[Solved] openvpn server iptables help

[yoshi5]

eth0 Link encap:Ethernet HWaddr FA:16:3E:53:95:61
inet addr:10.192.27.90 Bcast:10.192.27.255 Mask:255.255.252.0
inet6 addr: fe80::f816:3eff:fe53:9561/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:463945 errors:0 dropped:0 overruns:0 frame:0
TX packets:221907 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:386633687 (368.7 MiB) TX bytes:24179656 (23.0 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:434 errors:0 dropped:0 overruns:0 frame:0
TX packets:434 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:267511 (261.2 KiB) TX bytes:267511 (261.2 KiB)

lo:1 Link encap:Local Loopback
inet addr:192.169.xx.xx Mask:255.255.255.255
UP LOOPBACK RUNNING MTU:65536 Metric:1

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.200.1 P-t-P:192.168.200.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:861 errors:0 dropped:0 overruns:0 frame:0
TX packets:80 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:59380 (57.9 KiB) TX bytes:6576 (6.4 KiB)

192.168.200.2 dev tun0 proto kernel scope link src 192.168.200.1
192.168.200.0/24 via 192.168.200.2 dev tun0
10.192.24.0/22 dev eth0 proto kernel scope link src 10.192.27.90
169.254.0.0/16 dev eth0 scope link metric 1002
default via 10.192.27.254 dev eth0 proto static src 192.169.xx.xx metric 1024

server "
port 1337
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
server 192.168.200.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
duplicate-cn
keepalive 20 60
comp-lzo
persist-key
persist-tun
daemon
log-append /var/log/myvpn/openvpn.log
verb 3

client:
client
dev tun 5
proto udp
#Server IP and Port
remote 192.169.177.76 1337
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo

issues i can connect however i can not ping the server side of the tunnel from what i read it's ok. i can ping the servers tun0 address with out issue however my issue is getting the traffic from the client to the server out to the net and back i have tried 100 different nat setup.
this is the one i am using now
iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o eth0 -j MASQUERADE

it dose not work for anything but trace route and very bad at trace :
traceroute to googel.com (216.58.197.228), 30 hops max, 60 byte packets
1 192.168.200.1 (192.168.200.1) 247.680 ms 247.425 ms 247.240 ms
2 * * *
3 10.240.1.136 (10.240.1.136) 247.819 ms 10.240.0.136 (10.240.0.136) 247.243 ms 10.240.1.136 (10.240.1.136) 247.794 ms
4 10.240.10.128 (10.240.10.128) 247.327 ms 10.240.10.4 (10.240.10.4) 247.418 ms 10.240.11.132 (10.240.11.132) 247.272 ms
5 * * *
6 10.240.12.50 (10.240.12.50) 247.440 ms * *
7 10.240.12.50 (10.240.12.50) 163.407 ms ip-97-74-253-122.ip.secureserver.net (97.74.253.122) 174.362 ms 10.240.12.50 (10.240.12.50) 162.863 ms
8 ip-97-74-253-122.ip.secureserver.net (97.74.253.122) 174.195 ms 173.627 ms 173.212 ms
9 ip-97-74-253-122.ip.secureserver.net (97.74.253.122) 173.474 ms 173.093 ms 166.417 ms
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *

i think the issue is something with the loopback address being public but i am un-sure its a godaddy cloud server

anything would be wonderful

on a side note the server is centos 6.5.
the client works fine with other openvpn server so i do not think it is the issue

[TinCanTech]

i can connect however i can not ping the server side of the tunnel

• HOWTO: Expanding the scope of the VPN to include additional machines
• HOWTO: Routing all client traffic (including web-traffic) through the VPN

[yoshi5]

thank you for the answer however i have read and done both and still am having issues

[TinCanTech]

its a godaddy cloud server

If the server is a VPS you may need to use the right iptables rule (Use the correct VPN subnet 10.*):

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 12.34.56.78   # <-- Use your OpenVPN server's real external IP here

[yoshi5]

iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -j SNAT --to-source pubip this worked!!!!!!!! after 8 hours of googling you are the best odd noob question how do i know if its a VPS

[yoshi5]

iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -j SNAT --to-source pubip this worked!!!!!!!! after 8 hours of googling you are the best odd noob question how do i know if its a VPS

[TinCanTech]

VPS "Virtual Private Server"

[MisterSurface]

I am having the same type of issue. I have a client that is virtual in Azure but my server is in my home network and is physical but behind a firewall. I have tried a million different combinations of iptables and settings routes on the client, ONE time I got traffic to go through and back then with no changes it stopped working and never worked again, now for some reason NTP is the only thing going through the tunnel and back. Any suggestions Yoshi?

[TinCanTech]

I am having the same type of issue. I have a client that is virtual in Azure but my server is in my home network and is physical but behind a firewall

This is not the same as a Linux VPS.

Follow ups here please:
viewtopic.php?f=6&t=24109