[resolved] Connection established, no traffic..

Menashe · Post by **Menashe** » Sun Dec 11, 2011 10:46 pm

Hi everyone, I need your help - I'm lost and don't know where else to turn...

So I have my openvpn server up and running on my VPS... have tunnelblick configured on my local machine (mac OSX Lion). I am able to connect, but have zero traffic going through... can't ping, can't do anything.

My server.config:

Code: Select all


port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 74.91.11.57 255.255.255.0"
push "dhcp-option DNS 74.91.11.57"
push "redirect-gateway def1"
topology subnet
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
verb 3

My client.conf:

Code: Select all

client
dev tun
proto udp
remote 74.91.11.57 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
verb 3

Thank you for helping, I don't know what else to do...!

Post by **Mimiko** » Mon Dec 12, 2011 7:15 am

can't ping, can't do anything.

It's mostly the firewall and iptable problem, and forwarding problem on server. Verify them.

Post by **maikcat** » Mon Dec 12, 2011 8:00 am

please post:

logs from both server/client

output of ifconfig command from client/server

output of netstat -nr from client/server

output of iptables -L from server
output of iptables -L -t nat from server

Michael.

Menashe · Post by **Menashe** » Tue Dec 13, 2011 3:11 am

maikcat wrote:please post:

logs from both server/client

Server log:

Code: Select all

Tue Dec 13 06:41:56 2011 OpenVPN 2.1.3 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Mar 11 2011
Tue Dec 13 06:41:56 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Dec 13 06:41:56 2011 Diffie-Hellman initialized with 1024 bit key
Tue Dec 13 06:41:56 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Tue Dec 13 06:41:57 2011 TLS-Auth MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Dec 13 06:41:57 2011 Socket Buffers: R=[137216->131072] S=[137216->131072]
Tue Dec 13 06:41:57 2011 TUN/TAP device tun0 opened
Tue Dec 13 06:41:57 2011 TUN/TAP TX queue length set to 100
Tue Dec 13 06:41:57 2011 /sbin/ifconfig tun0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Tue Dec 13 06:41:57 2011 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Tue Dec 13 06:41:57 2011 UDPv4 link local (bound): [undef]
Tue Dec 13 06:41:57 2011 UDPv4 link remote: [undef]
Tue Dec 13 06:41:57 2011 MULTI: multi_init called, r=256 v=256
Tue Dec 13 06:41:57 2011 IFCONFIG POOL: base=10.8.0.2 size=252
Tue Dec 13 06:41:57 2011 IFCONFIG POOL LIST
Tue Dec 13 06:41:57 2011 client1,10.8.0.4
Tue Dec 13 06:41:57 2011 Initialization Sequence Completed
Tue Dec 13 06:44:12 2011 MULTI: multi_create_instance called
Tue Dec 13 06:44:12 2011 68.146.167.247:55629 Re-using SSL/TLS context
Tue Dec 13 06:44:12 2011 68.146.167.247:55629 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Dec 13 06:44:12 2011 68.146.167.247:55629 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Tue Dec 13 06:44:12 2011 68.146.167.247:55629 Local Options hash (VER=V4): '239669a8'
Tue Dec 13 06:44:12 2011 68.146.167.247:55629 Expected Remote Options hash (VER=V4): '3514370b'
Tue Dec 13 06:44:12 2011 68.146.167.247:55629 TLS: Initial packet from [AF_INET]68.146.167.247:55629, sid=95774e2c 8deba5d1
Tue Dec 13 06:44:13 2011 68.146.167.247:55629 VERIFY OK: depth=1, /C=CA/ST=AB/L=Calgary/O=Disney/CN=Disney_CA/emailAddress=menashe@mailmetrash.com
Tue Dec 13 06:44:13 2011 68.146.167.247:55629 VERIFY OK: depth=0, /C=CA/ST=AB/L=Calgary/O=Disney/CN=client1/emailAddress=menashe@mailmetrash.com
Tue Dec 13 06:44:13 2011 68.146.167.247:55629 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Dec 13 06:44:13 2011 68.146.167.247:55629 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 13 06:44:13 2011 68.146.167.247:55629 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Dec 13 06:44:13 2011 68.146.167.247:55629 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 13 06:44:13 2011 68.146.167.247:55629 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Dec 13 06:44:13 2011 68.146.167.247:55629 [client1] Peer Connection Initiated with [AF_INET]68.146.167.247:55629
Tue Dec 13 06:44:13 2011 client1/68.146.167.247:55629 MULTI: Learn: 10.8.0.4 -> client1/68.146.167.247:55629
Tue Dec 13 06:44:13 2011 client1/68.146.167.247:55629 MULTI: primary virtual IP for client1/68.146.167.247:55629: 10.8.0.4
Tue Dec 13 06:44:15 2011 client1/68.146.167.247:55629 PUSH: Received control message: 'PUSH_REQUEST'
Tue Dec 13 06:44:15 2011 client1/68.146.167.247:55629 SENT CONTROL [client1]: 'PUSH_REPLY,route 74.91.11.57 255.255.255.0,dhcp-option DNS 74.91.11.57,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0' (status=1)
Tue Dec 13 06:44:19 2011 client1/68.146.167.247:55629 Replay-window backtrack occurred [1]
Tue Dec 13 06:44:20 2011 client1/68.146.167.247:55629 Replay-window backtrack occurred [2]
Tue Dec 13 06:44:25 2011 client1/68.146.167.247:55629 Replay-window backtrack occurred [3]

