[Solved] openvpn server iptables help
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Thu May 18, 2017 8:39 am
[Solved] openvpn server iptables help
eth0 Link encap:Ethernet HWaddr FA:16:3E:53:95:61
inet addr:10.192.27.90 Bcast:10.192.27.255 Mask:255.255.252.0
inet6 addr: fe80::f816:3eff:fe53:9561/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:463945 errors:0 dropped:0 overruns:0 frame:0
TX packets:221907 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:386633687 (368.7 MiB) TX bytes:24179656 (23.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:434 errors:0 dropped:0 overruns:0 frame:0
TX packets:434 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:267511 (261.2 KiB) TX bytes:267511 (261.2 KiB)
lo:1 Link encap:Local Loopback
inet addr:192.169.xx.xx Mask:255.255.255.255
UP LOOPBACK RUNNING MTU:65536 Metric:1
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.200.1 P-t-P:192.168.200.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:861 errors:0 dropped:0 overruns:0 frame:0
TX packets:80 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:59380 (57.9 KiB) TX bytes:6576 (6.4 KiB)
192.168.200.2 dev tun0 proto kernel scope link src 192.168.200.1
192.168.200.0/24 via 192.168.200.2 dev tun0
10.192.24.0/22 dev eth0 proto kernel scope link src 10.192.27.90
169.254.0.0/16 dev eth0 scope link metric 1002
default via 10.192.27.254 dev eth0 proto static src 192.169.xx.xx metric 1024
server "
port 1337
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
server 192.168.200.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
duplicate-cn
keepalive 20 60
comp-lzo
persist-key
persist-tun
daemon
log-append /var/log/myvpn/openvpn.log
verb 3
client:
client
dev tun 5
proto udp
#Server IP and Port
remote 192.169.177.76 1337
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo
issues i can connect however i can not ping the server side of the tunnel from what i read it's ok. i can ping the servers tun0 address with out issue however my issue is getting the traffic from the client to the server out to the net and back i have tried 100 different nat setup.
this is the one i am using now
iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o eth0 -j MASQUERADE
it dose not work for anything but trace route and very bad at trace :
traceroute to googel.com (216.58.197.228), 30 hops max, 60 byte packets
1 192.168.200.1 (192.168.200.1) 247.680 ms 247.425 ms 247.240 ms
2 * * *
3 10.240.1.136 (10.240.1.136) 247.819 ms 10.240.0.136 (10.240.0.136) 247.243 ms 10.240.1.136 (10.240.1.136) 247.794 ms
4 10.240.10.128 (10.240.10.128) 247.327 ms 10.240.10.4 (10.240.10.4) 247.418 ms 10.240.11.132 (10.240.11.132) 247.272 ms
5 * * *
6 10.240.12.50 (10.240.12.50) 247.440 ms * *
7 10.240.12.50 (10.240.12.50) 163.407 ms ip-97-74-253-122.ip.secureserver.net (97.74.253.122) 174.362 ms 10.240.12.50 (10.240.12.50) 162.863 ms
8 ip-97-74-253-122.ip.secureserver.net (97.74.253.122) 174.195 ms 173.627 ms 173.212 ms
9 ip-97-74-253-122.ip.secureserver.net (97.74.253.122) 173.474 ms 173.093 ms 166.417 ms
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
i think the issue is something with the loopback address being public but i am un-sure its a godaddy cloud server
anything would be wonderful
on a side note the server is centos 6.5.
