OpenVPN as Gateway

AdrianW · Post by **AdrianW** » Wed Sep 28, 2011 1:27 pm

Hey guys, sorry for that kinda stupid question

after setting up a fresh installation at my rootserver i´m trying to get my openvpn back working...
the connection of my clients is working but i´m unable to route the internettraffic though the vpn

i´m using the ccd´s to push the routes to the clients and this is working too.. my client is showing me
the right gateway

well, because i´ve saved my ccd´s and the server-config i´m sure its a problem of the routing at the server
if i´m remembering right i had to use 2(!) lines that the routing is working but i only remember that one

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

maybe you can help me, i´m unable to find whats missing

ah well...
echo 1 > /proc/sys/net/ipv4/ip_forward is already done

thank you very much!

greetings
Adrian

Post by **janjust** » Wed Sep 28, 2011 1:51 pm

check or post your iptables rules ('iptables -L -n -v' and 'iptables -t nat -L -n -v') and check if there's anything blocking access.

can you ping the server LAN (eth0) IP?

AdrianW · Post by **AdrianW** » Wed Sep 28, 2011 2:02 pm

hey

---------
iptables -L -n -v
Chain INPUT (policy ACCEPT 15M packets, 5015M bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 1371 packets, 79551 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 23M packets, 6089M bytes)
pkts bytes target prot opt in out source destination
---------

iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 747 packets, 74384 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 320 packets, 18701 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 62 packets, 4098 bytes)
pkts bytes target prot opt in out source destination

---------

so there is nothing blocking

my client (10.8.2.1) can ping the server at 10.8.0.1

greetings

Post by **janjust** » Wed Sep 28, 2011 2:06 pm

my client (10.8.2.1) can ping the server at 10.8.0.1

you just posted the root cause of the problem - why was the client assigned a .2 address? if this is by design then add a rule

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.2.0/24 -o eth0 -j MASQUERADE

AdrianW · Post by **AdrianW** » Wed Sep 28, 2011 2:19 pm

cant i add a rule for the whole subnet ?

my clients are getting the ip´s assigned like this :

10.8.1.1
10.8.2.1
10.8.3.1
10.8.4.1

dont ask me why i implemented it in this way, my ccd files are looking like

---
ifconfig-push 10.8.1.1 10.8.1.2 255.255.0.0
---

or (if with routing the traffic in the vpn)
---
ifconfig-push 10.8.2.1 10.8.2.2 255.255.0.0
push "redirect-gateway"
push "route-gateway 10.8.2.2"
push "dhcp-option DNS 208.67.222.222"
---

greetings

Post by **janjust** » Wed Sep 28, 2011 2:30 pm

the iptables rules I posted does just that - or you do want to add more subnets in one go?

AdrianW · Post by **AdrianW** » Wed Sep 28, 2011 2:35 pm

your rule just applies to the 10.8.2.1-254 or not ?
but some clients are getting 10.8.1.1 or 10.8.8.1

so the question is, do i have to add for them additional rules ?

greetings and thanks

Post by **Mimiko** » Wed Sep 28, 2011 3:31 pm

Make it one rule:

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -j MASQUERADE

OpenVPN Support Forum

OpenVPN as Gateway

OpenVPN as Gateway

Re: OpenVPN as Gateway

Re: OpenVPN as Gateway

Re: OpenVPN as Gateway

Re: OpenVPN as Gateway

Re: OpenVPN as Gateway

Re: OpenVPN as Gateway

Re: OpenVPN as Gateway