For testing purposes before try it on my vps, I am working on vmware workstation with bridge mode networking and I am trying to connect to vpn using windows 7+openvpn client.
Centos IP Address: 10.10.10.59
OpenVPN IP range (default): 10.8.0.0/24
Network Gateway: 10.10.10.245
The problem is in routing.
Please I really need your help. I am trying to figure out what is the problem 3 days now.
The steps I followed:
> I added epel repository to install openvpn and easy-rsa
> I copied server.conf file from samples
> I have enabled push "redirect-gateway def1 bypass-dhcp" in /etc/openvpn/server.conf
> I have changed dhcp options push "dhcp-option DNS 8.8.8.8" and push "dhcp-option DNS 8.8.4.4" in /etc/openvpn/server.conf
>I generated keys and certificates
> I configured vars etc
> I generated diffie hellman keys
> I have edited /etc/openvpn/server.conf file to fix paths for dh key, ca.crt, server.crt and server.key
> I have built keys for client (./build-key client)
> I have enabled ip forwarding nano –w /etc/sysctl.conf to change net.ipv4.ip_forward = 1 and then sysctl -p
> I have also executed echo 1 > /proc/sys/net/ipv4/ip_forward
> I have added openvpn as a service 1) chkconfig --add openvpn 2) chkconfig openvpn on 3) service openvpn start
iptables (I tried various rules). The last rules I used:
>>iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
>>iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
>>iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
>>iptables -A INPUT -p udp --dport 1194 -j ACCEPT
>>iptables -A INPUT -i tun+ -j ACCEPT
>>iptables -A FORWARD -i tun+ -j ACCEPT
>>iptables -A OUTPUT -m state --state NEW -o eth0 -j ACCEPT
>>iptables -A FORWARD -m state --state NEW -o eth0 -j ACCEPT
>>iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>>iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT
>>iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
>>iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
>>iptables -A OUTPUT -o tun+ -j ACCEPT
>>service iptables save
>>service iptables restart
I don't know how and if I should edit routing table.
Current routing table values:
Code: Select all
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 10.10.10.245 0.0.0.0 UG 0 0 0 eth0
Code: Select all
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
verb 3
Code: Select all
client
dev tun
proto udp
remote 10.10.10.59 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
comp-lzo
verb 3
I use device tun.
Code: Select all
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:349 errors:0 dropped:0 overruns:0 frame:0
TX packets:164 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:20751 (20.2 KiB) TX bytes:14236 (13.9 KiB)