You are not logged in.

Pages: 1

#1 2018-01-17 20:43:27

agent114
Member
Registered: 2017-10-26
Posts: 27

cant pass traffic from openVPN to ethernet

I set up an openVPN acording to the article on the wiki, clients can connect but cannot acces anything beyond the vpn
when I start VPN:

Wed Jan 17 20:23:57 2018 OpenVPN 2.4.4 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017
Wed Jan 17 20:23:57 2018 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.10
Wed Jan 17 20:23:57 2018 Diffie-Hellman initialized with 2048 bit key
Wed Jan 17 20:23:57 2018 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed Jan 17 20:23:57 2018 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Jan 17 20:23:57 2018 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed Jan 17 20:23:57 2018 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Jan 17 20:23:57 2018 ROUTE_GATEWAY <ips and suobnets> IFACE=enp10s0 HWADDR=10:c3:7b:a2:7b:55
Wed Jan 17 20:23:57 2018 TUN/TAP device tun0 opened
Wed Jan 17 20:23:57 2018 TUN/TAP TX queue length set to 100
Wed Jan 17 20:23:57 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Jan 17 20:23:57 2018 /usr/bin/ip link set dev tun0 up mtu 1500
Wed Jan 17 20:23:57 2018 /usr/bin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Wed Jan 17 20:23:57 2018 /usr/bin/ip route add 10.8.0.0/24 via 10.8.0.2
Wed Jan 17 20:23:57 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Jan 17 20:23:57 2018 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jan 17 20:23:57 2018 Listening for incoming TCP connection on [AF_INET][undef]:443
Wed Jan 17 20:23:57 2018 TCPv4_SERVER link local (bound): [AF_INET][undef]:443
Wed Jan 17 20:23:57 2018 TCPv4_SERVER link remote: [AF_UNSPEC]
Wed Jan 17 20:23:57 2018 GID set to nobody
Wed Jan 17 20:23:57 2018 UID set to nobody
Wed Jan 17 20:23:57 2018 MULTI: multi_init called, r=256 v=256
Wed Jan 17 20:23:57 2018 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Jan 17 20:23:57 2018 ifconfig_pool_read(), in='<client name>,10.8.0.4', TODO: IPv6
Wed Jan 17 20:23:57 2018 succeeded -> ifconfig_pool_set()
Wed Jan 17 20:23:57 2018 IFCONFIG POOL LIST
Wed Jan 17 20:23:57 2018 <client name>,10.8.0.4
Wed Jan 17 20:23:57 2018 MULTI: TCP INIT maxclients=1024 maxevents=1028
Wed Jan 17 20:23:57 2018 Initialization Sequence Completed

output from ip addr show (with vpn on)

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet <ip> scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp10s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether <ip>
    inet <ip> brd <ip>5 scope global dynamic noprefixroute enp10s0
       valid_lft 861751sec preferred_lft 861751sec
    inet6 <ip> scope link noprefixroute 
       valid_lft forever preferred_lft forever
    <ip> scope link noprefixroute 
       valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 <ip> scope link stable-privacy 
       valid_lft forever preferred_lft forever

added code to route traffic to ethernet

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"

and the iptables stuff:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o enp10s0 -j MASQUERADE
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT

when a client connects it cannot ping anything outside the vpn, other computers on the network or an external ips.

Offline

#2 2018-01-17 21:48:56

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: cant pass traffic from openVPN to ethernet

Did you enable packet forwarding like it says on the wiki?

R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

#3 2018-01-17 22:06:26

agent114
Member
Registered: 2017-10-26
Posts: 27

Re: cant pass traffic from openVPN to ethernet

I got it working with 

net.ipv4.conf.all.forwarding=1

but this seems like a bad idea is it, and if so is there a more specific way 

net.ipv4.conf.tun0.forwarding=1

didnt work

Last edited by agent114 (2018-01-17 22:15:11)

Offline

Pages: 1

Board footer

Powered by FluxBB