VPN from OH2 server: IP-address changed?

binderth · February 16, 2018, 9:26pm

Platform information:
- Hardware: RPi 2
- OS: Raspbian Stretch
- Java Runtime Environment: Zulu8
- openHAB version: 2.2 stable

I managed to connect my remote Raspbian runnung OH2 directly with my FritzBox at home using vpnc. For now, everything works:

I can access my home network from remote
I can access my remote Pi from home
the PI can use internet Access

What’s a bit strange in my eyes, if I login to my remote Pi via its remote IP, I nevertheless get this login screen:

[22:12:02] openhabian@openHAB2-huette:~$
Using username "openhabian".
openhabian@192.168.90.10's password:
Linux openHAB2-huette 4.9.59-v7+ #1047 SMP Sun Oct 29 12:19:23 GMT 2017 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Feb 16 22:11:10 2018 from 192.168.90.35

###############################################################################
################# openHAB2-huette #############################################
###############################################################################
##             Ip = 192.168.187.201
##        Release = Raspbian GNU/Linux 9 (stretch)
##         Kernel = Linux 4.9.59-v7+
##       Platform = Raspberry Pi 2 Model B Rev 1.1
##         Uptime = 27 day(s). 4:3:4
##      CPU Usage = 0.25 % avg over 4 cpu(s)  (4 core(s) x 1 socket(s))
##       CPU Load = 1m: 0.18, 5m: 0.15, 15m: 0.08
##         Memory = Free: 0.10GB (10%), Used: 0.85GB (90%), Total: 0.95GB
##           Swap = Free: 0.08GB (90%), Used: 0.00GB (10%), Total: 0.09GB
##           Root = Free: 53.31GB (96%), Used: 2.12GB (4%), Total: 58.43GB
##        Updates = 0 apt updates available.
##       Sessions = 2 sessions
##      Processes = 138 running processes of 32768 maximum processes
###############################################################################

              Welcome to            __  _____    ____  _
            ____  ____  ___  ____  / / / /   |  / __ )(_)___ _____
           / __ \/ __ \/ _ \/ __ \/ /_/ / /| | / __  / / __ `/ __ \
          / /_/ / /_/ /  __/ / / / __  / ___ |/ /_/ / / /_/ / / / /
          \____/ .___/\___/_/ /_/_/ /_/_/  |_/_____/_/\__,_/_/ /_/
              /_/
                  openHAB 2.2.0-1 (Release Build)


Looking for a place to get started? Check out 'sudo openhabian-config' and the
documentation at http://docs.openhab.org/installation/openhabian.html
The openHAB dashboard can be reached at http://openHAB2-huette:8080
To interact with openHAB on the command line, execute: 'openhab-cli --help'

192.168.90.x is the subnet of my remote Network
192.168.187.x is the subnet of my home Network

So, why is the IP-address shown here the one of my home-VPN IP-Address?

[22:14:56] openhabian@openHAB2-huette:~$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.90.10  netmask 255.255.255.0  broadcast 192.168.90.255
        inet6 fd80:5973:1834::a00  prefixlen 128  scopeid 0x0<global>
        inet6 fe40::8a15:312d:eaf0:2afe  prefixlen 64  scopeid 0x20<link>
        inet6 fd80:5853:1330:0:9559:5244:a2fb:3edf  prefixlen 64  scopeid 0x0<global>
        ether b8:27:eb:02:30:48  txqueuelen 1000  (Ethernet)
        RX packets 1208310  bytes 370548335 (353.3 MiB)
        RX errors 0  dropped 34  overruns 0  frame 0
        TX packets 667813  bytes 108400553 (103.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Lokale Schleife)
        RX packets 24392  bytes 2231961 (2.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 24392  bytes 2231961 (2.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1412
        inet 192.168.187.203  netmask 255.255.255.255  destination 192.168.187.203
        inet6 fe80::2766:a66f:efca:fa47  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 104  bytes 13488 (13.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 173  bytes 64807 (63.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Is this something, I have to be concerned about? at present all seems to work as it should, but I’m just curious, why there’s not the remote-IP is shown here…

VPNC is configured accordingly:
/etc/vpnc/fritzbox.conf

IPSec gateway xxxx.myfritz.net
IPSec ID yyy
IPSec secret xyz
IKE Authmode psk
Xauth username yyy
Xauth password zzz
local port 0
DPD idle timeout (our side) 0

I start it with sudo vpnc fritzbox.conf

christoph_wempe · February 16, 2018, 9:49pm

I think this is correct.

Since you do not have a site-to-site-vpn connection, you connect to your remote-pi with the vpn-ip of your home-network. (192.168.187.x)
You would not be able to connect to 192.168.90.10, since there is no route to this network/host from your home network.

The only strange thing is the line openhabian@192.168.90.10's password:.
But I guess this is just a sting generated from the sshd wich might not consider the interface you connect to and just uses the ip of eth0 for this promt.

binderth · February 17, 2018, 4:38am

I’m presently not home, so I’m connecting from the remote network. That’s why I’m curious on that home IP address coming up…?

… That’s why this one is correct:

binderth · February 17, 2018, 3:03pm

strange thing is: the VPN is stable for a few hours, and then there’s an error: an after that the remote Pi doesn’t talk to the Internet anymore - but only to the remote VPNed home Network.

Feb 17 05:19:57 openHAB2-huette vpnc[12398]: HMAC mismatch in ESP mode
Feb 17 05:19:58 openHAB2-huette vpnc[12398]: HMAC mismatch in ESP mode
Feb 17 05:19:58 openHAB2-huette vpnc[12398]: HMAC mismatch in ESP mode
Feb 17 05:19:59 openHAB2-huette vpnc[12398]: HMAC mismatch in ESP mode
Feb 17 05:20:00 openHAB2-huette vpnc[12398]: HMAC mismatch in ESP mode
Feb 17 05:20:03 openHAB2-huette vpnc[12398]: HMAC mismatch in ESP mode
Feb 17 05:20:08 openHAB2-huette vpnc[12398]: HMAC mismatch in ESP mode
Feb 17 05:20:19 openHAB2-huette vpnc[12398]: HMAC mismatch in ESP mode
Feb 17 05:20:40 openHAB2-huette vpnc[12398]: HMAC mismatch in ESP mode
Feb 17 05:21:23 openHAB2-huette vpnc[12398]: HMAC mismatch in ESP mode
Feb 17 05:25:01 openHAB2-huette CRON[19057]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Feb 17 05:35:01 openHAB2-huette CRON[19186]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Feb 17 05:38:58 openHAB2-huette systemd-timesyncd[285]: Timed out waiting for reply from 213.227.164.24:123 (0.debian.pool.ntp.org).
Feb 17 05:39:08 openHAB2-huette systemd-timesyncd[285]: Timed out waiting for reply from 185.144.161.170:123 (0.debian.pool.ntp.org).
...