VPN Zeroshell with Amazon EC2 Linux machine

[misterj]

Hi guys,
I'm trying to configure a VPN with Zeroshell as server and a EC2 virtual machine running openvpn as client.

This is the basic schema with the IP:
https://dl.dropboxusercontent.com/u/3145586/VPN/VPN.jpg


I choose to use the certification authentication and this is the server config:
https://dl.dropboxusercontent.com/u/314 ... ZS_VPN.jpg

And this is the client config file:
--------------------------------------------------------------------------------
user nobody
group nobody
remote <server_ip> 1195
proto tcp
ifconfig 194.0.0.2 255.255.255.0 #192.168.254.1
ca /etc/openvpn/cert/zs1_ca.pem
cert /etc/openvpn/cert/zs1.pem
key /etc/openvpn/cert/zs1.pem
--tls-client
verb 3
mute 20
resolv-retry infinite
nobind
client
dev tap
persist-key
persist-tun
keepalive 1 3
status /etc/openvpn/status/zs1-status.log
log-append /var/log/openvpn.log

------------------------------------------------------------------------

The authentication works,i'm either able to ping from amazon EC2 to the both server and to all my internal machine but I cannot reach amazons machine from my zeroshell server (openvpn server) and from others local machines.

I'm sure it's a basic routing/forwarding problems and even if I enabled forwarding on LInux machine as follow do not works:

I set net.ipv4.ip_forward=1 on /etc/sysctl.conf and /proc/sys/net/ipv4/ip_forward to 1

I set up all route to access my local class 192.168.18.0/24 to VPN client and I set up the same route for the other amazon internal machine with gateway the IP of amazon VPN instance.

This is the server routing table

Destination Netmask Type Metric Gateway Interface Flags State Source
DEFAULT GATEWAY 0.0.0.0 Net 0 193.0.0.1 ETH02 UG Up Auto
10.0.0.0 255.255.255.0 Net 0 194.0.0.2 VPN00 UG Up Static
192.168.18.0 255.255.255.0 Net 0 none ETH03 U Up Auto
192.168.50.0 255.255.255.0 Net 0 none ETH00 U Up Auto
193.0.0.0 255.255.255.248 Net 0 none ETH02 U Up Auto
193.0.1.0 255.255.255.248 Net 0 none ETH01 U Up Auto
194.0.0.0 255.255.255.0 Net 0 none VPN00 U Up Auto

And this is the Linux machine routing table

Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.169.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.18.0 194.0.0.1 255.255.255.0 UG 0 0 0 tap0
194.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0

For my test all firewall are off and even iptables service is off

This is the process line on zeroshell server:
https://dl.dropboxusercontent.com/u/314 ... SERVER.jpg

What I miss?
Many thanks for your help

[misterj]

Sorry I forgot to mention that in this example I used the class 194.0.0.0 but is not a private class so now i changed with 172.16.0.0/29

The other info are the same, now the server is 172.16.0.1/29 and the amazon EC2 client is 172.16.0.2/29

[bassam ghanem]

Zeroshell is a powerfull platform, you can use it as captive portal or even shaper based on NTOP DPI. i recommend it, and wish you luck to solve your issue.