Client log:

Code: Select all

2011-12-12 19:53:20 *Tunnelblick: OS X 10.7.2; Tunnelblick 3.2beta36 (build 2871)
2011-12-12 19:53:21 *Tunnelblick: Attempting connection with config; Set nameserver = 1; monitoring connection
2011-12-12 19:53:21 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start config.ovpn 1337 1 0 0 0 49 -atDASNGWrdasngw 
2011-12-12 19:53:21 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] [eurephia] built on Nov 10 2011
2011-12-12 19:53:21 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337
2011-12-12 19:53:21 Need hold release from management interface, waiting...
2011-12-12 19:53:21 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Users/client1/Library/Application Support/Tunnelblick/Configurations --daemon --management 127.0.0.1 1337 --config /Users/client1/Library/Application Support/Tunnelblick/Configurations/config.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sclient1-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sconfig.ovpn.1_0_0_0_49.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw --up-restart
2011-12-12 19:53:22 *Tunnelblick: openvpnstart message: Loading tun.kext
2011-12-12 19:53:22 *Tunnelblick: Established communication with OpenVPN
2011-12-12 19:53:22 MANAGEMENT: Client connected from 127.0.0.1:1337
2011-12-12 19:53:22 MANAGEMENT: CMD 'pid'
2011-12-12 19:53:22 MANAGEMENT: CMD 'state on'
2011-12-12 19:53:22 MANAGEMENT: CMD 'state'
2011-12-12 19:53:22 MANAGEMENT: CMD 'hold release'
2011-12-12 19:53:22 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2011-12-12 19:53:22 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2011-12-12 19:53:22 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
2011-12-12 19:53:22 Socket Buffers: R=[42080->65536] S=[9216->65536]
2011-12-12 19:53:22 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
2011-12-12 19:53:22 Local Options hash (VER=V4): '3514370b'
2011-12-12 19:53:22 Expected Remote Options hash (VER=V4): '239669a8'
2011-12-12 19:53:22 UDPv4 link local: [undef]
2011-12-12 19:53:22 UDPv4 link remote: 74.91.11.57:1194
2011-12-12 19:53:22 MANAGEMENT: >STATE:1323744802,WAIT,,,
2011-12-12 19:53:22 MANAGEMENT: >STATE:1323744802,AUTH,,,
2011-12-12 19:53:22 TLS: Initial packet from 74.91.11.57:1194, sid=7b7369ca f643fcce
2011-12-12 19:53:23 VERIFY OK: depth=1, /C=CA/ST=AB/L=Calgary/O=Disney/CN=Disney_CA/emailAddress=menashe@mailmetrash.com
2011-12-12 19:53:23 VERIFY OK: depth=0, /C=CA/ST=AB/L=Calgary/O=Disney/CN=server/emailAddress=menashe@mailmetrash.com
2011-12-12 19:53:24 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2011-12-12 19:53:24 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2011-12-12 19:53:24 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2011-12-12 19:53:24 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2011-12-12 19:53:24 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2011-12-12 19:53:24 [server] Peer Connection Initiated with 74.91.11.57:1194
2011-12-12 19:53:25 MANAGEMENT: >STATE:1323744805,GET_CONFIG,,,
2011-12-12 19:53:26 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2011-12-12 19:53:26 PUSH: Received control message: 'PUSH_REPLY,route 74.91.11.57 255.255.255.0,dhcp-option DNS 74.91.11.57,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0'
2011-12-12 19:53:26 OPTIONS IMPORT: timers and/or timeouts modified
