Jump to content

GMaxW

Active Members
  • Content Count

    7
  • Joined

  • Last visited

About GMaxW

  • Rank
    Newbie

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Yes, you have indeed spotted a discrepancy, and it's a setting that indeed looks relevant to the problem ?. I think from the video I absorbed that the Turtle might have these blocks of settings already in place, and when I noticed they were, I must not have read as closely as I should. Anyhow, I have now changed that setting in my Turtle, but I can't test on the VPN at the moment, so that'll have to wait until a bit later. Thanks for your attention. I will report back whether this indeed gets things working.
  2. To be clear, in the Reverse VPN video I linked, Darren did list some firewall and network changes, which I copy below. Those were already in place on my Turtle as delivered. And these do not include the iptables NAT settings I just mentioned. /etc/config/network: ... after config interface 'wan' section... config interface 'vpn option ifname 'tun0' option proto 'dhcp' /etc/config/firewall: check there's a section: config zone option name 'vpn' list network 'vpn' option input ACCEPT
  3. > why would I or anyone else take the time to right a complete set of config settings I was hoping someone already had then written down, primarily someone from hak5, given that Turtle is promoted to do this scenario. > when you would read through them and say yup yup I did all that already??? Obviously I'm looking for the thing in the known-working config that I would NOT say "yup" too! ? > Did you configure the OpenVPN AS reverse gateway correctly? Which is give it an IP: 192.168.65.0/24 and check those two boxes above it. Which at this point you almost make i
  4. > When you created the ovpn file for the turtle on OpenVPN AS I see the VPN Gateway is set to 192.168.65.0/24. Not sure what you mean here. 192.168.65.0/24 is indeed the subnet address range for the LAN that the gateway/client is on. > Did you also check the box for Allow access from "all server-side private subnets" and "all other VPN clients?" I assume you mean for the gateway client, in which case yes. > When you SSH into your turtle from your off-lan machine can you ping your on-lan machines from the turtle? That's a good question. I did not try that. And
  5. And in case it's any use, here's the result of ip route on Turtle: root@turtle:~# ip route 0.0.0.0/1 via 172.27.224.129 dev tun0 default via 192.168.65.1 dev eth1 proto static src 192.168.65.102 metric 20 default via 172.16.84.84 dev eth0 proto static metric 30 128.0.0.0/1 via 172.27.224.129 dev tun0 [OpenVPN-AS server's IP] via 192.168.65.1 dev eth1 172.16.84.0/24 dev eth0 proto static scope link metric 30 172.27.224.128/25 dev tun0 proto kernel scope link src 172.27.224.165 192.168.65.0/24 dev eth1 proto static scope link metric 20 192.168.65.1 dev eth1 proto static scope
  6. I was hoping to get the reverse VPN setup working, but have been so unsuccessful I'm starting to doubt that it actually works. In the absence of better docs, I have been following the Hak5 video here: https://www.youtube.com/watch?v=b7qr0laM8kA I have painstakingly scoured this video second by second, noting every setting that Darren makes. And I have slavishly configured OpenVPN AS at Digital Ocean exactly the same way (well, except specific IP addresses of course), installed the ovpn files on an off-LAN client, and also on the Turtle. And I've also checked the network and fire
  7. I have done the initial config procedure on a new Turtle, which of course entails an SSH connection over USB. And that includes the update procedure. Now I want to SSH to the turtle via its ethernet port. It's on the LAN, I can ping it, but attempts to connect via SSH (port 22) are refused (ie: not just timed out). I have tried the firewall fixes by MonkeyMan here: ... and rebooted. But no improvement. Could somebody post or point to the exact settings required to get this simple function to work? Thanks.
×
×
  • Create New...