You are not logged in.
Pages: 1
I set up an openVPN acording to the article on the wiki, clients can connect but cannot acces anything beyond the vpn
when I start VPN:
Wed Jan 17 20:23:57 2018 OpenVPN 2.4.4 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017
Wed Jan 17 20:23:57 2018 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.10
Wed Jan 17 20:23:57 2018 Diffie-Hellman initialized with 2048 bit key
Wed Jan 17 20:23:57 2018 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed Jan 17 20:23:57 2018 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Jan 17 20:23:57 2018 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed Jan 17 20:23:57 2018 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Jan 17 20:23:57 2018 ROUTE_GATEWAY <ips and suobnets> IFACE=enp10s0 HWADDR=10:c3:7b:a2:7b:55
Wed Jan 17 20:23:57 2018 TUN/TAP device tun0 opened
Wed Jan 17 20:23:57 2018 TUN/TAP TX queue length set to 100
Wed Jan 17 20:23:57 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Jan 17 20:23:57 2018 /usr/bin/ip link set dev tun0 up mtu 1500
Wed Jan 17 20:23:57 2018 /usr/bin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Wed Jan 17 20:23:57 2018 /usr/bin/ip route add 10.8.0.0/24 via 10.8.0.2
Wed Jan 17 20:23:57 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Jan 17 20:23:57 2018 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jan 17 20:23:57 2018 Listening for incoming TCP connection on [AF_INET][undef]:443
Wed Jan 17 20:23:57 2018 TCPv4_SERVER link local (bound): [AF_INET][undef]:443
Wed Jan 17 20:23:57 2018 TCPv4_SERVER link remote: [AF_UNSPEC]
Wed Jan 17 20:23:57 2018 GID set to nobody
Wed Jan 17 20:23:57 2018 UID set to nobody
Wed Jan 17 20:23:57 2018 MULTI: multi_init called, r=256 v=256
Wed Jan 17 20:23:57 2018 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Jan 17 20:23:57 2018 ifconfig_pool_read(), in='<client name>,10.8.0.4', TODO: IPv6
Wed Jan 17 20:23:57 2018 succeeded -> ifconfig_pool_set()
Wed Jan 17 20:23:57 2018 IFCONFIG POOL LIST
Wed Jan 17 20:23:57 2018 <client name>,10.8.0.4
Wed Jan 17 20:23:57 2018 MULTI: TCP INIT maxclients=1024 maxevents=1028
Wed Jan 17 20:23:57 2018 Initialization Sequence Completed
output from ip addr show (with vpn on)
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet <ip> scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp10s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether <ip>
inet <ip> brd <ip>5 scope global dynamic noprefixroute enp10s0
valid_lft 861751sec preferred_lft 861751sec
inet6 <ip> scope link noprefixroute
valid_lft forever preferred_lft forever
<ip> scope link noprefixroute
valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
valid_lft forever preferred_lft forever
inet6 <ip> scope link stable-privacy
valid_lft forever preferred_lft forever
added code to route traffic to ethernet
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
and the iptables stuff:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o enp10s0 -j MASQUERADE
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT
when a client connects it cannot ping anything outside the vpn, other computers on the network or an external ips.
Offline
Did you enable packet forwarding like it says on the wiki?
R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K
Offline
I got it working with
net.ipv4.conf.all.forwarding=1
but this seems like a bad idea is it, and if so is there a more specific way
net.ipv4.conf.tun0.forwarding=1
didnt work
Last edited by agent114 (2018-01-17 22:15:11)
Offline
Pages: 1