Route (windows) traffic through openVPN gateway

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
qupfer
OpenVpn Newbie
Posts: 8
Joined: Sat Feb 05, 2011 9:24 am

Route (windows) traffic through openVPN gateway

Post by qupfer » Sat Feb 05, 2011 9:52 am

Hi i'm not very good in writing english but i hope its enough, so you can understand what i mean ;)

At university-campus, i have a very restrictive internet-acces (only tcp traffic and only connection on ports <1024). For tcp traffic (for ports >1024) we have a http-proxy but for udp-traffic, we have to find personal solution. At the moment i use a openvpn connection from a friend to his root-server.
My idea was to try to create a own one. But i doesn't like to pay lot of dollars (or Euros) so i rent a cheap vserver which i can cancel monthly. But this is the problem because i can't use the config of my friends server.

Code: Select all

#server
dev tap0
proto tcp-server
tls-server 
ca /vpn/ca.crt
key /vpn/qupfer.key
cert /vpn/qupfer.crt
dh /vpn/praxisreich.net/dh1024.pem
mode server
server-bridge 192.168.42.1 255.255.255.0 192.168.42.128 192.168.42.254
push "redirect-gateway def1"
push "dhcp-option DNS 213.186.33.99"
keepalive 10 120
log /var/log/openvpn.log
log-append /var/log/openvpn.log
user nobody
group nogroup
port 666
persist-key
persist-tun
daemon
verb 1
client-config-dir /etc/openvpn/client-conf
client-to-client
ifconfig 192.168.42.1 255.255.255.0

Code: Select all

#client
dev tap
proto tcp-client
port 666
remote domain.name
pull
tls-client
ca ca.crt
cert qupfer.crt
key qupfer.key
route-method exe
route-delay 2
ip-win32 dynamic
Ok, this config "works" to create a connection between this two points but for redirect i need to add something like that to iptables:

Code: Select all

iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
And thats the problem, i get a error
"iptables: No chain/target/match by that name"
I think its's because the module iptable_nat is missing or something else. So i search for a solution and find this one (attention, a german page)
In summery, he use this config:

Code: Select all

#server
port 443
proto tcp 
dev tun 
ca /opt/keys/ca.crt 
cert /opt/keys/server.crt 
key /opt/keys/server.key 
dh /opt/keys/dh1024.pem 
server 10.8.0.0 255.255.255.0 
ifconfig-pool-persist ipp.txt 
client-to-client 
keepalive 10 120 
comp-lzo 
user nobody 
group nogroup 
persist-key 
persist-tun 
status openvpn-status.log 
verb 3
and

Code: Select all

#client 
dev tun 
proto tcp 
remote ServerIP 443
resolv-retry infinite 
nobind 
user nobody 
group nogroup 
persist-key 
persist-tun 
ca ca.crt 
cert client1.crt 
key client1.key 
comp-lzo 
route-gateway 10.8.0.1
redirect-gateway
route 0.0.0.0 0.0.0.0
verb 3
And for iptables this

Code: Select all

iptables -t nat -A POSTROUTING -o venet0 -s 10.8.0/24 -j SNAT --to globalServerIP
(that entry accept my vserver too)
But if i try this, my windows-openvpn says that ifconfig is missing^^
So how should i modify my windows-client config or some other solutions to use the vserver as internet-gateway?
Top
hostizzle
OpenVpn Newbie
Posts: 12
Joined: Mon Feb 07, 2011 5:15 am

Re: Route (windows) traffic through openVPN gateway

Post by hostizzle » Fri Feb 11, 2011 4:31 am

If you want to try my OpenVPN server, let me know. You can have a free access to test your system on a different server.
Top
Post Reply

Return to “Server Administration”