Problem with Routing

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
AndrewXM
OpenVpn Newbie
Posts: 7
Joined: Mon May 16, 2011 5:10 am

Problem with Routing

Post by AndrewXM » Mon May 16, 2011 5:17 am

Hello,
I am having a problem getting OpenVPN working.
It was formerly working, so I suspect that my current system is not far off..

Server Config:

Code: Select all

local 0.0.0.0
port 1194
proto udp
;dev tap0
dev tun
ca   /etc/openvpn/keys/01.pem
cert /etc/openvpn/keys/xxxx.crt
key  /etc/openvpn/keys/xxxxx.key
dh   /etc/openvpn/keys/dh1024.pem
tls-server
plugin /usr/lib/openvpn/openvpn-auth-pam.so login

cipher AES-256-CBC
client-to-client

comp-lzo
server 10.8.1.0 255.255.255.0
duplicate-cn

keepalive 30 120
max-clients 100

;group nobody
persist-key
persist-tun
log    /var/log/openvpn/server.log
status /var/log/openvpn/server-status.log
verb 4
mute 20
client-cert-not-required
username-as-common-name
push "redirect-gateway def1"
push "dhcp-option DNS xxx.xxx.xxx.xxx"
Client Config:

Code: Select all

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
cipher AES-256-CBC
ca /home/user/.vpn/ca.crt
comp-lzo
verb 4
auth-user-pass
The server and client can ping each other on the 10.8.1.x subnet, but the clients cannot access the Internet.

The error I have been getting is: "MULTI: bad source address from client [172.16.xx.xx] packet dropped"

Serverwise, the network configuration is:

eth0 <- Internal network (disregard this)
eth1 <- main Internet interface, assigned via DHCP by upstream provider.


The client is on OpenVPN 2.1.1, whereas the Server is on 2.1.0.

Thanks.
Top
User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:
Contact janjust

Re: Problem with Routing

Post by janjust » Mon May 16, 2011 6:08 am

The error I have been getting is: "MULTI: bad source address from client [172.16.xx.xx] packet dropped"
this warning/error is usually not the reason you cannot access the internet via a VPN tunnel; it is caused by some LAN client 172.16.xx.xx sending packets to the VPN server, which the server did not expect - hence the warning; is 'xx.xx' the LAN IP address of the VPN client itself or some other host on the client-side LAN?

as for browsing: try adding

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -I POSTROUTING -o eth1 -j MASQUERADE
this will make all traffic appear as if it is coming from the VPN server itself. If this works then update the appropriate 'ip_forward' line in /etc/sysctl.conf and update your iptables config file to make sure these settings survive a reboot.
Top
Post Reply

Return to “Configuration”