Page 1 of 1
Routing/firewall Issue or a more fundamental problem?
Posted: Wed Feb 23, 2011 6:08 pm
by 00matt
Hi, I have a working installation of OpenVPN which allows me to ping other computers on the VPN and access their services. I am now trying to implement redirect-gateway so I can forward my internet traffic through the OpenVPN server while I'm using an unsecured, public Wi-fi network, for example. I feel the problem might be related to firewall/routing, but before I dive into posting configs etc, I am hoping someone can tell me if my particular network setup will even allow me to do what I want. My network is show below:
Code: Select all
compC
(external)
|
internet
|
router
| |
compA |
|
compB
(vpn server)
Is it feasible/possible to forward internet traffic from compC through compB when there is a home router in between? The router is already set to do port forwarding (I can access the VPN remotely without problems).
Re: Routing/firewall Issue or a more fundamental problem?
Posted: Thu Feb 24, 2011 11:36 am
by maikcat
hi there,
>Is it feasible/possible to forward internet traffic from compC through compB when there is a home router in between?
yes you can push redirect gateway parameter to the client...
but, do you really want to pass *ALL* traffic through your vpn or for http traffic only?
if the second you can use a proxy (on the vpn side) and set your browser to use it.
cheers,
Michael.
Re: Routing/firewall Issue or a more fundamental problem?
Posted: Thu Feb 24, 2011 3:45 pm
by 00matt
I already use Putty and SSH as a proxy for http traffic, but I want something that will work more easily with other applications. I also want to access services on my lan in a secure manner, so I figured a VPN would allow all that at once.
Everything on the VPN works fine but I cannot access the internet at all. I can ping systems on the VPN, but if I try to ping a website address, for example, it says "ping: sendmsg: Operation not permitted". I am testing all this from compA (also inside the lan) - does that make a difference?
Here is my openvpn.conf on the server (compB):
Code: Select all
local 10.0.0.30 # Lan is on 10.0.0.0/24
port 11194 # custom port
proto udp
dev tun
ca privnet/ca.crt
cert privnet/server.crt
key privnet/server.key
dh privnet/dh1024.pem
server 10.0.10.0 255.255.255.0
push "route 10.0.10.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 10.0.10.1"
ifconfig-pool-persist ipp.txt
keepalive 10 120
max-clients 10
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 4
Are there any problems with this config? If not, it must be a firewall/routing issue? I have verified that ipv4 forwarding is enabled and I have been reading tutorials regarding setting up my firewall (shorwall) for OpenVPN, but I've had no luck.
Re: Routing/firewall Issue or a more fundamental problem?
Posted: Fri Feb 25, 2011 4:53 am
by 00matt
I think I have it working now. I believe the problem was the firewall on the client (compA). I thought I had disabled it for testing, but some rules remained. I still need to test everything from a computer external to my LAN, but I think it will work.
Re: Routing/firewall Issue or a more fundamental problem?
Posted: Fri Feb 25, 2011 8:07 am
by maikcat
hi there,
from your server config remove
push "route 10.0.10.0 255.255.255.0"
>I am testing all this from compA (also inside the lan) - does that make a difference?
in case you pushing routes ,yes its makes...
i noticed you run your server in *nix , i hope you setup iptables (if you using them) accordingly.
test your setup and feel free to ask help..
cheers,
michael.