Well It looks like I still have a problem. When I connect to my openvpn server it works. BUT I have no connection to the outside world.
here is my output of my iptable.
iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1937 332K ACCEPT udp -- ens3 any anywhere anywhere udp dpt:openvpn 3 180 ACCEPT all -- tun0 any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 979 94816 ACCEPT all -- tun0 ens3 anywhere anywhere 0 0 ACCEPT all -- ens3 tun0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
and here is my network adress state:
# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic ens3 valid_lft 85194sec preferred_lft 85194sec inet 44.135.59.1/32 brd 44.135.59.1 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5400:2ff:fefc:bdba/64 scope link valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq state UNKNOWN group default qlen 100 link/none inet 44.135.59.1/24 brd 44.135.59.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::cd3f:6e0a:55e:e9ac/64 scope link stable-privacy valid_lft forever preferred_lft forever
Bird show my route advertised properly.
Anyone can help?
________________________________________ De : pete M petem001@hotmail.com Envoyé : 15 décembre 2020 17:40 À : James Colderwood via 44Net Objet : BGP/openvpn finally all ok.
I want to thanks all that helped with the setup of my vultr vps with BGP and openvpn to distribute the /24 that was assigned to me.
I played a lot with the openvpn and wireguard software up to a point I had to redo the whole install of the VPS.
here is the receipy I have been able to use for the task. I am running a Debian10 that was updated to the latest software
First I have use the tutorial at https://www.vultr.com/docs/configuring-bgp-on-vultr
Be aware that on my version of bird I was not able to open the "/var/log/bird.log" files because of a propriatary right. the file belongned to root and it was supposed to belong to bird it is a known bug that I hope will be fixed soon.
this helped me create that information into my bird.conf ------------------------------------------------------------------------------ log "/var/log/bird.log" all;
router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps
protocol device { scan time 60; }
protocol static { route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned /24 from ampr and the ipv4 from your vps }
protocol bgp vultr { local as yyyyyyyyyyy; this is the private asn given to you by vultr and availble on your dashboard on myvultr.com for your vps source address xxx.xxx.xxx.xxx; import none; export all; graceful restart on; next hop self; multihop 2; neighbor 169.254.169.254 as 64515; password "YourSecretPassword" ; } ------------------------------------------------------------------------------
On the openvpn side of thing I have use the install script from angristan available at https://github.com/angristan/openvpn-install
just followed the instruction and all was good.
from there I changed some things on my network at etc/network/interfaces
-------------------------------------------------------------------------- # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
auto lo iface lo inet loopback
auto ens3 allow-hotplug ens3 iface ens3 inet dhcp iface ens3 inet static address 44.135.59.1/32 --------------------------------------------------------------------- the last line point at the first address of my /24 put yours into your file.
then on the openvpn server I changed into the server.conf file only one line
the file is at /etc/openvpn/server.conf
i switched the server line from server 10.8.0.0 255.255.255.0 to server 44.135.59.0 255.255.255.0
the 44 address is my /24 put yours if you follow my exemple.
that's it!
it was not that complicated. But I had to dig a bit to understand the whole thing.
My next step will be to split my /24 in parts. one section will be for the single connections like now, but I want to have connection that are like blocks of /28 or /29.
I know I will have to make another instence of the openvpn server That is the part that is the less clear for me yet. The conf file is more clear. As I want to strat and stop each instence easily I will have to make a new starting script for systemd And that is where I will need to read more.
If this helps someone I will be happy!
If you see a problem with my setup please let me know!
Pierre VE2PF