For the past hour, I have been trying to get Portforwarding to work on my OpenVZ VPS running OpenVPN.
I've followed the steps described in this topic:
topic7823.html
The problems started as soon I had to restart the OpenVPN service (the last step described in the topic): It wouldn't start.
After checking the logfile, this is the only thing I found:
Code: Select all
Options error: Unrecognized option or missing parameter(s) in server.conf:23: script-security (2.0.9)
Use --help for more information.
Code: Select all
local XXX.XXX.XXX.XXX
port 53
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.9.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
log /var/log/openvpn.log
verb 3
client-connect /etc/openvpn/clientconnect.sh
client-disconnect /etc/openvpn/clientdisconnect.sh
script-security 2
Removing that line will start the OpenVPN service, but I cannot connect.
Still, I think the script-security 2 line has to be in place, else the two userscripts will not be executed, which is necessary for port forwarding.
So I put the line back in place and dug further and also adjusted the network interfaces in the clientconnect/clientdisconnect.sh, which now look like this:
Code: Select all
#!/bin/bash
PORT = 12000
iptables -A FORWARD -p tcp -i [b]venet0:0[/b] -d $ifconfig_pool_remote_ip --dport $PORT -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d $ifconfig_local --dport $PORT -j DNAT --to-destination $ifconfig_pool_remote_ip:$PORT
I have ran out of ideas. I hope someone can help me out here, as I don't have much experience with OpenVPN and Linux in general.
Thanks