Results 1 to 4 of 4

Thread: openvpn server help

  1. #1
    Join Date
    Mar 2009
    Posts
    4

    Default openvpn server help

    iam rungning gentoo on vpslink3 box , and installed he latest openvpn , it could be connected , i also have the ping reply from 10.8.0.1 , after established the openvpn session, i still can shh to my server, but can't using my [openvpn client pc's] firefox to visit any site!
    gentoo servers ifconfig -a
    eth0 Link encap:Ethernet HWaddr aa:00:13:63:83:01
    inet addr:A.B.C.D Bcast:A.B.C.D Mask:255.255.255.0
    inet6 addr: fe80::a800:13ff:fe63:8301/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:53398881 errors:0 dropped:0 overruns:0 frame:0
    TX packets:17433 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:2799139909 (2.6 GiB) TX bytes:2829464 (2.6 MiB)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

    sit0 Link encap:IPv6-in-IPv4
    NOARP MTU:1480 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

    tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
    RX packets:6 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:288 (288.0 B) TX bytes:0 (0.0 B)
    openvpn server conf
    Code:
    port 1194
    proto tcp
    dev tun
    ca privatenet/ca.crt
    cert privatenet/server.crt
    key privatenet/server.key
    dh privatenet/dh1024.pem
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    keepalive 10 210
    comp-lzo
    user nobody
    group nobody
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3
    push "redirect-gateway def1"
    push "dhcp-option DNS 10.8.0.1"
    openvpn client.conf
    client
    dev tun
    proto tcp
    remote A.B.C.D 1194
    resolv-retry infinite
    persist-key
    persist-tun
    ca ca.crt
    cert client.crt
    key client.key
    comp-lzo
    verb 3
    err....
    my network , my adsl running the dhcp server, it's dafault ip 10.0.0.138 , my buffalo wireless router, (i flashed it into a tomato firmware), running the dhcp server it' s dafult ip is 192.168.1.1 and i use it to dial my pppoe username and password ,which also act as default gateway to my pc! i configure my pc's netcard to auto obtain the ip and dns!

    it's like :
    pc====>buffalowirelessrouter=====>adslmodem======> internet
    Last edited by gentoome; 03-10-2009 at 12:23 PM.

  2. #2
    Join Date
    Oct 2007
    Posts
    105

    Default

    In order to route things through your slice like that, you're going to have to turn on ip forwarding and set up NAT as well.

  3. #3
    Join Date
    Mar 2009
    Posts
    4

    Default

    thx for u reply, yes, i have ip forwording enabled now
    sysctl -a | grep for
    Code:
    error: "Operation not permitted" reading key "net.ipv6.route.flush"
    error: "Operation not permitted" reading key "net.ipv4.route.flush"
    error: "Invalid argument" reading key "fs.binfmt_misc.register"
    net.ipv6.conf.default.force_mld_version = 0
    net.ipv6.conf.default.forwarding = 0
    net.ipv6.conf.all.force_mld_version = 0
    net.ipv6.conf.all.forwarding = 0
    net.ipv6.conf.eth0.force_mld_version = 0
    net.ipv6.conf.eth0.forwarding = 0
    net.ipv6.conf.lo.force_mld_version = 0
    net.ipv6.conf.lo.forwarding = 0
    net.ipv4.conf.tun0.force_igmp_version = 0
    net.ipv4.conf.tun0.mc_forwarding = 0
    net.ipv4.conf.tun0.forwarding = 1
    net.ipv4.conf.eth0.force_igmp_version = 0
    net.ipv4.conf.eth0.mc_forwarding = 0
    net.ipv4.conf.eth0.forwarding = 1
    net.ipv4.conf.lo.force_igmp_version = 0
    net.ipv4.conf.lo.mc_forwarding = 0
    net.ipv4.conf.lo.forwarding = 1
    net.ipv4.conf.default.force_igmp_version = 0
    net.ipv4.conf.default.mc_forwarding = 0
    net.ipv4.conf.default.forwarding = 1
    net.ipv4.conf.all.force_igmp_version = 0
    net.ipv4.conf.all.mc_forwarding = 0
    net.ipv4.conf.all.forwarding = 1
    net.ipv4.ip_forward = 1
    but i am a little comfused about nat , my vps have not enabled the iptables, and do u mean to setup my vpn cilent pc's nat?

  4. #4
    Join Date
    Oct 2007
    Location
    UK
    Posts
    129

    Default

    Setting up NAT means setting up IP masquerading on the VPN server. The easiest way to do this is using iptables, or one of the iptables frontends such as shorewall. There is nothing you can do on your client to solve the problem, other than using public IP addresses for your VPN (and I would be astonished if you have such addresses available).

    Turning on ip forwarding by itself won't help, because no router downstream of your VPS will forward a private IP address. You *must* use NAT/masquerade on the server. Please note that there are many ways to hose a machine if you get the NAT setup wrong, so I advise you to use a front-end (again, such as shorewall) that will back out the changes if connectivity is lost.
    Charles Haley
    www.haleys.eu/chaley

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •