Once again, can't get OpenVPN to work

Freek

Right. Again I'm trying to install OpenVPN on my VPS.
I've followed several tutorials, but none have worked yet so far for me.
I've now followed this tutorial:
http://tipupdate.com/how-to-install-openvpn-on-ubuntu-vps/
However, at step 11 (when configuring the IP tables), the following command gives an error:

root@bravo:~# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT -.to-source MyVPSIP
iptables v1.4.4: option SNAT' requires an argument Tryiptables -h' or 'iptables --help' for more information.

I already added the two dashes as suggested in the comments, but still I get the above error. I get the feeling this is causing my problem. I can connect, but cannot browse the internet.

Thanks in advance.

yomero

--to-source
Double hyphen

Edit: read your last paragraph :S

But...

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source MyVPSIP

Sure?

vedran

iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source VPSIP

that works for me

Freek

Thanks for the ultra quick replies guys

@yomero No idea, just following the tutorial. Seems like it should be like that, from his screenshot.
@vedran That did the trick! Hello from 'France'

Thanks for helping me out here, @yomero and @vedran. Appreciate it

Freek

What exactly is the difference between just using 'push “dhcp-option DNS 10.8.0.1' in your server.conf file and using dnsmasq as suggested by Linode? (https://library.linode.com/networking/openvpn/ubuntu-10.04-lucid#sph_tunnel-all-connections-through-the-vpn)

gsrdgrdghd

There is no difference, you are supposed to do both
You install dnsmasq on your server as a DNS resolver and then use 'dhcp-option DNS 10.8.0.1' to tell the clients to use that dnsmasq

yomero

OR push any public DNS :P

MeMyselfandLinux

dunno if this works on you,but recently i experienced some trouble with openvpn installation (not the access,just normal one) on free trial i got

after searching and asking my friends,its reach a conclusion ; the problem is iptables somehow is locked by the provider,and the only solution is ask them manually

AFAIK
Openvpn setup should be easy and short,install,build conf,foward,run,copy conf and you are safe CMIIW

Freek

Thanks for the reply guys.

@gsrdgrdghd Alright. I tried installing dnsmasq according to the Linode tutorial, but I can't start it:
* Restarting DNS forwarder and DHCP server dnsmasq
dnsmasq: failed to bind listening socket for 10.8.0.1: Address already in use

Here's the output of netstat -ap: http://pastebin.com/5bV4a87B

I don't see anything running on 10.8.0.1....

@yomero that's also possible :P (PS. Why are you getting thanked for every post by netomx?)

@MeMyselfandLinux It's working already, thanks for the help though. I was just wondering what the difference in both tutorials was caused by

yomero

Because he loves me...

And, then I decided to modify my signature to show that
lololol

Freek

Bump. I just reinstalled my VPS again and started from scratch, but still the same issue:

'* Restarting DNS forwarder and DHCP server dnsmasq
dnsmasq: failed to bind listening socket for 10.8.0.1: Address already in use'
Output netstat-ap: pastebin.com/5bV4a87B

yomero

MAn! Use another DNS! Is just the DNS getting pushed via DHCP to your clients u_u

Freek

Alright then
But I still find it strange :P

yomero

Dunno, sounds like the daemon isn't getting killed and then is started again, so can't start... lol

nabo

From the netstat output it looks like you have setup OpenVPN to listen on the DNS port.

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
udp        0      0 *:domain                *:*                                 215/openvpn

Why that?

yomero

LOL, true

Freek

I have it running on port 53 indeed, because you can use it to bypass some payment terminals on airports and in hotels. Doesn't always work though
But that's the same port as the DNS port?

yomero

Yes, is the same, and if you wanted to combine that with dnsmasq, you can't bind to both ports.
I suggest you to use another port, like 443 or even 80.

Otherwise, I suggest you a more complex solution
http://www.rutschle.net/tech/sslh.shtml

netomx

@Freek said: I have it running on port 53 indeed, because you can use it to bypass some payment terminals on airports and in hotels. Doesn't always work though

But that's the same port as the DNS port?

I had tried to bypass a firewall on my Uni, but I didn't succeed, I even put 443

Freek

Thanks guys for figuring that out Mystery solved

@netomx Firewalls are something else than Payment terminals. I mean those terminals that popup after you connect to an 'open' WiFi network, which force you to pay for internet access. Those terminals usually communicate on port 53 and until you pay, every port is blocked except for port 53. So in theory, if your VPS runs on port 53, you should be able to browse the internet via your VPN

netomx

@Freek said: @netomx Firewalls are something else than Payment terminals. I mean those terminals that popup after you connect to an 'open' WiFi network, which force you to pay for internet access. Those terminals usually communicate on port 53 and until you pay, every port is blocked except for port 53. So in theory, if your VPS runs on port 53, you should be able to browse the internet via your VPN

Neat solution

In other hands, I have seen some "Dango" or something like that, wifi services that have their own iphone app... if you initiate the payment, even if you don't make it, they will open the internet