crashsystems | you there mhall119 ? | 02:58 |
---|---|---|
mhall119 | crashsystems: yup | 03:03 |
crashsystems | you said that setup via network manager was fairly easy. do you have any tips for that? | 03:04 |
crashsystems | I successfully connect to the vpn, but packets never get through | 03:04 |
mhall119 | well, it wasn't that easy, but the hard parts weren't Ubuntu's fault | 03:05 |
crashsystems | hah | 03:05 |
mhall119 | Verizon had a Nortel (I think) aggregator | 03:05 |
mhall119 | which was basically a Cisco aggregator with a broken protocol stack | 03:06 |
mhall119 | so I found a patch to vpnc that would make it not die when Nortel failed at parts of the connection setup sequence | 03:06 |
mhall119 | next, Verizon's IT gave out binary config files for their Windows client, which I had to find a way to extract to get the connection credentials, server address, etc | 03:07 |
mhall119 | once I had the info and a patched vpnc, network-manager-vpnc let me turn it on and off from the panel icon menu | 03:08 |
crashsystems | PRQ gave me a zip file with the vpn config and encryption key. network manager has a handy button for importing that config file, but while it connects to the vpn, my traffic goes nowhere | 03:09 |
mhall119 | the DHCP I got from the VPN didn't set the DNS, IIRC, so I had a script that would do that | 03:09 |
mhall119 | maybe it's not setting your routes? | 03:09 |
crashsystems | well, my routes are changing after I connect. | 03:10 |
mhall119 | make sure the VPN's IP subnet isn't the same as your local subnet | 03:10 |
crashsystems | lemme get a pastebin | 03:10 |
crashsystems | http://pastebin.com/qVPqBCdU | 03:11 |
mhall119 | and ifconfig? | 03:12 |
crashsystems | while connected? | 03:13 |
mhall119 | yes | 03:13 |
crashsystems | just a moment... | 03:13 |
mhall119 | I assume you've watched wireshark? | 03:13 |
crashsystems | http://pastebin.com/G70cV60c | 03:14 |
crashsystems | hah, no | 03:14 |
crashsystems | I've got it installed though | 03:15 |
mhall119 | and you can't get to anything on the 88.80.29.128 network? | 03:15 |
crashsystems | nope, the only thing I can ping is my vpn IP address. Can't even ping their DNS, which is on that network | 03:16 |
mhall119 | do they use some kind of host checking? | 03:16 |
crashsystems | no | 03:16 |
crashsystems | I did read something about adding a delay before NM sets up routes, to give the vpn opportunity to supply those. | 03:17 |
mhall119 | lots of VPNs now will require that the client tells it that it's Windows is patched and has an updated A/V running, before it'll allow it's packets through | 03:17 |
crashsystems | hah, this vpn recommends that all it's users use linux or bsd | 03:17 |
mhall119 | ok, so probably not that | 03:17 |
mhall119 | try wireshark and tracert | 03:18 |
mhall119 | to make sure packets are at least going over the link | 03:18 |
mhall119 | if they are, then I don't know what to tell you | 03:18 |
mhall119 | something's not setup right for you on their end | 03:18 |
mhall119 | your routes and ipconfig look okay to me | 03:19 |
mhall119 | just use ssh | 03:19 |
mhall119 | ;) | 03:19 |
crashsystems | http://www.debuntu.org/how-to-network-manager-openvpn-overwrites-default-route | 03:20 |
crashsystems | the above did not exactly work for me, but traffic did go through | 03:20 |
mhall119 | looks like your routes are already configured to only send traffic over the tunnel if it's for the remote network | 03:21 |
mhall119 | or was your pastebin from after you did that? | 03:22 |
crashsystems | from before | 03:22 |
mhall119 | hmmm... | 03:22 |
crashsystems | I wish I could set a route delay from network manager | 03:25 |
mhall119 | well if they recommend using Linux, maybe they can give you better support than I can | 03:26 |
Chloric | good evening guys | 03:48 |
katyl_ | Evening | 03:49 |
Chloric | evening Katyl, i dont think we previously met | 03:50 |
katyl_ | Don't believe so. | 03:50 |
* crashsystems kicks openvpn | 03:51 | |
Chloric | What part of florida are you from? | 03:51 |
katyl_ | be careful there, crashsystems, openvpn is a delicate beast, tends to only fail harder if you kick it. | 03:52 |
