OpenVPN Support Forum

Posted: **Sat May 04, 2013 1:26 am**

Whenever I connect to the server, I can access the local subnet (on the server side), but I cannot access anything outside of the subnet.

Any help would be appreciated.

server.conf

Code: Select all

mode server
tls-server

port 53
proto udp


#bridging directive
dev tap0 ## If you need multiple tap devices, add them here
up "/etc/openvpn/up.sh br0 tap0 1500"
down "/etc/openvpn/down.sh br0 tap0"

persist-key
persist-tun

#certificates and encryption
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
tls-auth ta.key 0 # This file is secret

cipher BF-CBC        # Blowfish (default)
comp-lzo

#DHCP Information
server-bridge 10.0.1.1 255.255.0.0 10.0.1.1 10.0.1.255
push "redirect-gateway def1"
#push "dhcp-option DNS 10.0.0.1"
#push "route 0.0.0.0 0.0.0.0"

#log and security
user nobody
group nogroup
keepalive 10 120
status openvpn-status.log
verb 3

client.ovpn

Code: Select all

client
dev tap0
proto udp
remote XX.XX.XX.XX 53
nobind
resolv-retry infinite
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
comp-lzo
verb 3
script-security 2
#redirect-gateway
mute-replay-warnings
pull

ifconfig

Code: Select all

qcrist@ubuntubox:~$ ifconfig
br0       Link encap:Ethernet  HWaddr 00:13:d3:91:f1:02
          inet addr:10.0.0.103  Bcast:10.0.255.255  Mask:255.255.0.0
          inet6 addr: fe80::213:d3ff:fe91:f102/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11896 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11104 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1607711 (1.6 MB)  TX bytes:9960166 (9.9 MB)

eth0      Link encap:Ethernet  HWaddr 00:13:d3:91:f1:02
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13757 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11878 errors:0 dropped:0 overruns:1 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2665706 (2.6 MB)  TX bytes:10026297 (10.0 MB)

tap0      Link encap:Ethernet  HWaddr 72:0c:af:ee:81:03
          inet6 addr: fe80::700c:afff:feee:8103/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:850 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3333 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:80261 (80.2 KB)  TX bytes:808204 (808.2 KB)

/etc/openvpn/up.sh

Code: Select all

#!/bin/sh
BR=$1
DEV=$2
MTU=$3
/sbin/ip link set "$DEV" up promisc on mtu "$MTU"
/sbin/brctl addif $BR $DEV

/etc/openvpn/down.sh

Code: Select all

#!/bin/sh

BR=$1
DEV=$2

/sbin/brctl delif $BR $DEV
/sbin/ip link set "$DEV" down

Posted: **Mon May 06, 2013 12:44 pm**

is IP forwarding enabled on the server? does the server firewall allow the forwarding of packets? where do you want to forward stuff to? does the LAN gateway on the server-side LAN allow this type of forwarding?

Posted: **Wed May 15, 2013 12:45 am**

janjust wrote:is IP forwarding enabled on the server?

Yes

janjust wrote:does the server firewall allow the forwarding of packets?

Yes

janjust wrote:where do you want to forward stuff to?

The internet
I've been trying 8.8.8.8

janjust wrote:does the LAN gateway on the server-side LAN allow this type of forwarding?

I am not sure how to determine this.

Posted: **Wed May 15, 2013 11:52 am**

are there any virtual machines involved (esp the openvpn server)?
Do you really need a bridged setup? this is easier to troubleshoot in routed (tun) mode.

Run 'tcpdump -nnel -i br0 icmp' on the server and ping 8.8.8.8 from the client - what does it show?

OpenVPN Support Forum

Can connect to vpn and access local subnet, not not internet

Can connect to vpn and access local subnet, not not internet

Re: Can connect to vpn and access local subnet, not not inte

Re: Can connect to vpn and access local subnet, not not inte

Re: Can connect to vpn and access local subnet, not not inte