OpenVPN Support Forum

Hey guys, sorry for that kinda stupid question

after setting up a fresh installation at my rootserver i´m trying to get my openvpn back working...
the connection of my clients is working but i´m unable to route the internettraffic though the vpn

i´m using the ccd´s to push the routes to the clients and this is working too.. my client is showing me
the right gateway


well, because i´ve saved my ccd´s and the server-config i´m sure its a problem of the routing at the server
if i´m remembering right i had to use 2(!) lines that the routing is working but i only remember that one


iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE


maybe you can help me, i´m unable to find whats missing
ah well...
echo 1 > /proc/sys/net/ipv4/ip_forward is already done


thank you very much!


greetings
Adrian

check or post your iptables rules ('iptables -L -n -v' and 'iptables -t nat -L -n -v') and check if there's anything blocking access.

can you ping the server LAN (eth0) IP?

hey

---------
iptables -L -n -v
Chain INPUT (policy ACCEPT 15M packets, 5015M bytes)
pkts bytes target prot opt in out source destination


Chain FORWARD (policy ACCEPT 1371 packets, 79551 bytes)
pkts bytes target prot opt in out source destination


Chain OUTPUT (policy ACCEPT 23M packets, 6089M bytes)
pkts bytes target prot opt in out source destination
---------

iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 747 packets, 74384 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 320 packets, 18701 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 62 packets, 4098 bytes)
pkts bytes target prot opt in out source destination

---------

so there is nothing blocking

my client (10.8.2.1) can ping the server at 10.8.0.1


greetings

my client (10.8.2.1) can ping the server at 10.8.0.1

you just posted the root cause of the problem - why was the client assigned a .2 address? if this is by design then add a rule

cant i add a rule for the whole subnet ?

my clients are getting the ip´s assigned like this :

10.8.1.1
10.8.2.1
10.8.3.1
10.8.4.1

dont ask me why i implemented it in this way, my ccd files are looking like

---
ifconfig-push 10.8.1.1 10.8.1.2 255.255.0.0
---

or (if with routing the traffic in the vpn)
---
ifconfig-push 10.8.2.1 10.8.2.2 255.255.0.0
push "redirect-gateway"
push "route-gateway 10.8.2.2"
push "dhcp-option DNS 208.67.222.222"
---

greetings

the iptables rules I posted does just that - or you do want to add more subnets in one go?

your rule just applies to the 10.8.2.1-254 or not ?
but some clients are getting 10.8.1.1 or 10.8.8.1

so the question is, do i have to add for them additional rules ?

greetings and thanks

Make it one rule: