Routing/firewall Issue or a more fundamental problem?

[00matt]

Hi, I have a working installation of OpenVPN which allows me to ping other computers on the VPN and access their services. I am now trying to implement redirect-gateway so I can forward my internet traffic through the OpenVPN server while I'm using an unsecured, public Wi-fi network, for example. I feel the problem might be related to firewall/routing, but before I dive into posting configs etc, I am hoping someone can tell me if my particular network setup will even allow me to do what I want. My network is show below:

Code: Select all

     compC
  (external)
      |
   internet
      |
    router
    |    |
compA    |
         |
       compB
    (vpn server)

Is it feasible/possible to forward internet traffic from compC through compB when there is a home router in between? The router is already set to do port forwarding (I can access the VPN remotely without problems).

[maikcat]

hi there,

>Is it feasible/possible to forward internet traffic from compC through compB when there is a home router in between?

yes you can push redirect gateway parameter to the client...

but, do you really want to pass *ALL* traffic through your vpn or for http traffic only?
if the second you can use a proxy (on the vpn side) and set your browser to use it.

cheers,

Michael.

[00matt]

I already use Putty and SSH as a proxy for http traffic, but I want something that will work more easily with other applications. I also want to access services on my lan in a secure manner, so I figured a VPN would allow all that at once.

Everything on the VPN works fine but I cannot access the internet at all. I can ping systems on the VPN, but if I try to ping a website address, for example, it says "ping: sendmsg: Operation not permitted". I am testing all this from compA (also inside the lan) - does that make a difference?

Here is my openvpn.conf on the server (compB):

Code: Select all

local 10.0.0.30   # Lan is on 10.0.0.0/24
port 11194        # custom port
proto udp
dev tun
ca privnet/ca.crt
cert privnet/server.crt
key privnet/server.key
dh privnet/dh1024.pem
server 10.0.10.0 255.255.255.0
push "route 10.0.10.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 10.0.10.1"
ifconfig-pool-persist ipp.txt
keepalive 10 120
max-clients 10
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 4

Are there any problems with this config? If not, it must be a firewall/routing issue? I have verified that ipv4 forwarding is enabled and I have been reading tutorials regarding setting up my firewall (shorwall) for OpenVPN, but I've had no luck.

[00matt]

I think I have it working now. I believe the problem was the firewall on the client (compA). I thought I had disabled it for testing, but some rules remained. I still need to test everything from a computer external to my LAN, but I think it will work.

[maikcat]

hi there,

from your server config remove

push "route 10.0.10.0 255.255.255.0"


>I am testing all this from compA (also inside the lan) - does that make a difference?

in case you pushing routes ,yes its makes...

i noticed you run your server in *nix , i hope you setup iptables (if you using them) accordingly.

test your setup and feel free to ask help..

cheers,

michael.