VPN server works, no internet connection

SirJackson · Post by **SirJackson** » Sun Jan 11, 2015 1:41 pm

Hi all,

Really hope somebody can help me out here. Can’t seem to find the solution in this forum/anywhere. I’ve got a VPS on which I would like to run OpenVPN. I’ve got OpenVPN installed, Tunnelblick installed on my MBP, Tunnelblick is set to route all traffic through the VPN and that connecting to my VPS works like a charm! What doesn’t seem to work is the routing, I don’t have an internet connection. I know the VPS has a working internet connection (I can ping almighty google from the VPS command line) I’ve used the following guide:
https://community.openvpn.net/openvpn/w ... AndRouting

1. I’ve set net.ipv4.ip_forward = 1
2. Added all the iptables rules displayed in the guide
3. No succes…

All is down to me not having any experience with this…
Probably I don’t understand a thing of the interfaces present and routing rules…

Can somebody help me out here?
Recap; goal is to connect to the internet over the VPN. My ifconfig:

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:208944 errors:0 dropped:0 overruns:0 frame:0
TX packets:208944 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:24929507 (24.9 MB) TX bytes:24929507 (24.9 MB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:5634 errors:0 dropped:0 overruns:0 frame:0
TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:680407 (680.4 KB) TX bytes:1452 (1.4 KB)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
inet6 addr: 2001:41d0:52:a00::fe9/56 Scope:Global
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:2160515 errors:0 dropped:0 overruns:0 frame:0
TX packets:2256522 errors:0 dropped:5601 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:163075904 (163.0 MB) TX bytes:221121106 (221.1 MB)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:x.xxx.xx.xxx P-t-P:x.xxx.xx.xxx Bcast:x.xxx.xx.xxx Mask:255.255.255.0
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

Iptables is currently empty.

What rules should I put in to get this working?
Any help is much appreciated!!

Thanks.

Post by **maikcat** » Sun Jan 11, 2015 2:25 pm

your vps is VZ based container,

please post the exact NAT rule you used

Michael.

SirJackson · Post by **SirJackson** » Sun Jan 11, 2015 2:47 pm

I've used many rules, combined so much that I'm pretty sure I created some pretty stupid configs.
Last used:

iptables -I FORWARD -i tun0 -o lo \
-s 10.8.0.0/24 \
-m conntrack --ctstate NEW -j ACCEPT

iptables -t nat -I POSTROUTING -o venet1 \
-s 10.8.0.0/24 -j MASQUERADE

iptables -I FORWARD -i venet0 -o venet0:0 \
-s 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT

iptables -I FORWARD -i tun0 -o venet0:0 \
-s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT

iptables -I FORWARD -i tun0 -o venet0:0 \
-s 10.8.0.0/24 -d 192.168.0.0/24 \
-m conntrack --ctstate NEW -j ACCEPT\

SirJackson · Post by **SirJackson** » Sun Jan 11, 2015 2:59 pm

Seems my reply didn't make it. I've used several rules and probably created a mess. Last config used:

iptables -I FORWARD -i tun0 -o lo \
-s 10.8.0.0/24 \
-m conntrack --ctstate NEW -j ACCEPT

iptables -t nat -I POSTROUTING -o venet1 \
-s 10.8.0.0/24 -j MASQUERADE

iptables -I FORWARD -i venet0 -o venet0:0 \
-s 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT

iptables -I FORWARD -i tun0 -o venet0:0 \
-s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT

iptables -I FORWARD -i tun0 -o venet0:0 \
-s 10.8.0.0/24 -d 192.168.0.0/24 \
-m conntrack --ctstate NEW -j ACCEPT\

Post by **maikcat** » Mon Jan 12, 2015 6:47 am

this is your NAT rule

Code: Select all

iptables -t nat -I POSTROUTING -o venet1 -s 10.8.0.0/24 -j MASQUERADE

use this format:

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 1.2.3.4

where
1.2.3.4 is openvz real ip
instead of eth0 use your vnet,
btw what is venet1 used in your NAT rule?

Michael.

Amilcar · Post by **Amilcar** » Thu Jan 27, 2022 7:12 pm

maikcat wrote: ↑
Mon Jan 12, 2015 6:47 am
this is your NAT rule
Code: Select all
iptables -t nat -I POSTROUTING -o venet1 -s 10.8.0.0/24 -j MASQUERADE
use this format:
Code: Select all
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 1.2.3.4   
where
1.2.3.4 is openvz real ip
instead of eth0 use your vnet,
btw what is venet1 used in your NAT rule?

Michael.

Thanks a lot!!
It works perfectly for me!
Could you explain to me what that command does and why it is done differently than most?

TinCanTech · Post by **TinCanTech** » Fri Jan 28, 2022 6:15 pm

When you use a VPS, iptables cannot use MASQUERADE, due to multiple VMs per physical device.

OpenVPN Support Forum

VPN server works, no internet connection

VPN server works, no internet connection

Re: VPN server works, no internet connection

Re: VPN server works, no internet connection

Re: VPN server works, no internet connection

Re: VPN server works, no internet connection

Re: VPN server works, no internet connection

Re: VPN server works, no internet connection