This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
syd
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Apr 15, 2014 8:08 am
Post
by syd » Tue Apr 15, 2014 8:23 am
Hello,
i was configuring a vpn server as a surf gateway.
I can connect via vpn and i also get a ip (10.8.0.xx) but when im connected with the client i have no internet.
Maybe i forgot something?
Thanks,
Syd
Here are my configs :
server :
Code: Select all
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
.
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
client :
Code: Select all
client
dev tun
proto udp
remote syds.vpn.server.tld 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert syd.crt
key syd.key
ns-cert-type server
comp-lzo
verb 3
iptables rules :
Code: Select all
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to xxx.xxx.xxx.xxx (this is actuly filled with my server ip)
Last edited by
debbie10t on Tue Apr 15, 2014 9:55 am, edited 1 time in total.
Reason: Read the Rules!
-
syd
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Apr 15, 2014 8:08 am
Post
by syd » Tue Apr 15, 2014 10:12 am
Hi,
thanks for point it out but all the config mentioned in the section
Routing all client traffic (including web-traffic) through the VPN
I used in my config and still it doesent work.
-
syd
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Apr 15, 2014 8:08 am
Post
by syd » Tue Apr 15, 2014 11:08 am
Ahh sorry.
Here is the Server Log :
Code: Select all
Apr 15 09:31:55 vpn ovpn-server[2488]: OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Apr 15 09:31:55 vpn ovpn-server[2488]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Apr 15 09:31:55 vpn ovpn-server[2488]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Apr 15 09:31:55 vpn ovpn-server[2488]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.8.0.0
Apr 15 09:34:35 vpn ovpn-server[2498]: OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Apr 15 09:34:35 vpn ovpn-server[2498]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Apr 15 09:34:35 vpn ovpn-server[2498]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Apr 15 09:34:35 vpn ovpn-server[2498]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.8.0.0
Apr 15 09:48:13 vpn ovpn-server[2763]: OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Apr 15 09:48:13 vpn ovpn-server[2763]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Apr 15 09:58:36 vpn ovpn-server[2773]: 123.123.123.123:36334 VERIFY OK: depth=1, /C=DE/ST=HE/L=City/O=VPN/OU=VPN/CN=syds.vpnserver.tld/name=syd/emailAddress=mail@host.domain
Apr 15 09:58:36 vpn ovpn-server[2773]: 123.123.123.123:36334 VERIFY OK: depth=0, /C=DE/ST=HE/L=Frankfurt/O=VPN/OU=VPN/CN=syds.vpnserver.tld/name=syd/emailAddress=mail@host.domain
Apr 15 11:57:40 vpn ovpn-server[2773]: 123.123.123.123:36336 VERIFY OK: depth=1, /C=DE/ST=HE/L=Frankfurt/O=VPN/OU=VPN/CN=syds.vpnserver.tld/name=syd/emailAddress=mail@host.domain
Apr 15 11:57:40 vpn ovpn-server[2773]: 123.123.123.123:36336 VERIFY OK: depth=0, /C=DE/ST=HE/L=Frankfurt/O=VPN/OU=VPN/CN=syds.vpnserver.tld/name=syd/emailAddress=mail@host.domain
-
syd
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Apr 15, 2014 8:08 am
Post
by syd » Tue Apr 15, 2014 9:59 pm
Hi,
thanks for the update tip, looks like debian did not have it yet.
I have to manualy update it later.
Here the ifconfig output :
Code: Select all
eth0 Link encap:Ethernet Hardware Adresse 00:A0:12:AB:CD:EF
inet Adresse:123.123.123.123 Bcast:123.123.123.255 Maske:255.255.255.0
inet6-Adresse: xx/64 Gültigkeitsbereich:Verbindu ng
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX packets:658027 errors:0 dropped:0 overruns:0 frame:0
TX packets:4407 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:1000
RX bytes:41957784 (40.0 MiB) TX bytes:689033 (672.8 KiB)
lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:16436 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun0 Link encap:UNSPEC Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-0 0-00-00-00-00
inet Adresse:10.8.0.1 P-z-P:10.8.0.2 Maske:255.255.255.255
UP PUNKTZUPUNKT RUNNING NOARP MULTICAST MTU:1500 Metrik:1
RX packets:1750 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:100
RX bytes:116672 (113.9 KiB) TX bytes:0 (0.0 B)
