Route (windows) traffic through openVPN gateway
Posted: Sat Feb 05, 2011 9:52 am
Hi i'm not very good in writing english but i hope its enough, so you can understand what i mean 
At university-campus, i have a very restrictive internet-acces (only tcp traffic and only connection on ports <1024). For tcp traffic (for ports >1024) we have a http-proxy but for udp-traffic, we have to find personal solution. At the moment i use a openvpn connection from a friend to his root-server.
My idea was to try to create a own one. But i doesn't like to pay lot of dollars (or Euros) so i rent a cheap vserver which i can cancel monthly. But this is the problem because i can't use the config of my friends server.
Ok, this config "works" to create a connection between this two points but for redirect i need to add something like that to iptables:
And thats the problem, i get a error
"iptables: No chain/target/match by that name"
I think its's because the module iptable_nat is missing or something else. So i search for a solution and find this one (attention, a german page)
In summery, he use this config:
and
And for iptables this (that entry accept my vserver too)
But if i try this, my windows-openvpn says that ifconfig is missing^^
So how should i modify my windows-client config or some other solutions to use the vserver as internet-gateway?
At university-campus, i have a very restrictive internet-acces (only tcp traffic and only connection on ports <1024). For tcp traffic (for ports >1024) we have a http-proxy but for udp-traffic, we have to find personal solution. At the moment i use a openvpn connection from a friend to his root-server.
My idea was to try to create a own one. But i doesn't like to pay lot of dollars (or Euros) so i rent a cheap vserver which i can cancel monthly. But this is the problem because i can't use the config of my friends server.
Code: Select all
#server
dev tap0
proto tcp-server
tls-server
ca /vpn/ca.crt
key /vpn/qupfer.key
cert /vpn/qupfer.crt
dh /vpn/praxisreich.net/dh1024.pem
mode server
server-bridge 192.168.42.1 255.255.255.0 192.168.42.128 192.168.42.254
push "redirect-gateway def1"
push "dhcp-option DNS 213.186.33.99"
keepalive 10 120
log /var/log/openvpn.log
log-append /var/log/openvpn.log
user nobody
group nogroup
port 666
persist-key
persist-tun
daemon
verb 1
client-config-dir /etc/openvpn/client-conf
client-to-client
ifconfig 192.168.42.1 255.255.255.0
Code: Select all
#client
dev tap
proto tcp-client
port 666
remote domain.name
pull
tls-client
ca ca.crt
cert qupfer.crt
key qupfer.key
route-method exe
route-delay 2
ip-win32 dynamic
Code: Select all
iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE"iptables: No chain/target/match by that name"
I think its's because the module iptable_nat is missing or something else. So i search for a solution and find this one (attention, a german page)
In summery, he use this config:
Code: Select all
#server
port 443
proto tcp
dev tun
ca /opt/keys/ca.crt
cert /opt/keys/server.crt
key /opt/keys/server.key
dh /opt/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3Code: Select all
#client
dev tun
proto tcp
remote ServerIP 443
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
route-gateway 10.8.0.1
redirect-gateway
route 0.0.0.0 0.0.0.0
verb 3Code: Select all
iptables -t nat -A POSTROUTING -o venet0 -s 10.8.0/24 -j SNAT --to globalServerIP But if i try this, my windows-openvpn says that ifconfig is missing^^
So how should i modify my windows-client config or some other solutions to use the vserver as internet-gateway?