Really need some help setting up OpenVPN through webmin

[hamdiya]

Hi all,

I recently got the Link-1 VPS for setting up a VPN to act as a proxy. I'm almost completely new to linux and so far i think i've managed to do well reading up on how to use it. Up until now, ive installed openvpn through ssh and tried to manually confiure it....it wasn't pretty. Ended up having to reinstall the OS. I later discovered webmin, a godsend! Aftering figuring out how to load the OpenVPN module, i started playing with it but i'm really stuck here! There's so much terminology i'm not familar with that actually making things work by myself would put me down in history books!

Basically i need to setup a VPN connection between my VPS and my home computer running windows so that all internet traffic is routed through my VPS. can anyone please help me out? i can give temp access to the webmin interface if someone can do this for me please.

MUCH appreciated!

[DanL@VPSLink]

The OpenVPN HowTo provides specific, step-by-step instructions for OpenVPN configuration, so it would be an ideal place to start.

There may be alternate options (like an SSH tunnel), though, depending upon how you plan to use your VPS. Can you provide some background on how you plan to use your VPS?

[hamdiya]

Hi,

Thanks for your prompt reply. I took your advice and followed the mini howto and now i've got a vpn connection! My next step is to route all my internet traffic through it. There is a section on this in the full howto but i am getting errors when i follow it. I'm sure i'm supposed to change something so that it's specific to my VPS hardware but like i mentioned earlier, i'm quite new to linux.

There is a section which describes what i want done, but since i can't post any links, it's in the main howto under the heading "Routing all client traffic (including web-traffic) through the VPN"

When i try to execute

Code:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

i get an error

Code:

iptables: No chain/target/match by that name

Any ideas?

This is my server's config file

Code:

dev tun
ifconfig 10.8.0.1 10.8.0.2
push "redirect-gateway def1"
secret static.key

Much appreciated

[GuyPatterson]

Quote:

Originally Posted by hamdiya

When i try to execute

Code:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

i get an error

Code:

iptables: No chain/target/match by that name

Any ideas?

Unless I'm mistaken, "eth0" doesn't exist on your VPS. I'm using OpenVZ and have venet0...

[hamdiya]

I tried putting venet0 instead but it still gave me the same error. I double checked the network adapter's name using ifconfig and it was correct.

Could it be i've not configured openvpn correctly? (my server's config file is in my first post)

[Defenestrator]

It's not an openvpn error, it's an iptables error. My guess would be that perhaps the iptables_nat module isn't loaded. This might require a ticket of some sort to get that changed, I'm not sure.

[GuyPatterson]

Quote:

Originally Posted by Defenestrator

it's an iptables error. My guess would be that perhaps the iptables_nat module isn't loaded. This might require a ticket of some sort to get that changed, I'm not sure.

Defenstrator,

Good call - I have to agree.

If the VPS is on an OpenVZ host, you may not have the option to enable that particular module. My understanding of how Xen works is that you would have this option. Either way, a support request should provide an official answer.

[hamdiya]

Hey guys,

I contacted support and they confirmed that the ipt_MASQUERADE module is not supported on OpenVZ. They said to try SNAT and i did but no go I get a vpn connection but my internet traffic is still not routing through the server (using an IP check). Mind you i could be using SNAT incorrectly (iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to 10.8.0.0)

At the moment i'm going to stick with tinyproxy. It seems to work well for http traffic but that's it. It doesn't help with hulu.com either. I can't watch videos on it.

I still want to use the VPN method as it enables proxying on all internet traffic. If someone has any other ideas i'd appreciate it!

Thanks

[The Universes]

Just use a SSH socks proxy to proxy your web traffic. Obviously thats really only good for a limited amount of applications, but if your really just looking to browse the web, that will do it.

Quote:

ssh -D 1234 user@remote

Then set your browser to use the socks proxy on 127.0.0.1:1234.

[userlame]

Quote:

Originally Posted by hamdiya

Mind you i could be using SNAT incorrectly (iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to 10.8.0.0)

Yup, you are using this incorrectly. You want to use:

Code:

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to YOUR_PUBLIC_IP

YOUR_PUBLIC_IP should be replaced with the public IP of your VPS. Also, I changed your "venet0" to "eth0" because I believe you said earlier that was the correct device. Make sure you're using the correct one, whichever it is.