You are not logged in.
- Topics: Active | Unanswered
#1 2015-08-17 18:17:53
- msalerno
- Member
- Registered: 2014-08-15
- Posts: 32
[SOLVED] VPN routing issue - maybe my iptables
I just got an account with a VPN provider and I'm trying to get things working. On my server (192.168.10.2) the VPN is connecting and working as expected. The next step is to set it up so that other systems on my LAN can use it for specific routes. I've read just about every tutorial on setting up your system as a VPN gateway but for some reason nothing is working.
LAN: 192.168.10.0/24
Internet Router (wifi & switch): 192.168.10.1
Server with VPN Client: 192.168.10.2
- Static VPN interface: tun2 (i'm going to add a bunch more once I get this working)
Current Routing table with VPN connected:
0.0.0.0/1 via 10.9.0.9 dev tun2
default via 192.168.10.1 dev eth0 proto static
10.9.0.1 via 10.9.0.9 dev tun2
10.9.0.9 dev tun2 proto kernel scope link src 10.9.0.10
80.84.53.114 via 192.168.10.1 dev eth0
128.0.0.0/1 via 10.9.0.9 dev tun2
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.2On the server running the VPN client:
net.ipv4.ip_forward = 1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o tun2 -j MASQUERADEUltimately I want to setup selective routing but first I need to make sure it's working. On my laptop (192.168.10.248) I change the default gateway from 192.168.10.1 to 192.168.10.2. With the updated default gateway on my laptop (192.168.10.248) I cannot ping, traceroute or connect to http. All of them just time out. I'm not even seeing the hop to 192.168.10.2 on the traceroute. I can still ping all the hosts on my subnet but I can't route out. I have tried many variations of the iptables rules with no success. I'm wondering what else I am missing and hoping someone can offer some help.
Thanks
Last edited by msalerno (2015-08-21 14:01:34)
Offline
#2 2015-08-17 18:51:33
- brebs
- Member
- Registered: 2007-04-03
- Posts: 3,742
Re: [SOLVED] VPN routing issue - maybe my iptables
You can debug it using e.g.:
tcpdump -n -i eth0
iptables -t nat -A POSTROUTING -j LOGYou're hiding a lot of vital details, in your explanation.
Offline
#3 2015-08-17 20:59:34
- msalerno
- Member
- Registered: 2014-08-15
- Posts: 32
Re: [SOLVED] VPN routing issue - maybe my iptables
I'll be more than happy to provide as many details as needed. This is my first VPN setup otherwise I would have posted everything I know.
This is a capture from the below scenario:
Setup "iptables -t nat -A POSTROUTING -j LOG" on the vpn machine.
Change default route on my laptop.
On my laptop execute: telnet google.com 80
It never returns with a response.
There's nothing in the journal.
I can see where the outbound packet for port 80, but it never returns. I'm at a loss. Any docs or assistance is appreciated.
Thanks
Offline
#4 2015-08-17 21:42:51
- brebs
- Member
- Registered: 2007-04-03
- Posts: 3,742
Re: [SOLVED] VPN routing issue - maybe my iptables
You have 2 MASQUERADE lines - you only need 1 line, e.g.:
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADEtcpdump and iptables -j LOG are *really* helpful, when debugging these issues, to run on both client and server.
Show your firewall, rather than tiny snippets:
iptables-saveOffline
#5 2015-08-17 21:49:23
- msalerno
- Member
- Registered: 2014-08-15
- Posts: 32
Re: [SOLVED] VPN routing issue - maybe my iptables
I'm looking to do the same thing as this post. I used the same rules but I still get nothing.
Offline
#6 2015-08-18 09:44:35
- R00KIE
- Forum Fellow
- From: Between a computer and a chair
- Registered: 2008-09-14
- Posts: 4,734
Re: [SOLVED] VPN routing issue - maybe my iptables
Have you tried your setup _without_ the vpn? Once you have that working you know that any problems will be related to getting things out through the vpn.
Edit:
I suppose its better that you provide your full iptables rules (/etc/iptables/iptables.rules) as some (missing) rule can be causing trouble.
Last edited by R00KIE (2015-08-18 09:46:24)
R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K
Offline
#7 2015-08-19 01:29:26
- msalerno
- Member
- Registered: 2014-08-15
- Posts: 32
Re: [SOLVED] VPN routing issue - maybe my iptables
Thanks. What I posted above are my full iptables rules.
