[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Road Warrior email sending (Off-Topic)

  • Subject: Re: [Openvpn-users] Road Warrior email sending (Off-Topic)
  • From: "Jeff Boyce" <jboyce@xxxxxxxxxxxxxxx>
  • Date: Tue, 4 Dec 2007 10:06:42 -0800
Re: [Openvpn-users] Road Warrior email sending (Off-Topic)David -

    Thanks for the response.  I think I have listed all the information you 
requested, except I did not capture the actual error message on the Windows 
client (stupid newbie mistake).  I believe that it was something to the 
effect that it could not connect to SMTP server.  I am a little hampered by 
limited access to this laptop as it is in use in the office all week, and I 
can only test it on the weekend at my local library free wifi hotspot.  I am 
open to all suggestions, but won't be able to test them until Saturday. 
Thanks.

Client OpenVPN Config.
client
dev tun
proto udp
remote aaa.bbb.ccc.ddd 1194
pull
nobind
persist-key
persist-tun
tls-client
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\laptop.crt"
key "C:\\Program Files\\OpenVPN\\config\\laptop.key"
ns-cert-type server
resolv-retry infinite
comp-lzo
route-method exe
route-delay 2
verb 4

Server OpenVPN Config.
local 192.168.112.1
port 1194
proto udp
dev tun
tls-server
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/VPNserver.crt
key /etc/openvpn/easy-rsa/keys/VPNserver.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.6.0 255.255.255.0
float
ifconfig-pool-persist /etc/openvpn/ipp.txt 120
push "route 192.168.112.0 255.255.255.0"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 4

Office Network Topology
WindowsClient (192.168.112.113) ---> Network Switch ---> DSL Router ---> 
Internet
Samba/OpenVPN Server (192.168.112.1) ---> Network Switch ---> DSL 
Router ---> Internet
DSL Router is default gateway (192.168.112.10)

This client obtains an IP through OpenVPN ipp.txt of 10.8.6.24

Server network settings
[jeffb@bison jeffb] $ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0F:1F:65:9E:CA
          inet addr:192.168.112.1  Bcast:192.168.112.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:124211875 errors:0 dropped:0 overruns:0 frame:0
          TX packets:47702028 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:2124965032 (2026.5 Mb)  TX bytes:430228532 (410.2 Mb)
          Base address:0xdce0 Memory:fdae0000-fdb00000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:23210180 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23210180 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2637805388 (2515.6 Mb)  TX bytes:2637805388 (2515.6 Mb)

tun0      Link encap:Point-to-Point Protocol
          inet addr:10.8.6.1  P-t-P:10.8.6.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:8643 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12426 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:676295 (660.4 Kb)  TX bytes:13894798 (13.2 Mb)

Client Network Settings
Windows IP Configuration
   Host Name . . . . . . . . . . . . : JSN-D830
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection* 7:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Win32 Adapter V8
   Physical Address. . . . . . . . . : aa-bb-cc-dd-ee-ff
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.actdsltmp
   Description . . . . . . . . . . . : Dell Wireless 1490 Dual Band WLAN 
Mini-Card
   Physical Address. . . . . . . . . : bb-cc-dd-ee-ff-gg
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit 
Controller
   Physical Address. . . . . . . . . : cc-dd-ee-ff-gg-hh
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : qqqq::rrrr:sss:tttt:c19%9(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.112.113(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.112.10
   DNS Servers . . . . . . . . . . . : 205.171.3.65
                                       205.171.2.65
   NetBIOS over Tcpip. . . . . . . . : Enabled


Connection settings in Windows Mail for our laptops are:
Incoming Mail Server is : POP3
Incoming Mail (POP3) : electra.he.net
Outgoing Mail (SMTP) : pop.sttl.qwest.net

I tried the redirect-gateway option on the client configuration file with no 
effect.
I tried changing the outgoing connection setting to electra.he.net, but that 
did not change anything.  Looking at those connection settings now in Window 
Mail maybe this is as simple as changing the outgoing connection setting to 
electra.he.net, then also selecting the outgoing server requires 
authentication option (I didn't notice this before) and select using the 
same settings as the incoming server authentication.

Thanks, Jeff



----- Original Message ----- 
From: David Balazic
To: Jeff Boyce ; Les Mikesell
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Sent: Tuesday, December 04, 2007 9:03 AM
Subject: RE: [Openvpn-users] Road Warrior email sending (Off-Topic)


Not really off topic. At least not more than any other "I have wrong 
routing" posts.
For help :
 - client and server ovpn config files
 - network topology
 - network settings of non-vpn interfaces (on client and server)
 - where is the mail server located ? what protocol does it use ? what is 
the error message you get ?

Regards,
David



From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Jeff Boyce
Sent: Tue 04-Dec-07 17:47
To: Les Mikesell
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] Road Warrior email sending (Off-Topic)


Les -

    Thanks for the explanation.  Unfortunately it doesn't appear to help my
situation.  We do not run a mail server at our office.  Our incoming mail
service is provided by a third party provider.  Our outgoing mail service is
directed to the mail server at our local DSL provider.  All incoming and
outgoing mail for the PC clients in our office therefore does not go through
our server.  My employee would love to be able to use her regular Windows
Mail client when she is accessing the internet from wireless connections at
hotel meeting rooms.  If anyone has any other suggestions for me you can
send them directly to me and we can take this off-list, since we are clearly
off topic now.  Thanks.

Jeff


----- Original Message -----
From: "Les Mikesell" <lesmikesell@xxxxxxxxx>
To: "Jeff Boyce" <jboyce@xxxxxxxxxxxxxxx>
Cc: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, December 04, 2007 8:24 AM
Subject: Re: [Openvpn-users] Road Warrior email sending


> Jeff Boyce wrote:
>>
>>    Clearly this subject is moving off-topic for this list, but as a
>> novice administrator for a small office I need to ask for some additional
>> clarification on your advice.  In your last sentence you state that if
>> the openvpn connection is not known by the mail server, I will have to
>> fix that up, or set up authentication.  How would I fix it up, or how
>> would I set up authentication?  With the amount of information I provided
>> on my setup I don't expect you to be able to provide an specifics, but
>> can you give me some general guidance, and terms that I can use to do
>> some further searching on google and find documentation to read?
>> Anything will help here.  Thanks.
>
> If you are running the stock RH sendmail, you probably have already fixed
> the DAEMON_OPTIONS line in /etc/mail/sendmail.mc by removing the
> Addr=127.0.0.1 that prevents receiving any outside mail and rebuilt
> sendmail.cf (by running make in /etc/mail or just restarting sendmail with
> 'service sendmail restart').  You also probably have an entry in
> /etc/mail/access with RELAY for your lan IP range.  Add another entry to
> cover your openvpn range that permits RELAY for them, and rebuild the
> access.db by running make or restarting sendmail.  You should see entries
> in /var/log/maillog for anything you send so you can tell if it was denied
> or sent.  Authentication is somewhat more complicated, but in combination
> with ssl encryption which virtually all mail clients do these days, it can
> make the vpn unnecessary if all you want is mail access.
>
> --
>   Les Mikesell
>    lesmikesell@xxxxxxxxx
>
>
>

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users 

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users