MacOS client conect but can get internet

greg · Post by **greg** » Tue May 24, 2011 3:27 pm

Hello,

I have a openvpn server my clients with MacOS can connect and get ip 10.X.X.X but dont have acces on internet... there is some different configuration that I have to make on my server for MacOS clients?

Thanks

My server.conf

Code: Select all

dev tun 
proto udp
port 443 

####### keys #######
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt 
cert /etc/openvpn/easy-rsa/2.0/keys/vpn.crt 
key /etc/openvpn/easy-rsa/2.0/keys/ta.key 
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem 
tls-auth /etc/openvpn/easy-rsa/2.0/keys/ta.key 1
#################

#tous les clients utilisent la même clé
duplicate-cn
# permet de réattribuer la même adresse à chaque client
#ifconfig-pool-persist ipp1.txt
cipher AES-256-CBC
# une fois démarré, l'appartenance du processus passe de l'utilisateur "root" à # "nobody" et du groupe "root" à "nogroup". Ainsi, si le processus 
# est compromis, aucun dommage ne pourra être 
#causé avec les  privilèges du super-utilisateur

user nobody 
group nogroup 

#telnet
management localhost 7503

# sous-réseau que constituera le réseau virtuel
server 10.1.0.0 255.255.0.0 

#daemon
#writepid /var/run/openvpn.pid

keepalive 20 120 
#pour plus de securite on chroot 
chroot /etc/openvpn/jail1

# ne doit pas relire la clé en cas de réinitialisation de la connexion
persist-key 

# ne doit pas reconfigurer l'interface en cas de réinitialisation de la connexion
persist-tun 



# user/pass auth from mysql ou remplacer /etc/pam.d/openvpn par "login login #USERNAME password PASSWORD"

plugin /etc/openvpn/openvpn-auth-pam.so /etc/pam.d/openvpn
client-cert-not-required 
username-as-common-name 

#client-to-client 

push "redirect-gateway def1" 
push "dhcp-option DNS 208.67.222.222" 
push "dhcp-option DNS 208.67.220.220" 
# compression des données 
comp-lzo 
max-clients 100

status status/openvpn1-status.log 
log-append /var/log/openvpn/server1.log 
--mute-replay-warnings
verb 2
mute 10

#client-config-dir ccd
#route 192.168.1.0 255.255.255.0

client conf:


client
dev tun
proto udp

remote vpn.com 443

tls-auth ta.key 0
ca ca.crt

resolv-retry infinite
remote-cert-tls server

cipher AES-256-CBC
nobind
persist-key
persist-tun

auth-user-pass
comp-lzo
verb 3

Post by **janjust** » Tue May 24, 2011 3:59 pm

does it work for other (non MacOS) clients? is some form of NATting/masquerading configured on the server? does the server do ip forwarding? If not, try

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_foward
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

to see if that helps.
If it does work for other clients, post the MacOS routing table after the client is connected.

OpenVPN Support Forum

MacOS client conect but can get internet

MacOS client conect but can get internet

Re: MacOS client conect but can get internet