# Generated by iptables-save v1.4.21 on Tue Aug 18 21:25:29 2015
*filter
:INPUT ACCEPT [48:3261]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [32:3850]
COMMIT
# Completed on Tue Aug 18 21:25:29 2015
# Generated by iptables-save v1.4.21 on Tue Aug 18 21:25:29 2015
*nat
:PREROUTING ACCEPT [1:81]
:INPUT ACCEPT [1:81]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o tun2 -j MASQUERADE
COMMIT
# Completed on Tue Aug 18 21:25:29 2015I thought about removing the VPN from the equation but there is only 1 NIC in this system.
-Yes, I know I should have a second NIC for VPN routing. It's for my local lan and I highly doubt I'll ever get up to 50Mbps through the VPN.
Offline
#8 2015-08-19 08:35:59
- R00KIE
- Forum Fellow
- From: Between a computer and a chair
- Registered: 2008-09-14
- Posts: 4,734
Re: [SOLVED] VPN routing issue - maybe my iptables
My suggestion to try without the vpn was because it would remove one variable from the problem, getting routing to work without the vpn should be the first step in solving your problem.
That said, I guess you may want to give brebs' suggestion a try.
R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K
Offline
#9 2015-08-20 16:27:06
- msalerno
- Member
- Registered: 2014-08-15
- Posts: 32
Re: [SOLVED] VPN routing issue - maybe my iptables
Thanks everyone for the help. I've added logging and more information. From what I see, it looks like the inbound requests never hit the POSTROUTING table. I'm not sure if it's due to my logging or something else.
Test case:
From laptop (192.168.10.248):
telnet 173.194.219.102 80Laptop Route:
default via 192.168.10.2 dev wls1
192.168.10.0/24 dev wls1 proto kernel scope link src 192.168.10.248 metric 303Server with VPN client (192.168.10.2):
Interfaces:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether b8:27:eb:6f:d9:0f brd ff:ff:ff:ff:ff:ff
inet 192.168.10.2/24 brd 192.168.10.255 scope global eth0
valid_lft forever preferred_lft forever
4: tun2@NONE: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.9.0.42 peer 10.9.0.41/32 scope global tun2
valid_lft forever preferred_lft foreverRoute:
0.0.0.0/1 via 10.9.0.41 dev tun2
default via 192.168.10.1 dev eth0 proto static
10.9.0.1 via 10.9.0.41 dev tun2
10.9.0.41 dev tun2 proto kernel scope link src 10.9.0.42
109.73.77.138 via 192.168.10.1 dev eth0
128.0.0.0/1 via 10.9.0.41 dev tun2
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.2 iptables rules
- I'm positive I have too many log entries, but I didn't think they could hurt.
*mangle
:PREROUTING ACCEPT [647:54629]
:INPUT ACCEPT [642:54329]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [590:94392]
:POSTROUTING ACCEPT [590:94392]
COMMIT
# Completed on Thu Aug 20 12:21:59 2015
# Generated by iptables-save v1.4.21 on Thu Aug 20 12:21:59 2015
*nat
:PREROUTING ACCEPT [8:1239]
:INPUT ACCEPT [3:939]
:OUTPUT ACCEPT [2:152]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -j LOG --log-prefix "IPTables-PREROUTING: " --log-level 7
-A PREROUTING -j LOG --log-prefix "IPTables-PREROUTING: " --log-level 7
-A OUTPUT -j LOG --log-prefix "IPTables-OUTPUT: " --log-level 7
-A OUTPUT -j LOG --log-prefix "IPTables-OUTPUT: " --log-level 7
-A POSTROUTING -j LOG --log-prefix "IPTables-POSTROUTING: " --log-level 7
-A POSTROUTING -j LOG --log-prefix "IPTables-POSTROUTING: " --log-level 7
-A POSTROUTING -o tun2 -j MASQUERADE
COMMIT
# Completed on Thu Aug 20 12:21:59 2015
# Generated by iptables-save v1.4.21 on Thu Aug 20 12:21:59 2015
*filter
:INPUT ACCEPT [489:44681]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [354:52630]
-A INPUT -j LOG --log-prefix "IPTables-INPUT: " --log-level 7
-A INPUT -j LOG --log-prefix "IPTables-INPUT: " --log-level 7
-A FORWARD -j LOG --log-prefix "IPTables-FORWARD: " --log-level 7
-A FORWARD -j LOG --log-prefix "IPTables-FORWARD: " --log-level 7
-A FORWARD -i eth0 -o tun2 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j LOG --log-prefix "IPTables-OUTPUT: " --log-level 7
-A OUTPUT -j LOG --log-prefix "IPTables-OUTPUT: " --log-level 7
COMMITKernel log results of executing the telnet command from my laptop:
Aug 20 12:12:13 MyVPN kernel: IPTables-OUTPUT: IN= OUT=eth0 SRC=192.168.10.2 DST=109.73.77.138 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=30454 DF PROTO=UDP SPT=59751 DPT=443 LEN=61
Aug 20 12:12:13 MyVPN kernel: IPTables-OUTPUT: IN= OUT=eth0 SRC=192.168.10.2 DST=109.73.77.138 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=30454 DF PROTO=UDP SPT=59751 DPT=443 LEN=61
Aug 20 12:12:14 MyVPN kernel: IPTables-INPUT: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:08:60:6e:20:e2:40:08:00:45:20:00:51:00:00:40:00:34:11:c0:fe SRC=109.73.77.138 DST=192.168.10.2 LEN=81 TOS=0x00 PREC=0x20 TTL=52 ID=0 DF PROTO=UDP SPT=443 DPT=59751 LEN=61
Aug 20 12:12:14 MyVPN kernel: IPTables-INPUT: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:08:60:6e:20:e2:40:08:00:45:20:00:51:00:00:40:00:34:11:c0:fe SRC=109.73.77.138 DST=192.168.10.2 LEN=81 TOS=0x00 PREC=0x20 TTL=52 ID=0 DF PROTO=UDP SPT=443 DPT=59751 LEN=61
Aug 20 12:12:15 MyVPN kernel: IPTables-PREROUTING: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:00:24:2b:a3:6c:2a:08:00:45:00:00:3c:d5:1e:40:00:40:06:10:d4 SRC=192.168.10.248 DST=173.194.219.102 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54558 DF PROTO=TCP SPT=43268 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Aug 20 12:12:15 MyVPN kernel: IPTables-PREROUTING: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:00:24:2b:a3:6c:2a:08:00:45:00:00:3c:d5:1e:40:00:40:06:10:d4 SRC=192.168.10.248 DST=173.194.219.102 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54558 DF PROTO=TCP SPT=43268 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Aug 20 12:12:16 MyVPN kernel: IPTables-PREROUTING: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:00:24:2b:a3:6c:2a:08:00:45:00:00:3c:d5:1f:40:00:40:06:10:d3 SRC=192.168.10.248 DST=173.194.219.102 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54559 DF PROTO=TCP SPT=43268 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Aug 20 12:12:16 MyVPN kernel: IPTables-PREROUTING: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:00:24:2b:a3:6c:2a:08:00:45:00:00:3c:d5:1f:40:00:40:06:10:d3 SRC=192.168.10.248 DST=173.194.219.102 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54559 DF PROTO=TCP SPT=43268 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Aug 20 12:12:18 MyVPN kernel: IPTables-PREROUTING: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:00:24:2b:a3:6c:2a:08:00:45:00:00:3c:d5:20:40:00:40:06:10:d2 SRC=192.168.10.248 DST=173.194.219.102 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54560 DF PROTO=TCP SPT=43268 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Aug 20 12:12:18 MyVPN kernel: IPTables-PREROUTING: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:00:24:2b:a3:6c:2a:08:00:45:00:00:3c:d5:20:40:00:40:06:10:d2 SRC=192.168.10.248 DST=173.194.219.102 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54560 DF PROTO=TCP SPT=43268 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Aug 20 12:12:18 MyVPN kernel: IPTables-OUTPUT: IN= OUT=eth0 SRC=192.168.10.2 DST=109.73.77.138 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=31015 DF PROTO=UDP SPT=59751 DPT=443 LEN=61
