody
    group nobody
    remote 1195
    proto tcp
    ifconfig 194.0.0.2 255.255.255.0 #192.168.254.1
    ca /etc/openvpn/cert/zs1_ca.pem
    cert /etc/openvpn/cert/zs1.pem
    key /etc/openvpn/cert/zs1.pem
    –tls-client
    verb 3
    mute 20
    resolv-retry infinite
    nobind
    client
    dev tap
    persist-key
    persist-tun
    keepalive 1 3
    status /etc/openvpn/status/zs1-status.log
    log-append /var/log/openvpn.log


    The authentication works,i’m able to ping from amazon EC2 and either VPN server can ping each other and I can ping my local machines from VPN EC2 instance but I cannot reach amazons machine from my zeroshell and I cannot ping my local machines from other amazon machine, seems that only the VPN client works.

    I’m sure is a basic routing/forwarding problems and even if I enabled forwarding on LInux machine as follow do not works:

    I set net.ipv4.ip_forward=1 on /etc/sysctl.conf and /proc/sys/net/ipv4/ip_forward to 1

    I set up all route to access my local class 192.168.18.0/24 to VPN client and I set up the same route for the other amazon internal machine with gateway the IP of amazon VPN instance.

    For my test all firewall are off.

    This is the process line on zeroshell server:
    https://dl.dropboxusercontent.com/u/3145586/VPN/ZS_VPN_SERVER.jpg

    What I miss?
    Many thanks for your help

    August 1, 2014 at 1:16 pm #53403
    misterfigaro
    Member

    I initially posted on Italian forum here (http://www.zeroshell.net/forum/viewtopic.php?p=18921#18921) where REDFIVE posted this answer:

    Mmm … this is the italian forum… anyway, if Zs 1 is the default gateway for the network 192.168.18.0/24 , and aws ec2 is the the default gateway for the network 10.0.0.0/24 , add, , on ZS1 a static route ,
    10.0.0.0 255.255.255.0 via 194.0.0.2 (but be aware, this is actually a pubblic ip address used as inner ip address of the tunnel) and on aws ec2 , 192.168.10.0 255.255.255.0 via 194.0.0.1…. should work, ….if I haven’t missed something…
    Regards

    August 1, 2014 at 1:21 pm #53404
    misterfigaro
    Member

    I did it, this is the routing table of Zeroshell

    Destination Netmask Type Metric Gateway Interface Flags State Source
    DEFAULT GATEWAY 0.0.0.0 Net 0 193.0.0.1 ETH02 UG Up Auto
    10.0.0.0 255.255.255.0 Net 0 194.0.0.2 VPN00 UG Up Static
    192.168.18.0 255.255.255.0 Net 0 none ETH03 U Up Auto
    192.168.50.0 255.255.255.0 Net 0 none ETH00 U Up Auto
    193.0.0.0 255.255.255.248 Net 0 none ETH02 U Up Auto
    193.0.1.0 255.255.255.248 Net 0 none ETH01 U Up Auto
    194.0.0.0 255.255.255.0 Net 0 none VPN00 U Up Auto

    And this is the Linux machine

    Destination Gateway Genmask Flags Metric Ref Use Iface
    0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
    10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    169.254.169.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
    192.168.18.0 194.0.0.1 255.255.255.0 UG 0 0 0 tap0
    194.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0

    Any ideas?

    August 1, 2014 at 6:22 pm #53405
    redfive
    Participant

    Isn’t so clear, at least for me, btw…in the first drawing there isn’t any public ip address declared, but looking at the second one, seems that the Zs is connected to the remote machine, on the public ip address, for the vpn….and , based on the ZS’s routing table, seems that its def-gw is 192.0.0.1 , on ETH02 ( but isn’t this the ip address of the VPN00 interface ?) , while on the second machine, I can’t see any default gw…
    So , ..could you explain, how exactly is the network topology ?
    Remove the lines –route-gateway xxx and –push-route xxx in Parameters , if you have declared the routes as static routes in the routing table, you don’t need these lines.
    Regards

    August 1, 2014 at 11:15 pm #53406
    misterfigaro
    Member

    Hi redfive,

    yes sorry I forgot to mention the public ip addresses but I only mentioned the private ip, of course there are public ip as well so you can consider that the tunnel work.

    Anyway I manage to solve it and I describe the process on my website, this is the post:

    http://davidecostantini.it/2014/08/create-linux-gateway-using-amazon-ec2-instance-and-zeroshell/

    How can I set the title as SOLVED ?

    Cheers

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.