2011-12-12 19:53:26 OPTIONS IMPORT: --ifconfig/up options modified
2011-12-12 19:53:26 OPTIONS IMPORT: route options modified
2011-12-12 19:53:26 OPTIONS IMPORT: route-related options modified
2011-12-12 19:53:26 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2011-12-12 19:53:26 ROUTE default_gateway=192.168.0.1
2011-12-12 19:53:26 TUN/TAP device /dev/tun0 opened
2011-12-12 19:53:26 MANAGEMENT: >STATE:1323744806,ASSIGN_IP,,10.8.0.4,
2011-12-12 19:53:26 /sbin/ifconfig tun0 delete
                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2011-12-12 19:53:26 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2011-12-12 19:53:26 /sbin/ifconfig tun0 10.8.0.4 10.8.0.4 netmask 255.255.255.0 mtu 1500 up
2011-12-12 19:53:26 /sbin/route add -net 10.8.0.0 10.8.0.4 255.255.255.0
                                        add net 10.8.0.0: gateway 10.8.0.4
2011-12-12 19:53:26 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw tun0 1500 1541 10.8.0.4 255.255.255.0 init
                                          No such key
2011-12-12 19:53:29 *Tunnelblick: Flushed the DNS cache
2011-12-12 19:53:29 /sbin/route add -net 74.91.11.57 192.168.0.1 255.255.255.255
                                        add net 74.91.11.57: gateway 192.168.0.1
2011-12-12 19:53:29 /sbin/route add -net 0.0.0.0 10.8.0.1 128.0.0.0
                                        add net 0.0.0.0: gateway 10.8.0.1
2011-12-12 19:53:29 /sbin/route add -net 128.0.0.0 10.8.0.1 128.0.0.0
                                        add net 128.0.0.0: gateway 10.8.0.1
2011-12-12 19:53:29 MANAGEMENT: >STATE:1323744809,ADD_ROUTES,,,
2011-12-12 19:53:29 /sbin/route add -net 74.91.11.57 10.8.0.1 255.255.255.0
                                        add net 74.91.11.57: gateway 10.8.0.1
2011-12-12 19:53:29 Initialization Sequence Completed
2011-12-12 19:53:29 MANAGEMENT: >STATE:1323744809,CONNECTED,SUCCESS,10.8.0.4,74.91.11.57
2011-12-12 19:53:29 *Tunnelblick client.up.tunnelblick.sh: Retrieved name server(s) [ 74.91.11.57 ] and WINS server(s) [ ] and using default domain name [ openvpn ]
2011-12-12 19:53:29 *Tunnelblick client.up.tunnelblick.sh: Up to two 'No such key' warnings are normal and may be ignored
2011-12-12 19:53:29 *Tunnelblick client.up.tunnelblick.sh: Saved the DNS and WINS configurations for later use
2011-12-12 19:53:29 *Tunnelblick client.up.tunnelblick.sh: Set up to monitor system configuration with process-network-changes
2011-12-12 19:54:05 *Tunnelblick process-network-changes: A system configuration change was ignored because it was not relevant

maikcat wrote:output of ifconfig command from client/server

IFCONFIG server

Code: Select all

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:5512 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:480528 (480.5 KB)  TX bytes:0 (0.0 B)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:190419 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10789 errors:0 dropped:28603 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:16408811 (16.4 MB)  TX bytes:1680772 (1.6 MB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:74.91.11.57  P-t-P:74.91.11.57  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

venet0:1  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:74.91.11.58  P-t-P:74.91.11.58  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