Aug 20 12:12:18 MyVPN kernel: IPTables-OUTPUT: IN= OUT=eth0 SRC=192.168.10.2 DST=109.73.77.138 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=31015 DF PROTO=UDP SPT=59751 DPT=443 LEN=61
Aug 20 12:12:20 MyVPN kernel: IPTables-INPUT: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:08:60:6e:20:e2:40:08:00:45:20:00:51:00:00:40:00:34:11:c0:fe SRC=109.73.77.138 DST=192.168.10.2 LEN=81 TOS=0x00 PREC=0x20 TTL=52 ID=0 DF PROTO=UDP SPT=443 DPT=59751 LEN=61
Aug 20 12:12:20 MyVPN kernel: IPTables-INPUT: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:08:60:6e:20:e2:40:08:00:45:20:00:51:00:00:40:00:34:11:c0:fe SRC=109.73.77.138 DST=192.168.10.2 LEN=81 TOS=0x00 PREC=0x20 TTL=52 ID=0 DF PROTO=UDP SPT=443 DPT=59751 LEN=61
Aug 20 12:12:22 MyVPN kernel: IPTables-PREROUTING: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:00:24:2b:a3:6c:2a:08:00:45:00:00:3c:d5:21:40:00:40:06:10:d1 SRC=192.168.10.248 DST=173.194.219.102 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54561 DF PROTO=TCP SPT=43268 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Aug 20 12:12:22 MyVPN kernel: IPTables-PREROUTING: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:00:24:2b:a3:6c:2a:08:00:45:00:00:3c:d5:21:40:00:40:06:10:d1 SRC=192.168.10.248 DST=173.194.219.102 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54561 DF PROTO=TCP SPT=43268 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Aug 20 12:12:23 MyVPN kernel: IPTables-OUTPUT: IN= OUT=eth0 SRC=192.168.10.2 DST=109.73.77.138 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=31114 DF PROTO=UDP SPT=59751 DPT=443 LEN=61
Aug 20 12:12:23 MyVPN kernel: IPTables-OUTPUT: IN= OUT=eth0 SRC=192.168.10.2 DST=109.73.77.138 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=31114 DF PROTO=UDP SPT=59751 DPT=443 LEN=61
Aug 20 12:12:26 MyVPN kernel: IPTables-INPUT: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:08:60:6e:20:e2:40:08:00:45:20:00:51:00:00:40:00:34:11:c0:fe SRC=109.73.77.138 DST=192.168.10.2 LEN=81 TOS=0x00 PREC=0x20 TTL=52 ID=0 DF PROTO=UDP SPT=443 DPT=59751 LEN=61
Aug 20 12:12:26 MyVPN kernel: IPTables-INPUT: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:08:60:6e:20:e2:40:08:00:45:20:00:51:00:00:40:00:34:11:c0:fe SRC=109.73.77.138 DST=192.168.10.2 LEN=81 TOS=0x00 PREC=0x20 TTL=52 ID=0 DF PROTO=UDP SPT=443 DPT=59751 LEN=61
Aug 20 12:12:29 MyVPN kernel: IPTables-OUTPUT: IN= OUT=eth0 SRC=192.168.10.2 DST=109.73.77.138 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=31532 DF PROTO=UDP SPT=59751 DPT=443 LEN=61
Aug 20 12:12:29 MyVPN kernel: IPTables-OUTPUT: IN= OUT=eth0 SRC=192.168.10.2 DST=109.73.77.138 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=31532 DF PROTO=UDP SPT=59751 DPT=443 LEN=61
Aug 20 12:12:30 MyVPN kernel: IPTables-PREROUTING: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:00:24:2b:a3:6c:2a:08:00:45:00:00:3c:d5:22:40:00:40:06:10:d0 SRC=192.168.10.248 DST=173.194.219.102 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54562 DF PROTO=TCP SPT=43268 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Aug 20 12:12:30 MyVPN kernel: IPTables-PREROUTING: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:00:24:2b:a3:6c:2a:08:00:45:00:00:3c:d5:22:40:00:40:06:10:d0 SRC=192.168.10.248 DST=173.194.219.102 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54562 DF PROTO=TCP SPT=43268 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Aug 20 12:12:32 MyVPN kernel: IPTables-INPUT: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:08:60:6e:20:e2:40:08:00:45:20:00:51:00:00:40:00:34:11:c0:fe SRC=109.73.77.138 DST=192.168.10.2 LEN=81 TOS=0x00 PREC=0x20 TTL=52 ID=0 DF PROTO=UDP SPT=443 DPT=59751 LEN=61
