After 3 months, suddenly can't reach machines behind VPN ser

All comments and questions related to the functionality of the OpenVPN web pages and forum should go here.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
jon6000
OpenVpn Newbie
Posts: 2
Joined: Thu Feb 23, 2012 12:29 pm

After 3 months, suddenly can't reach machines behind VPN ser

Post by jon6000 » Thu Feb 23, 2012 12:57 pm

So, not having a great day! I set up an OpenVPN server on an EC2 Debian instance about three months ago. The idea was so that we could access our other EC2 instances securely from home or the office. We also have a small 'My Book World' device in the office that we can connect to via the VPN from anywhere using 'client-to-client'.

When connected, clients are told to use our internal DNS server, which runs on the same EC2 instance as OpenVPN.

Everything has run smoothly since then, until today. As of this morning, we are unable to reach EC2 instances behind the VPN server. Clients can still connect to the server, and client-to-client connections still work. I can also still reach the EC2 instances in question if I go to them directly, not via the VPN. There are about 10-12 concurrent users connected.

Nothing as far as I can tell has changed, although clearly something somewhere has! I've pasted server and client configs below, any suggestions gratefully received.

Thanks,

Jon

server.conf:

port 1194
proto udp
dev tun
ca /etc/openvpn/examples/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/examples/easy-rsa/2.0/keys/vpn-server.crt
key /etc/openvpn/examples/easy-rsa/2.0/keys/vpn-server.key
dh /etc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pem
server 11.77.0.0 255.255.0.0
ifconfig-pool-persist ipp.txt
push "route 10.0.0.0 255.0.0.0"
client-config-dir ccd
route 11.78.0.0 255.255.255.252
push "dhcp-option DNS 10.xx.xx.xx"
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3

***************

client.conf:

client
dev tun
proto udp
remote xx.xx.xx.xx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert jon.crt
key jon.key
ns-cert-type server
comp-lzo
verb 5
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Top
jon6000
OpenVpn Newbie
Posts: 2
Joined: Thu Feb 23, 2012 12:29 pm

Re: After 3 months, suddenly can't reach machines behind VPN

Post by jon6000 » Thu Feb 23, 2012 2:22 pm

Apologies, I have worked it out, thanks to this thread:
htps://forums.openvpn.net/topic8092.html

Specifically, I re-ran:

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -I FORWARD -i tun+ -j ACCEPT 
iptables -I FORWARD -o tun+ -j ACCEPT 
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
For some reason these had been reset - I have no idea why though!

Thanks,

Jon
Top
Post Reply

Return to “Forum & Website Support”