IFCONFIG client

Code: Select all

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
	ether 60:fb:42:ee:cf:82 
	media: autoselect
	status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 00:26:bb:13:a7:d7 
	inet6 fe80::226:bbff:fe13:a7d7%en1 prefixlen 64 scopeid 0x5 
	inet 192.168.0.13 netmask 0xffffff00 broadcast 192.168.0.255
	media: autoselect
	status: active
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
	lladdr 60:fb:42:ff:fe:ee:cf:82 
	media: autoselect <full-duplex>
	status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
	ether 02:26:bb:13:a7:d7 
	media: autoselect
	status: inactive
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	inet 10.8.0.4 --> 10.8.0.4 netmask 0xffffff00 
	open (pid 4007)

maikcat wrote:output of netstat -nr from client/server

NETSTAT Client

Code: Select all

Routing tables

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
0/1                10.8.0.1           UGSc          102        0    tun0
default            192.168.0.1        UGSc           47        0     en1
10.8/24            10.8.0.4           UGSc          132        0    tun0
10.8.0.4           10.8.0.4           UH              1        0    tun0
74.91.11/24        10.8.0.1           UGSc            0        0    tun0
74.91.11.57/32     192.168.0.1        UGSc            1        0     en1
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH              3    35620     lo0
128.0/1            10.8.0.1           UGSc           27        0    tun0
169.254            link#5             UCS             0        0     en1
192.168.0          link#5             UCS             2        0     en1
192.168.0.1        60:2a:d0:6f:33:f   UHLWIi          2      276     en1    558
192.168.0.13       127.0.0.1          UHS             0      195     lo0
192.168.0.255      ff:ff:ff:ff:ff:ff  UHLWbI          0       18     en1

Internet6:
Destination                             Gateway                         Flags         Netif Expire
::1                                     link#1                          UHL             lo0
fe80::%lo0/64                           fe80::1%lo0                     UcI             lo0
fe80::1%lo0                             link#1                          UHLI            lo0
fe80::%en0/64                           link#4                          UCI             en0
fe80::%en1/64                           link#5                          UCI             en1
fe80::226:bbff:fe13:a7d7%en1            0:26:bb:13:a7:d7                UHLI            lo0
ff01::%lo0/32                           fe80::1%lo0                     UmCI            lo0
ff01::%en0/32                           link#4                          UmCI            en0
ff01::%en1/32                           link#5                          UmCI            en1
ff02::%lo0/32                           fe80::1%lo0                     UmCI            lo0
ff02::%en0/32                           link#4                          UmCI            en0
ff02::%en1/32                           link#5                          UmCI            en1

NETSTAT Server

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.8.0.0        0.0.0.0         255.255.255.0   U         0 0          0 tun0
0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 venet0

maikcat wrote:output of iptables -L from server

Code: Select all

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:openvpn 
ACCEPT     tcp  --  anywhere             anywhere            tcp flags:ACK/ACK 
ACCEPT     udp  --  anywhere             anywhere            udp spt:domain dpts:1024:65535 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply 
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable 
ACCEPT     icmp --  anywhere             anywhere            icmp source-quench 
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded 
ACCEPT     icmp --  anywhere             anywhere            icmp parameter-problem 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request 
ACCEPT     udp  --  anywhere             anywhere            udp dpts:33434:33523 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     all  --  10.8.0.0/24          anywhere            
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

maikcat wrote:output of iptables -L -t nat from server

Code: Select all

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

maikcat wrote:Michael.

Thanks for your help!

Post by **Mimiko** » Tue Dec 13, 2011 7:29 am

Did you enabled forwarding? http://www.openvpn.net/faq.html#ip-forward

On forwardin chain you don't have the rule to forward packets from tun adapter (10.8.0.0) to your internet adapter.
Also in PRE(POST)Routing table you don't do any masquerading.

So it is a matter of configuring linux for internet sharing. Not the problem of OpenVPN.

Menashe · Post by **Menashe** » Wed Dec 14, 2011 2:27 am

Mimiko wrote:Did you enabled forwarding? http://www.openvpn.net/faq.html#ip-forward

Yes, I did... still nothing.

Mimiko wrote:On forwardin chain you don't have the rule to forward packets from tun adapter (10.8.0.0) to your internet adapter.
Also in PRE(POST)Routing table you don't do any masquerading.

