Strange problem on using OpenVPN with ZeroShell

Home Page Forums Network Management Networking Strange problem on using OpenVPN with ZeroShell

This topic contains 2 replies, has 0 voices, and was last updated by  samiux 10 years, 3 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #41472

    samiux
    Member

    I have a very strange problem on using OpenVPN with ZeroShell.

    Hardware and services configuration
    I virtualized ZeroShell 1.0beta11b, Ubuntu 8.10 Desktop, vsftp server on Ubuntu 8.10 server on a computer that equipped with Athlon 64X2 4200+ and 8GB RAM. The hard drive is build from FakeRAID RAID 0 with 3 set of 320GB hard drives. All the phyiscal network interfaces are not in server grade and the virtual network interfaces are in server grade. The virtualized program is VirtualBox 2.1.2 running on 64-bit Ubuntu 8.10 Desktop.

    I also virtualized a network TAP to connect virtualized internal network to a gigabit switch that connecting several desktops and laptops (including a wireless router). The laptops are getting their IPs from the wireless router by DHCP. The IPs are in 192.168.0.0/24 subnet. The same subnet of the virtualized network. The download and upload speed of my ISP is both 10Mbit/s.

    The configuration of my ZeroShell
    The ZeroShell is enabled HTTP Proxy that includes ETH00, ETH01 and VPN99 with HTTP Capturing Rules (from any IPs to any IPs).

    OpenVPN is enabled. The “Net” button is set to 192.168.250.0/24 and 192.168.0.0./24 subnets.

    The DHCP of subnet 192.168.0.0/24 is set. The default gateway is 192.168.0.75. The DNS 1 is the same as default gateway. DNS 2 and DNS 3 are set to the IPs of OpenDNS.

    DNS of ZeroShell is enabled. The domain name is set, for example, “mydomain.com”. All the setting is copied from the default setting. The Forwarders is pointed to OpenDNS.

    Router’s RIPv2 is enabled for 3 interfaces, such as ETH00, ETH01 and VPN99. They are all authenticated by MD5. The NAT is set to ETH01. Virtual Server is pointed to port 21 of the vsftpd server’s IP.

    Firewall is enabled. Both websites and ftp servers can be reached without problem. OpenVPN can be connected too.

    QoS is not enabled on any interface. The Network of Setup is set. ETH00 is set to 192.168.0.75/255.255.255.0. ETH01 is set to get dynamic IP. VPN99 is set to 192.168.250.254/255.255.255.0. The https is set to 192.168.0.0/16 subnet. SSH is set to 192.168.0.0/16 subnet too.

    The problem
    I can surf the intranet and internet without problem from the intranet. It is fast and responsive. I can connect to any ftp server including my ftp server with my domain name too. When I connect to the ZeroShell via OpenVPN from the internet, the connection is fine. The surfing speed is acceptable. I can surf the internet via the VPN connection. I can browse my ZeroShell and the subnet too.

    The problem is when the OpenVPN is connected (only one client connected), the computers in the intranet cannot surf the internet. It produces the error messages of “DNS error” or “Connection Failed” on HVAP page. The response speed is nearly halted. When I disconnected the OpenVPN, everything is resumed normal.

    I tried to solve the problem many times but in vain. Would anyone can point me the way to solve this strange problem? Is the host computer or phyiscal network interfaces not so powerful enough to drive the OpenVPN? Is VirtualBox not suitable for OpenVPN virtualization?

    Samiux

    #47625

    imported_fulvio
    Participant

    Could you try to disable the transparent proxy to see if the issue is due to an interaction between it and OpenVPN?

    #47626

    samiux
    Member

    fulvio,

    Your distribution is great. Thank for your hard work.

    I disabled the HTTP proxy. The surfing speed of the intranet to internet, when OpenVPN is connected, is improved a lot. However, it is not so responsive than without the OpenVPN connection.

    The response time of OpenVPN client is greater than intranet nodes in general. Strange?

    How about if I want to implement the HTTP Proxy also? Any solution?

    By the way, the OpenVPN client will be disconnected automatically. What can I do with it to make it online until I disconnect it?

    Samiux

    UPDATE
    The HTTP Proxy is disabled.

    Sometimes, I need to stop the current loading of page (it shows connecting to a host) and re-click the link or refresh button to reload the page in order to load it completely. The OpenVPN is still connecting.

    When the youtube.com is streaming or watching at OpenVPN client, the intranet nodes cannot surf the internet anymore until the youtube.com video is finished.

    #47627

    samiux
    Member

    @samiux wrote:

    fulvio,

    Your distribution is great. Thank for your hard work.

    I disabled the HTTP proxy. The surfing speed of the intranet to internet, when OpenVPN is connected, is improved a lot. However, it is not so responsive than without the OpenVPN connection.

    The response time of OpenVPN client is greater than intranet nodes in general. Strange?

    How about if I want to implement the HTTP Proxy also? Any solution?

    By the way, the OpenVPN client will be disconnected automatically. What can I do with it to make it online until I disconnect it?

    Samiux

    UPDATE
    The HTTP Proxy is disabled.

    Sometimes, I need to stop the current loading of page (it shows connecting to a host) and re-click the link or refresh button to reload the page in order to load it completely. The OpenVPN is still connecting.

    When the youtube.com is streaming or watching at OpenVPN client, the intranet nodes cannot surf the internet anymore until the youtube.com video is finished.

    fulvio,

    The problem seems to be solved when I select http-proxy to capture ETH01 only and reboot the gigabit switch.

    Thanks for your attention.

    Samiux

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.