Page 1 of 1
Sufing with the ip of the server
Posted: Wed Sep 05, 2012 8:27 am
by klicksor
hello,
i've got a debian squeeze on a server in a datacenter.
on this server i installed openvpn.
on my pc runs a windows 7. there i installed the openvpn gui.
every thing works fine. i'm able to connect to the server with openvpn gui and i also get an ip 10.8.0.6
but if i check my ip on cmyip.com, i still have the ip from my provider of dsl.
but i want to forward all the traffic with my server.
home (10.8.0.6) -> server (xx.xx.xx.xx) -> internet
so if i start openvpn gui and open google with firefox i want them to see my xx.xx.xx.xx ip from the server.
all my traffic should go through my server.
i tried a lot of iptables commands but nothing worked.
could somebody help me?
thanks!
regards
thomas
Re: Sufing with the ip of the server
Posted: Wed Sep 05, 2012 10:29 am
by maikcat
hi there,
i tried a lot of iptables commands but nothing worked.
could somebody help me?
if you are kind enough to share your configs we will help you..
regards
Michael.
Re: Sufing with the ip of the server
Posted: Wed Sep 05, 2012 10:56 am
by klicksor
Hello,
server.conf
Code: Select all
port 1194
proto udp
dev tun
ca ./easy-rsa2/keys/ca.crt
cert ./easy-rsa2/keys/server.crt
key ./easy-rsa2/keys/server.key
dh ./easy-rsa2/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
ifconfig server
Code: Select all
eth0 Link encap:Ethernet HWaddr 78:e3:b5:fd:a0:94
inet addr:xxx.xxx.xxx.xxx Bcast:xxx.xxx.xxx.xxx Mask:255.255.255.192
inet6 addr: xxxx::xxxx:xxxx:xxxx:xxxx/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:274601 errors:0 dropped:0 overruns:0 frame:0
TX packets:27704 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:30153433 (28.7 MiB) TX bytes:3202296 (3.0 MiB)
Interrupt:16
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 B) TX bytes:560 (560.0 B)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
client.conf
Code: Select all
client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert vpnmds.crt
key vpnmds.key
ns-cert-type server
comp-lzo
verb 3
Re: Sufing with the ip of the server
Posted: Wed Sep 05, 2012 11:40 am
by maikcat
add to your server config
restart service
can you post the output of iptables -L -v -t nat on your server?
Michael.
Re: Sufing with the ip of the server
Posted: Wed Sep 05, 2012 1:37 pm
by klicksor
thanks! it works.
do i also need this one?
i think all my iptables commands are still there.
Code: Select all
iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 4799 packets, 340K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3654 196K MASQUERADE all -- any eth0 anywhere anywhere
0 0 MASQUERADE all -- any eth0 anywhere anywhere
0 0 MASQUERADE all -- any eth0 10.8.0.0/24 anywhere
0 0 MASQUERADE all -- any eth0 anywhere anywhere
0 0 MASQUERADE all -- any tun0 anywhere anywhere
0 0 MASQUERADE all -- any eth0 10.8.0.0/24 anywhere
Chain OUTPUT (policy ACCEPT 2 packets, 134 bytes)
pkts bytes target prot opt in out source destination
Re: Sufing with the ip of the server
Posted: Thu Sep 06, 2012 6:37 am
by maikcat
hi there,
thanks! it works.
end of story
push "dhcp-option DNS 10.8.0.1"
if your openvpn server doesnt run any dns service or dns relay software then no you dont need it.
regards.
Michael.