So it is a matter of configuring linux for internet sharing. Not the problem of OpenVPN.

Thanks for that... i'm still lost though. Can you help point me in the right direction?

Post by **maikcat** » Wed Dec 14, 2011 10:28 am

try to allow traffic on input chain for tun interface...

iptables -A INPUT -i tun+ -j ACCEPT

can you ping the openvpn tun interface from your client?

Michael.

Menashe · Post by **Menashe** » Sat Dec 17, 2011 3:51 pm

maikcat wrote:try to allow traffic on input chain for tun interface...

Code: Select all

iptables -A INPUT -i tun+ -j ACCEPT

Tried, doesn't work...

maikcat wrote:can you ping the openvpn tun interface from your client?

Yes, I can ping 10.8.0.1 . I'm really lost... I tried everything, spent days googling, trying and retrying...

Post by **Mimiko** » Sun Dec 18, 2011 8:53 am

Post the output of the "traceroute 8.8.8.8"

Menashe · Post by **Menashe** » Sun Dec 18, 2011 6:19 pm

Mimiko wrote:Post the output of the "traceroute 8.8.8.8"

Code: Select all

traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
 1  10.8.0.1 (10.8.0.1)  73.364 ms  70.081 ms  71.843 ms
 2  74.91.10.66 (74.91.10.66)  69.996 ms  69.217 ms  71.600 ms
 3  108.60.130.1 (108.60.130.1)  70.742 ms  69.104 ms  71.914 ms
 4  208.68.172.13 (208.68.172.13)  77.704 ms  74.295 ms  70.358 ms
 5  108.60.132.122 (108.60.132.122)  69.961 ms  78.211 ms  74.946 ms
 6  198.32.118.39 (198.32.118.39)  69.874 ms  71.861 ms  69.870 ms
 7  209.85.248.178 (209.85.248.178)  85.885 ms
    209.85.248.180 (209.85.248.180)  77.593 ms
    209.85.248.178 (209.85.248.178)  77.375 ms
 8  209.85.251.88 (209.85.251.88)  69.454 ms
    209.85.251.37 (209.85.251.37)  72.988 ms
    209.85.251.88 (209.85.251.88)  74.762 ms
 9  72.14.239.93 (72.14.239.93)  75.253 ms  85.487 ms
    209.85.249.11 (209.85.249.11)  75.722 ms
10  64.233.175.109 (64.233.175.109)  86.376 ms  78.896 ms
    72.14.236.200 (72.14.236.200)  74.879 ms
11  216.239.49.145 (216.239.49.145)  86.431 ms  81.602 ms
    72.14.232.21 (72.14.232.21)  76.381 ms
12  8.8.8.8 (8.8.8.8)  80.705 ms  78.638 ms  75.111 ms

Thank you!

Post by **Mimiko** » Sun Dec 18, 2011 6:55 pm

As I thought, you don't have a DNS on 74.91.11.57 to serve to clients. Remove from server's config the lines:

Code: Select all

push "route 74.91.11.57 255.255.255.0"
push "dhcp-option DNS 74.91.11.57"

and add

Code: Select all

push "dhcp-option DNS 8.8.8.8"

Menashe · Post by **Menashe** » Sun Dec 18, 2011 7:30 pm

Mimiko wrote:As I thought, you don't have a DNS on 74.91.11.57 to serve to clients. Remove from server's config the lines:
Code: Select all
push "route 74.91.11.57 255.255.255.0"
push "dhcp-option DNS 74.91.11.57"
and add
Code: Select all
push "dhcp-option DNS 8.8.8.8"

...that did it! Thanks so much for all your help!

OpenVPN Support Forum

[resolved] Connection established, no traffic..

[resolved] Connection established, no traffic..

Re: Connection established, no traffic..

Re: Connection established, no traffic..

Re: Connection established, no traffic..

Re: Connection established, no traffic..

Re: Connection established, no traffic..

Re: Connection established, no traffic..

Re: Connection established, no traffic..

Re: Connection established, no traffic..

Re: Connection established, no traffic..

Re: Connection established, no traffic..

Re: Connection established, no traffic..