problem with openvpn

[davefet]

Quote:

MASQUERADE not MASQUERAD

I noticed it too, but fixed command don't make any change.

Quote:

run ifconfig and see the name of your interface (eth0 or venet0)

It's venet0.
I got

Code:

[root@dostoon ~]# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                  -00
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.                  255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:101304 errors:0 dropped:0 overruns:0 frame:0
          TX packets:101006 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:57411296 (54.7 MiB)  TX bytes:31360913 (29.9 MiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                  -00
          inet addr:my.server.ip.address  P-t-P:my.server.ip.address Bcast:my.server.ip.address  Mas                  k:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

Quote:

try to run

Code:

iptables -A POSTROUTING -o venet0 -j SNAT --to-source my.server.ip.address

The same old problem : " No chain/target/match by that name"


Also I read somewhere this error message can mean that some required modules are not loaded in kernel. So I tried (If remember correctly)
modprobe ipt_state
modprobe ip_tables
but no result.



Any help is appreciated.
Thanks.

[borasque]

iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source your.ip

[davefet]

Quote:

iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source your.ip

Server accept this command but can't access web through vpn.

[davefet]

Does vpslink use Virtuozzo for vps hosting? It seems Virtuozzo can be problematic if you are trying to run some thing openvpn.

[vpslinkdotcom]

We use openvz. We have tons of users using openvpn, there is no issue with OpenVZ that we're aware of.

[jonto]

Has anyone been able to get OpenVPN working?

[farcaller]

yeah, I have it up and running on OpenVZ node

[jonto]

Quote:

Originally Posted by farcaller

yeah, I have it up and running on OpenVZ node

What level account? Do you think it would run on a level 1 account?

[farcaller]

Link-4. Not sure about link-1, but it does not eat lots of ram

[charles]

I run openvpn successfully, running on a level 4 w/xen. I use encrypted tunnels, and have several users running VPNs simultaneously. Each client is identified by its own key, built using easyrsa. I have not tried a linux client, but I see no reason why it won't work.

Server config:

Code:

local one.of.my.IP.addresses
port 1194
proto udp
dev tun
ca easy-rsa/keys/caTHO.crt
cert easy-rsa/keys/server.crt
key easy-rsa/keys/server.key  
dh easy-rsa/keys/dh1024.pem
server 192.168.102.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS 192.168.102.1"
keepalive 10 120
comp-lzo 
status openvpn-status-1194.log
verb 3
mute 10

Client config (windows, running openvpn gui)

Code:

client
dev tun
proto udp
remote vpn.my-domain.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
cipher BF-CBC
comp-lzo
verb 3
mute 20
ca   "C:\\Program Files\\OpenVPN\\config\\caXXX.crt"
key  "C:\\Program Files\\OpenVPN\\config\\XXX.key"
cert "C:\\Program Files\\OpenVPN\\config\\XXX.crt"

For windows clients, you must install the tun interface that comes with openvpn.

I use shorewall on my server. Several configuration lines are required, each in a different file. The configuration lines are:

Code:

file masq: eth0                    192.168.102.0/24
file interfaces: vpn     tun+
file policy: vpn             all             ACCEPT
file zones: vpn     ipv4
file rules: ACCEPT          net     $FW             udp     1194

It might help to see some of the iptables lines generated by shorewall. I make no guarantee that all the necessary lines are here. In particular, the zillions of shorewall policy lines are not here, nor are the error handling lines. Do not simply copy these lines, but instead understand them and adopt them to your iptables setup.

Code:

-A POSTROUTING -o eth0 -j eth0_masq 
-A eth0_masq -s 192.168.102.0/255.255.255.0 -m policy --dir out --pol none -j MASQUERADE 
-A net2fw -p udp -m udp --dport 1194 -j ACCEPT 
-A INPUT -i tun+ -j tun_in 
-A FORWARD -i tun+ -j tun_fwd 
-A OUTPUT -o tun+ -m policy --dir out --pol none -j all2all 
-A eth0_fwd -o tun+ -m policy --dir out --pol none -j net2all 
-A tun_fwd -o eth0 -m policy --dir out --pol none -j vpn2all
-A tun_in -m policy --dir in --pol none -j vpn2all 
-A vpn2all -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A vpn2all -j ACCEPT 
-A all2all -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A all2all -j reject

The openvpn howtos are quite helpful, as was the shorewall howto in the vpslink wiki.

Regards,
Charles