Forwarding Fail [I've searched, read, googled, tried....]

[blankaccount]

OpenVPN Not Forwarding / Check My Work
I've got my server and client to connect, but the server is not forwarding traffic through to the Internet. I've done lots of Google work and (I think) have implemented every "fix" that seems common for this problem.

1. I've added
Code:
push "redirect-gateway def1"
to my server.conf file.

2. I've edited /etc/sysctl.conf to include

net.ipv4.ip_forward=1

3. I inputed

echo 1 > /proc/sys/net/ipv4/ip_forward

4. I configred iptables thusly:

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

and then added it to /etc/rc.local and made the script executable to run on startup


5. I installed dnsmasque and added

push "dhcp-option DNS 10.8.0.1"

to server.conf

I then started the server and clients with sudo openvpn server.conf / client.conf

This is the output from client.conf

http://pastebin.com/VESaLCG8

And the output from server.conf

http://pastebin.com/nS2RzcTD


My client.conf file

http://pastebin.com/zHuEW9R6

And my server.conf file

http://pastebin.com/cb236WuL

I tried uncommented the DNS push and inputing the IP directly to avoid lookup, but nothing. I also deleted all but the last entry in the iptables, as that seems to be the most common entry.

If some knowledgeable folk could look all this over for me and give me an idea what the hell I'm doing wrong, I'd greatly appreciate it.

[blankaccount]

Bumping this for a request:

There seems to be several very knowledgeable people answering on this forum, but I've received nothing. Is this due to the nature of the question, or a general lack of interest in answering yet another n00b configuration thread?

If I could get some feedback (i.e., I looked at your problem and have no idea how to fix it. Or: Dude, this question has been answered dozens of time, etc.) Anything that would help get me pointed in the right direction. I've posted this in another, Linux oriented forum, and have had the same no reply result.

Thanks.

[janjust]

hi,

steps 1-3 and 5 look fine.
for step 4 I'd use

Code: Select all

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -o tun+ -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

or for debugging purposes I'd disable iptables altogether and only add

Code: Select all

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

after that, I'd verify that a traceroute goes via the VPN, e.g. on the VPN client do a

Code: Select all

traceroute -n 8.8.8.8

or

Code: Select all

tracert -d 8.8.8.8

the first hop should be the VPN server IP.

Finally, I'd try to get DNS working, but let's first get IP forwarding working.


PS the people responding to this forum do so on a voluntary basis; personally I track this forum quite often, but sometimes a posting does slip by me; that has little to do with "don't want to answer" or "RTFM" , you're just out of luck. I guess the same holds for some of the other technical people on this list. Bumping it up like you did is a much better way to raise my attention then sending me private messages, which other people have also tried - in general, that does NOT work.

[maikcat]

hi there,

i have one stupid question to make...

are you testing your setup with both pcs on the SAME ip subnet?

please remove comments from your configs and post them here..

please post more info (ips etc) for your setup.

Michael