Openvpn

This post is a reminder to my brain who lately likes to forget basic things such an iptable rule to allow VPN clients to access internal LAN.

Yes, this afternoon I spent almost an hour and a half to try to figure out what went wrong with my newly installed openvpn. I was unable to access the LAN behind the server and I literally spent 90 minutes looking in the wrong place because my brain betrayed me and I completely forgot about adding a MASQUERADE rule to my firewall.

In my defense, I had problems with the installation, dependency problems and something close to the DLL hell that Windows has. This situation tricked me a lot because I assumed   this was the cause but when I decided to tcpdump the requests I saw the following:

[bash]

# tcpdump -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
17:27:38.136712 IP 10.8.0.6 > 192.168.0.1: ICMP echo request, id 30234, seq 1, length 64
17:27:39.137333 IP 10.8.0.6 > 192.168.0.1: ICMP echo request, id 30234, seq 2, length 64

[/bash]

What! direct ping from tun to an IP visible only from eth0? Then I realized that I missed the:

[bash]

# iptables -t nat -A POSTROUTING -j MASQUERADE

[/bash]

Voila!

[bash]

# tcpdump -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes

17:39:55.968160 IP 10.8.0.6 > 192.168.0.1: ICMP echo request, id 30234, seq 738, length 64

17:39:55.968757 IP 192.168.0.1 > 10.8.0.6: ICMP echo reply, id 30234, seq 738, length 64

[/bash]

I must have installed openvpn at least 4 times before today, but still wasn’t enough to remember the right thing at the right moment. Won’t happen again, hopefully :D.

The magic of CLI

You want to turn something like this:
[bash]
chartsales_messages_es.properties
chartsales_messages.properties
closedpos_messages_es.properties
closedpos_messages.properties
closedproducts_messages_es.properties
closedproducts_messages.properties
customersdiary_messages_es.properties
customersdiary_messages.properties
customers_messages_es.properties
customers_messages.properties
inventoryb_messages_es.properties
inventoryb_messages.properties
inventorydiff_messages_es.properties
inventorydiff_messages.properties
inventory_messages_es.properties
inventory_messages.properties
people_messages_es.properties
people_messages.properties
productlabels_messages_es.properties
productlabels_messages.properties
productsales_messages_es.properties
productsales_messages.properties
productscatalog_messages_es.properties
productscatalog_messages.properties
products_messages_es.properties
products_messages.properties
taxes_messages_es.properties
taxes_messages.properties
usersales_messages_es.properties
usersales_messages.properties
[/bash]

into this:

[bash]
chartsales_messages.properties
chartsales_messages.properties
closedpos_messages.properties
closedpos_messages.properties
closedproducts_messages.properties
closedproducts_messages.properties
customersdiary_messages.properties
customersdiary_messages.properties
customers_messages.properties
customers_messages.properties
inventoryb_messages.properties
inventoryb_messages.properties
inventorydiff_messages.properties
inventorydiff_messages.properties
inventory_messages.properties
inventory_messages.properties
people_messages.properties
people_messages.properties
productlabels_messages.properties
productlabels_messages.properties
productsales_messages.properties
productsales_messages.properties
productscatalog_messages.properties
productscatalog_messages.properties
products_messages.properties
products_messages.properties
taxes_messages.properties
taxes_messages.properties
usersales_messages.properties
usersales_messages.properties
[/bash]

I can’t imagine an easy way to do it with Windows but with bash and any Unix like OS, you get it done in less than a minute.

[bash]
for line in $(ls *.properties)
do
mv $line echo $line | sed "s/_es.properties/.properties/"
done;
[/bash]