I have a Linux server running openvpn inside a home network that goes through a linksys router to connect to the internet. I am ultimately trying to tunnel all internet traffic for a remote laptop through this vpn. The laptop can connect to the vpn all right and I can access resources on the host but I cannot ping or access any other hosts inside the home network (actually, the only one I tried is the router). I'm trying to get access to the other hosts to work as I imagine that's what's causing problems with getting all traffic tunneled.
Here are my configs:
Code: Select all
$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:1F:D0:D0:A8:C8
inet addr:192.168.0.105 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::21f:d0ff:fed0:a8c8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2034585 errors:0 dropped:0 overruns:0 frame:0
TX packets:2483555 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1182756629 (1.1 GiB) TX bytes:2789459716 (2.5 GiB)
Interrupt:45 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:128223 errors:0 dropped:0 overruns:0 frame:0
TX packets:128223 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:132095859 (125.9 MiB) TX bytes:132095859 (125.9 MiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1752 errors:0 dropped:0 overruns:0 frame:0
TX packets:566 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:133169 (130.0 KiB) TX bytes:58577 (57.2 KiB)
Code: Select all
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
192.168.0.0 * 255.255.255.0 U 1 0 0 eth0
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
Code: Select all
# iptables -v --list
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
230K 153M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
3 252 ACCEPT icmp -- any any anywhere anywhere
88 5560 ACCEPT all -- lo any anywhere anywhere
371 77353 ACCEPT udp -- any any anywhere 224.0.0.251 state NEW udp dpt:mdns
0 0 ACCEPT udp -- any any anywhere anywhere state NEW udp dpt:ipp
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ipp
0 0 ACCEPT udp -- any any anywhere anywhere state NEW udp dpt:ipp
234 18684 ACCEPT udp -- any any anywhere anywhere state NEW udp dpt:netbios-ns
86 20247 ACCEPT udp -- any any anywhere anywhere state NEW udp dpt:netbios-dgm
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:netbios-ssn
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:microsoft-ds
0 0 ACCEPT udp -- any any anywhere anywhere state NEW udp dpt:netbios-ns
0 0 ACCEPT udp -- any any anywhere anywhere state NEW udp dpt:netbios-dgm
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:https
34 2064 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
14 896 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:http
15 630 ACCEPT udp -- any any anywhere anywhere state NEW udp dpt:openvpn
0 0 ACCEPT udp -- any any anywhere anywhere state NEW udp dpt:8484
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:8484
372 62986 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
0 0 ACCEPT all -- tun+ any anywhere anywhere
0 0 ACCEPT all -- tap+ any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5162 341K REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
0 0 ACCEPT all -- tun+ any anywhere anywhere
0 0 ACCEPT all -- tap+ any anywhere anywhere
Chain OUTPUT (policy ACCEPT 157K packets, 166M bytes)
pkts bytes target prot opt in out source destination
Code: Select all
# iptables -t nat -v --list
Chain PREROUTING (policy ACCEPT 4180 packets, 322K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 617 packets, 45360 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 616 packets, 45320 bytes)
pkts bytes target prot opt in out source destination
1 40 MASQUERADE all -- any eth0 10.8.0.0/24 anywhere IP Forward
Code: Select all
# cat /proc/sys/net/ipv4/ip_forward
1
server.conf
Code: Select all
port 1194
proto udp
dev tun
ca easy_rsa/keys/ca.crt
cert easy_rsa/keys/server.crt
key easy_rsa/keys/server.key # This file should be kept secret
dh easy_rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway def1" # bypass-dhcp"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
Router
LAN IP: 192.168.0.1
Port 1194 UDP is forwarded to 192.168.0.105
Static routing:
Destination LAN IP: 10.8.0.0
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.5
Interface: LAN & Wireless
client.conf
Code: Select all
client
dev tun
proto udp
remote hidden.domain.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/cluster1.crt
key /etc/openvpn/keys/cluster1.key
ns-cert-type server
comp-lzo
verb 3
