OpenVPN Support Forum

Hello again!
I finally got the VPN set up and working! (I Just did a clean install using the EPEL .rpm and re-following the steps. The second time going through it I hit a lot less bumps!)

Background
The server is in a datacenter and I am installing OpenVPN in it to channel my traffic through to it. Everything was done through root/administrative accounts.

The Goal
To get all my network/web browsing traffic to go through my VPS connection.

The Problem
As you probably have guessed, I can't get my traffic to go through the server.

Here are the stats:

Server Side:

port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret
dh keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
comp-lzo
max-clients 50
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3

Running the command on server: ifconfig
produces the following:

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:7248 errors:0 dropped:0 overruns:0 frame:0
TX packets:5532 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:795371 (776.7 KiB) TX bytes:832660 (813.1 KiB)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:198.144.178.19 P-t-P:198.144.178.19 Bcast:198.144.178.19 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

I also ran the following command on the server:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE

Client Side:

client
dev tun
proto udp
remote 198.144.178.19 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert echo-client2.crt
key echo-client2.key
ns-cert-type server
comp-lzo
verb 3
push "dhcp-option DNS 10.8.0.1"

When I connect to the VPN server on the client-side I cannot access the internet (e.g. typing in google.com in a web browser or pinging it times out). However, I can ping 10.8.0.1 on the client side. On the server side I can ping google.com and other websites.

Client Computer Stats:
- Windows 7
- OpenVPN Client is running as Admin

Server Stats:
- Server-Name is Echo (therefore echo-client1.crt etc. makes sense)
- CentOS 6 64-bit server

So...
Question 1: What else do I need to do in order to have all my client-side computer's traffic go through my server?

Question 2: (This is Unrelated to the above mentioned problem) I've moved everything into /etc/openvpn but it does not auto-start on start-up. How would I do that?

Anyways, thanks again for all your help!

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE

Do you have this server on some VPS hosting? Not all VPS services permit masquerading. Read this page topic8538-30.html which I think may help you, all topic also read.

hey!

Ok so sorry for the long pause of no updates (I was traveling).

I got it to work!

Just for documentation (and for those of you guys who are reviewing this in the future) basically this is what I did.

Following Bebop's post on SNAT I performed the following command:


make a script file, eg: my_firewall.sh
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT #10.8.0.0 #Change the bolded to the IP ranges your own settings are set to (in server.conf)
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source 100.200.255.256 #Use your server's IP

I ran that code probably a few times before realizing my mistake and a few other minor mistakes I made here and there. I also did a clean-install with the auto-install script found on that same post (mine was CentOS so I had to do a few other googling to find it). Unfortunately for those of you in the future the scripts are all outdated, so just use that as a framework when you're setting up your openvpn.

I love it and thanks for all your help Mimiko!

Edit: I edited it so that the IPs are that of the default configs (from sample-config-files folder's server.conf).