Aug 20 12:12:35 MyVPN kernel: IPTables-INPUT: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:08:60:6e:20:e2:40:08:00:45:20:00:51:00:00:40:00:34:11:c0:fe SRC=109.73.77.138 DST=192.168.10.2 LEN=81 TOS=0x00 PREC=0x20 TTL=52 ID=0 DF PROTO=UDP SPT=443 DPT=59751 LEN=61
Aug 20 12:12:35 MyVPN kernel: IPTables-OUTPUT: IN= OUT=eth0 SRC=192.168.10.2 DST=109.73.77.138 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=31613 DF PROTO=UDP SPT=59751 DPT=443 LEN=61
Aug 20 12:12:35 MyVPN kernel: IPTables-OUTPUT: IN= OUT=eth0 SRC=192.168.10.2 DST=109.73.77.138 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=31613 DF PROTO=UDP SPT=59751 DPT=443 LEN=61
Aug 20 12:12:37 MyVPN kernel: IPTables-INPUT: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:08:60:6e:20:e2:40:08:00:45:20:00:51:00:00:40:00:34:11:c0:fe SRC=109.73.77.138 DST=192.168.10.2 LEN=81 TOS=0x00 PREC=0x20 TTL=52 ID=0 DF PROTO=UDP SPT=443 DPT=59751 LEN=61
Aug 20 12:12:37 MyVPN kernel: IPTables-INPUT: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:08:60:6e:20:e2:40:08:00:45:20:00:51:00:00:40:00:34:11:c0:fe SRC=109.73.77.138 DST=192.168.10.2 LEN=81 TOS=0x00 PREC=0x20 TTL=52 ID=0 DF PROTO=UDP SPT=443 DPT=59751 LEN=61
Aug 20 12:12:39 MyVPN kernel: IPTables-OUTPUT: IN= OUT=eth0 SRC=192.168.10.2 DST=109.73.77.138 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=32068 DF PROTO=UDP SPT=59751 DPT=443 LEN=61
Aug 20 12:12:39 MyVPN kernel: IPTables-OUTPUT: IN= OUT=eth0 SRC=192.168.10.2 DST=109.73.77.138 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=32068 DF PROTO=UDP SPT=59751 DPT=443 LEN=61
Aug 20 12:12:42 MyVPN kernel: IPTables-INPUT: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:08:60:6e:20:e2:40:08:00:45:20:00:51:00:00:40:00:34:11:c0:fe SRC=109.73.77.138 DST=192.168.10.2 LEN=81 TOS=0x00 PREC=0x20 TTL=52 ID=0 DF PROTO=UDP SPT=443 DPT=59751 LEN=61
Aug 20 12:12:42 MyVPN kernel: IPTables-INPUT: IN=eth0 OUT= MAC=b8:27:eb:6f:d9:0f:08:60:6e:20:e2:40:08:00:45:20:00:51:00:00:40:00:34:11:c0:fe SRC=109.73.77.138 DST=192.168.10.2 LEN=81 TOS=0x00 PREC=0x20 TTL=52 ID=0 DF PROTO=UDP SPT=443 DPT=59751 LEN=61Offline
#10 2015-08-20 17:59:02
- brebs
- Member
- Registered: 2007-04-03
- Posts: 3,742
Re: [SOLVED] VPN routing issue - maybe my iptables
Try this:
for f in /proc/sys/net/ipv4/conf/*/forwarding ; do c=`cat "$f"` && printf "%s $c\n" "$f" ; doneTo check the forwarding property.
Last edited by brebs (2015-08-20 18:29:49)
Offline
#11 2015-08-21 00:38:37
- msalerno
- Member
- Registered: 2014-08-15
- Posts: 32
Re: [SOLVED] VPN routing issue - maybe my iptables
<-- Insert lots of cursing here -->
It seems as if:
/etc/sysctl.d/30-ipforward.conf
net.ipv4.ip_forward=1Is not being honored or i'm setting a different parameter. I think a recent change in networkd may be the culprit. Either way, that's for the help. It's working. I'm just going to write a post-up script to take care of everything.
Offline
#12 2015-08-21 09:30:49
- R00KIE
- Forum Fellow
- From: Between a computer and a chair
- Registered: 2008-09-14
- Posts: 4,734
Re: [SOLVED] VPN routing issue - maybe my iptables
Try 'net.ipv4.ip_forward = 1' (without the quotes). Unless I'm recalling incorrectly the spaces around the equal sign are needed, otherwise it doesn't work. Check the output of dmesg and the journal to confirm if that is the case.
R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K
Offline
#13 2015-08-22 23:00:01
- msalerno
- Member
- Registered: 2014-08-15
- Posts: 32
Re: [SOLVED] VPN routing issue - maybe my iptables
In the event that someone finds this thread while looking to do the same thing, I suggest you check out this post I just put together.
Last edited by msalerno (2015-08-22 23:00:30)
Offline