I am trying to set up an OpenVPN server such that all client traffic (including web-traffic) is routed through the VPN. I'm following the OpenVPN HOWTO and I've got as far as the "Routing all client traffic (including web-traffic) through the VPN" section (https://openvpn.net/index.php/open-sour ... l#redirect).
My setup is:
- OpenVPN server (BeagleBone Black (BBB) on private network IP 10.240.233.2) connected to my broadband router at home (on private network IP 10.240.233.1).
- Client (laptop running Xubuntu GNU/Linux) connected to an external network.
- Start OpenVPN server on the BBB on boot
- Connect client to VPN
- Ping OpenVPN server (10.8.0.1) from client (10.8.0.6) and vice versa
- Ping the router (10.240.233.1) from the client
- Adding the following directive to the server config file:
Code: Select all
push "route 10.240.233.0 255.255.255.0"
- Enabling IP forwarding on the OpenVPN server by editing (Here's the edit:
Code: Select all
/etc/sysctl.conf
, after which the commandCode: Select all
# Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1
yieldsCode: Select all
sudo sysctl net.ipv4.ip_forward
)Code: Select all
net.ipv4.ip_forward = 1
- Enabling tun forwarding using the following commands (from this guide: https://nikinuryadin.wordpress.com/2010 ... onnection/): and
Code: Select all
sudo iptables -A INPUT -i tun+ -j ACCEPT
Code: Select all
sudo iptables -A FORWARD -i tun+ -j ACCEPT
I added the following directives to the server config file (from the OpenVPN HOWTO):
Code: Select all
push "redirect-gateway def1"
push "dhcp-option DNS 10.240.233.1"
Code: Select all
cat /etc/resolv.conf
Code: Select all
nameserver 10.240.233.1
I then used the following command to NAT the VPN client traffic to the internet (from the OpenVPN HOWTO):
Code: Select all
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
(Yes, my connection from the OpenVPN server to the broadband router is reported by the server as
Code: Select all
eth0
Code: Select all
ifconfig
Finally, I did the following commands to save the iptables and restart the VPN (from the Niki Nuryadin guide linked above):
Code: Select all
sudo iptables-save
sudo /etc/init.d/networking restart
sudo /etc/init.d/openvpn restart
Usually, if you try to ping something that's not available (e.g. ping 192.168.7.2), you get a result like this:
PING 192.168.7.2 (192.168.7.2) 56(84) bytes of data.
and then it just hangs. However, in this case, when the client is connected to the OpenVPN server and I try to ping Google or BBC, I get no output at all.
I can't find the answer anywhere. The only clue I have is that the OpenVPN HOWTO says:
So, do I need some extra server side scripting? Or is there some other problem?[Using `push "dhcp-option DNS 10.240.233.1"] will configure Windows clients (or non-Windows clients with some extra server-side scripting) to use [10.240.233.1] as their DNS server.
Also, once I can ping websites and browse the internet, how can I check that all traffic is indeed going through the OpenVPN tunnel and not just bypassing it as it did before I took these steps?
Many thanks,
Steve
P.S. Some friends suggested the following:
- Try to ping 8.8.8.8 - this actually works while connected to the VPN which is odd!
- Traceroute -n 8.8.8.8 - gives the following: 1 - 10.8.0.1 (VPN server), 2 - 10.240.233.1 (braodband router), 3 - * * *, 4-7 - random IPs, 8 - 8.8.8.8