crashsystems | o_O | 03:52 |
crashsystems | it can't fail any harder than it is now | 03:52 |
Chloric | crashsystems, wanna wage a bet on that? xD | 03:52 |
crashsystems | no | 03:52 |
crashsystems | ugh | 03:53 |
Chloric | i think we should | 03:53 |
katyl_ | Things still route locally when you're connected? I've had it not. Totally lost the network. | 03:53 |
katyl_ | Through Network Manager? | 03:53 |
crashsystems | its more like every single packet dies a firey death | 03:53 |
crashsystems | yes, network manager | 03:53 |
katyl_ | Just an idea, I had some similar issues when I didn't select the correct compression type. | 03:54 |
katyl_ | May I ask who you're trying to connect to? | 03:55 |
crashsystems | only one available, LZO compression | 03:55 |
crashsystems | PRQ | 03:55 |
Chloric | sometimes i forget that im probably the only international relations major here -__- *totally lost now* | 03:55 |
crashsystems | have you ever actually gotten openvpn working with network manager katyl_ ? | 03:56 |
katyl_ | Yes\ | 03:56 |
crashsystems | I think my problems are with routing | 03:56 |
katyl_ | I use vyprvpn on a daily basis, and before that was using openvpn on my VPS without issues. | 03:56 |
katyl_ | Simple stuff, do you have VPN passthrough enabled on your router? | 03:57 |
crashsystems | hah, I have no clue. didn't set up the router | 03:57 |
katyl_ | That might be your issue, VPN failed consistently for me, before I enabled passthrough. | 03:58 |
crashsystems | do you know if that would be default on ddwrt? | 03:58 |
katyl_ | It is not | 03:58 |
katyl_ | Located under security. | 03:58 |
katyl_ | well, nm... looks like there is no openvpn passthrough option. | 03:58 |
crashsystems | the vpn sucessfully connects, but then all traffic dies | 03:59 |
katyl_ | One sec. I may drop? | 03:59 |
crashsystems | ok | 03:59 |
katyl__ | There we go | 04:01 |
katyl__ | crashsystem, mind giving me the output of 'route' | 04:02 |
katyl__ | Q3rJ^n*p | 04:02 |
crashsystems | just a min | 04:02 |
crashsystems | I hope that was not a password | 04:02 |
katyl__ | Crap... guess I'm changing that password... | 04:02 |
crashsystems | lol | 04:02 |
katyl__ | not like it's useful... nothing actually allows login with that remotely. | 04:02 |
katyl__ | aaand portforwarding for SSH is off now. | 04:03 |
katyl__ | I feel stupid | 04:03 |
crashsystems | http://pastebin.com/FkLCgydz | 04:04 |
katyl__ | is 10.10.10.1 pingable? | 04:05 |
crashsystems | while connected to vpn? | 04:05 |
katyl__ | yes | 04:05 |
crashsystems | its not pingable not connected | 04:06 |
crashsystems | that is not my default gateway, if that is what you are thinking | 04:06 |
crashsystems | router* | 04:06 |
katyl__ | Oh. | 04:06 |
crashsystems | I can ping the local network while connected to the vpn | 04:06 |
katyl__ | Sorry, bad assumption on my part. | 04:07 |
crashsystems1 | http://db.tt/C7dNyuj | 04:13 |
crashsystems | katyl__: that is a wireshark capture | 04:13 |
katyl__ | as soon as my password crisis is fixed, I'll be happy to check | 04:14 |
crashsystems | lol, ok | 04:14 |
crashsystems | did you use that one many places? | 04:15 |
katyl__ | The one password I have that isn't completly random... | 04:17 |
katyl__ | Local Login . | 04:17 |
katyl__ | remote auth is all based off my encrypted SSH key with a random password... Password auth is disabled on all systems. I don't think I'm in any trouble. | 04:18 |
katyl__ | I also do not have sudo installed. | 04:18 |
katyl__ | So, I don't see any issues coming of this... but better safe than sorry | 04:18 |
crashsystems | yep | 04:18 |
katyl__ | Well, if it helps, I can tel you 88.80.30.9 isn't pingable for me either | 04:24 |
crashsystems | :/ | 04:25 |
katyl | I've never had so much trouble with this before. | 04:55 |
crashsystems | likewise | 04:56 |
Chat6291 | wasup ladies | 05:09 |
katyl | Night all | 05:26 |
katyl | afternoon, everyone. | 16:32 |
mhall119 | crashsystems: you never tried restarting? | 22:15 |
crashsystems | I restarted my computer. It never occurred to me to hit restart on the vpn service itself in their little control panel | 22:17 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!