Sharing openvpn connection over Ethernet..

[apn3a]

Hi,

so i have successfully setup an openvpn server on my Linux Vps server. i am able to connect trough my computer (win 7 64) to the vpn, and browse everywhere.

My problem is the following: if i connect my tv or any other ethernet device (e.g. my laptop,) and share my internet connection (either via Internet Connection sharing or Network Bridging Wi-Fi and the LAN device connected,) my tv or the laptop won't connect to the internet. My main pc works totally fine, showing the ip of my Linux server.

If i disconnect the vpn, both the tv and my laptop get a connection.

I assume this has to do with iptables and nat on my Linux server. But i can't figure this out.. Is anyone willing to help me?

All i am trying to do is this: any device that connects to my pc via ethernet, i want to be able to use the VPN connection; that is, my main internet connection must route through vpn for all connections and devices that go through my pc.

I would appreciate any guidance here..

[maikcat]

hi there,

please post configs,ip tables output for start...

Michael.

[janjust]

on which host are you sharing/bridging the internet connection? on the win7 box? then which adapters are bridged/shared?
ICS on Win7 effectively causes Win7 to become a local DHCP server with masquerading - your TV or laptop needs to be assigned an address from the Win7 PC as otherwise this won't work. With bridging you'll run into similar (yet subtly different) issues.

[apn3a]

This is my server.conf:

local xxx.xxx.xxx.xxx
port 1194
proto tcp
dev tun
ca /keys/ca.crt
cert /keys/server.crt
key /keys/server.key # This file should be kept secret
dh /keys/dh1024.pem
server 192.168.2.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
route 192.168.1.0 255.255.255.0 #or 192.168.137.0 when using ICS
push "redirect-gateway def1"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3

I also have a client1 file inside the ccd folder which has the following command:

iroute 192.168.1.0 255.255.255.0 #or 192.168.137.0 when using ICS

This is the client.conf (opvpn)

client
dev tun
proto tcp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
comp-lzo
verb 3

I have a PC that runs Win 7 64 and is connected to the internet via Wi-Fi. What i try to do is to have that pc connected to the VPN and share its Wi-Fi internet connection to the Ethernet either by Bridging Wi-Fi & LAN (only the device i connect to the pc, not the VPN LAN) or through ICS.

If i bridge Wi-Fi and LAN, Windows automatically creates a 192.168.1.0/24 subnet. If I share Wi-Fi over Ethernet via ICS, i use a 192.168.137.0/24 subnet. Both TV/or laptop are assigned on that subnet. When vpn is off, they have access to the internet.. When on, they don't..

Oh, and my router configuration is on a 192.168.1.0/24 subnet with a 192.168.1.254 gateway.

[janjust]

can you try bridging the ethernet + tap-win32 adapter? that way all clients from the LAN should automatically become part of the VPN.

[apn3a]

can you try bridging the ethernet + tap-win32 adapter? that way all clients from the LAN should automatically become part of the VPN.

okay i cant believe it was that.. i feel such a noob. this was the only thing i didnt try. it seems to work, though the internet connection speed is approx 1mbps. is there anything i can do to improve it?