You are not logged in.
- Topics: Active | Unanswered
#1 2013-11-21 02:22:04
- evana
- Member
- Registered: 2013-03-23
- Posts: 8
[SOLVED]OpenVPN internet tunneling not working
Hi all,
I am trying to set up and openvpn server such that all internet traffic from the clients is funneled through the server. I am having issues getting that aspect to work. I am able to connect to the vpn server but I don't have web access when I do.
Here are my configs:
Server openvpn: http://pastebin.com/aBMR7y28
Server iptables: http://pastebin.com/LKmvZRjL
Client openvpn: http://pastebin.com/e4vja65q
I made sure to set net.ipv4.ip_forward to 1 and persist it with sysctl. My server's internet access is just fine.
Let me know if I need to provide more information.
Last edited by evana (2013-11-22 00:11:02)
Offline
#2 2013-11-21 15:44:45
- R00KIE
- Forum Fellow
- From: Between a computer and a chair
- Registered: 2008-09-14
- Posts: 4,734
Re: [SOLVED]OpenVPN internet tunneling not working
I think your order here is wrong:
-A FORWARD -j DROP
-A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPTor you meant
-P FORWARD DROP
-A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPTR00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K
Offline
#3 2013-11-21 21:03:13
- evana
- Member
- Registered: 2013-03-23
- Posts: 8
Re: [SOLVED]OpenVPN internet tunneling not working
Ahh changing the rule to -P FORWARD DROP worked. Would you mind explaining how that is different than -A FORWARD -j DROP?
Offline
#4 2013-11-21 22:08:08
- Foucault
- Member
- From: Athens, Greece
- Registered: 2010-04-06
- Posts: 214
Re: [SOLVED]OpenVPN internet tunneling not working
Ahh changing the rule to -P FORWARD DROP worked. Would you mind explaining how that is different than -A FORWARD -j DROP?
The "-P" argument is the policy rule, which means that FORWARDed packets that do not match any rule will be handled by this rule. In this case they will be dropped. The "-A" argument is the append action. -A FORWARD -j DROP means that "DROP any FORWARDed packet". Since DROP is a final rule all packets that reach this rule are discarded. Every other -A FORWARD rule after that is ignored since it is never reached.
Offline
#5 2013-11-22 00:10:41
- evana
- Member
- Registered: 2013-03-23
- Posts: 8
Re: [SOLVED]OpenVPN internet tunneling not working
evana wrote:Ahh changing the rule to -P FORWARD DROP worked. Would you mind explaining how that is different than -A FORWARD -j DROP?
The "-P" argument is the policy rule, which means that FORWARDed packets that do not match any rule will be handled by this rule. In this case they will be dropped. The "-A" argument is the append action. -A FORWARD -j DROP means that "DROP any FORWARDed packet". Since DROP is a final rule all packets that reach this rule are discarded. Every other -A FORWARD rule after that is ignored since it is never reached.
That makes sense. Thanks.
Offline