the client works fine with other openvpn server so i do not think it is the issue
inet addr:10.192.27.90 Bcast:10.192.27.255 Mask:255.255.252.0
inet6 addr: fe80::f816:3eff:fe53:9561/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:463945 errors:0 dropped:0 overruns:0 frame:0
TX packets:221907 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:386633687 (368.7 MiB) TX bytes:24179656 (23.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:434 errors:0 dropped:0 overruns:0 frame:0
TX packets:434 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:267511 (261.2 KiB) TX bytes:267511 (261.2 KiB)
lo:1 Link encap:Local Loopback
inet addr:192.169.xx.xx Mask:255.255.255.255
UP LOOPBACK RUNNING MTU:65536 Metric:1
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.200.1 P-t-P:192.168.200.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:861 errors:0 dropped:0 overruns:0 frame:0
TX packets:80 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:59380 (57.9 KiB) TX bytes:6576 (6.4 KiB)
192.168.200.2 dev tun0 proto kernel scope link src 192.168.200.1
192.168.200.0/24 via 192.168.200.2 dev tun0
10.192.24.0/22 dev eth0 proto kernel scope link src 10.192.27.90
169.254.0.0/16 dev eth0 scope link metric 1002
default via 10.192.27.254 dev eth0 proto static src 192.169.xx.xx metric 1024
server "
port 1337
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
server 192.168.200.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
duplicate-cn
keepalive 20 60
comp-lzo
persist-key
persist-tun
daemon
log-append /var/log/myvpn/openvpn.log
verb 3
client:
client
dev tun 5
proto udp
#Server IP and Port
remote 192.169.177.76 1337
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo
issues i can connect however i can not ping the server side of the tunnel from what i read it's ok. i can ping the servers tun0 address with out issue however my issue is getting the traffic from the client to the server out to the net and back i have tried 100 different nat setup.
this is the one i am using now
iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o eth0 -j MASQUERADE
it dose not work for anything but trace route and very bad at trace :
traceroute to googel.com (216.58.197.228), 30 hops max, 60 byte packets
1 192.168.200.1 (192.168.200.1) 247.680 ms 247.425 ms 247.240 ms
2 * * *
3 10.240.1.136 (10.240.1.136) 247.819 ms 10.240.0.136 (10.240.0.136) 247.243 ms 10.240.1.136 (10.240.1.136) 247.794 ms
4 10.240.10.128 (10.240.10.128) 247.327 ms 10.240.10.4 (10.240.10.4) 247.418 ms 10.240.11.132 (10.240.11.132) 247.272 ms
5 * * *
6 10.240.12.50 (10.240.12.50) 247.440 ms * *
7 10.240.12.50 (10.240.12.50) 163.407 ms ip-97-74-253-122.ip.secureserver.net (97.74.253.122) 174.362 ms 10.240.12.50 (10.240.12.50) 162.863 ms
8 ip-97-74-253-122.ip.secureserver.net (97.74.253.122) 174.195 ms 173.627 ms 173.212 ms
9 ip-97-74-253-122.ip.secureserver.net (97.74.253.122) 173.474 ms 173.093 ms 166.417 ms
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
i think the issue is something with the loopback address being public but i am un-sure its a godaddy cloud server
anything would be wonderful
on a side note the server is centos 6.5.
the client works fine with other openvpn server so i do not think it is the issue
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: openvpn server iptables help
yoshi5 wrote: i can connect however i can not ping the server side of the tunnel
-
- OpenVpn Newbie
- Posts: 4
- Joined: Thu May 18, 2017 8:39 am
Re: openvpn server iptables help
thank you for the answer however i have read and done both and still am having issues
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: openvpn server iptables help
If the server is a VPS you may need to use the right iptables rule (Use the correct VPN subnet 10.*):yoshi5 wrote:its a godaddy cloud server
Code: Select all
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 12.34.56.78 # <-- Use your OpenVPN server's real external IP here
-
- OpenVpn Newbie
- Posts: 4
- Joined: Thu May 18, 2017 8:39 am
Re: openvpn server iptables help
iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -j SNAT --to-source pubip this worked!!!!!!!! after 8 hours of googling you are the best odd noob question how do i know if its a VPS
-
- OpenVpn Newbie
- Posts: 4
- Joined: Thu May 18, 2017 8:39 am
Re: openvpn server iptables help
iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -j SNAT --to-source pubip this worked!!!!!!!! after 8 hours of googling you are the best odd noob question how do i know if its a VPS
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: openvpn server iptables help
VPS "Virtual Private Server"
-
- OpenVPN User
- Posts: 34
- Joined: Wed May 10, 2017 10:08 pm
Re: openvpn server iptables help
I am having the same type of issue. I have a client that is virtual in Azure but my server is in my home network and is physical but behind a firewall. I have tried a million different combinations of iptables and settings routes on the client, ONE time I got traffic to go through and back then with no changes it stopped working and never worked again, now for some reason NTP is the only thing going through the tunnel and back. Any suggestions Yoshi?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: openvpn server iptables help
This is not the same as a Linux VPS.MisterSurface wrote:I am having the same type of issue. I have a client that is virtual in Azure but my server is in my home network and is physical but behind a firewall
Follow ups here please:
viewtopic.php?f=6&t=24109