Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


OpenVPN on NanoVZ with shared IPv4 problem
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

OpenVPN on NanoVZ with shared IPv4 problem

Anna_ParkerAnna_Parker Member
edited January 2015 in Help

Got VPS with shared IPv4 from NanoVZ/evobilling.com. I'm on Debian 7 Wheezy, installed OpenVPN by script as usual:

wget https://raw.github.com/cwaffles/ezopenvpn/master/ezopenvpn.sh --no-check-certificate -O ezopenvpn.sh; chmod +x ezopenvpn.sh; ./ezopenvpn.sh

Changed the IP to shared one, port to assigned to my container. I'm able to connect to OpenVPN, however there's "no Internet" on client side. This command won't do the job:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to MY_IP

I've read on that forum that someone had the same problem, switching to Ubuntu solved it. But for me it's not a solution, any guess good guys/bad boys? :)

Comments

  • Try using this script which is made for lowendspirit boxes.

    http://forum.lowendspirit.com/viewtopic.php?id=235

    Thanked by 1TACServers
  • netomxnetomx Moderator, Veteran

    Anna, just to confirm:

    1. You really changed the IP MY_IP, right?
    2. Does the 10.8.0.x is being served my OpenVPN?
  • Anna_ParkerAnna_Parker Member
    edited January 2015

    @joodle
    Reinstalling to fresh system and will try the original Nyr's script. Will update soon. :) EDIT: As I supposed (because cwaffles's script is based on Nyr's) it didn't help.

    @netomx
    1. Yes, just wrote to MY_IP to mask the NanoVZ's IP. ;) This command is automatically run by script, but I just tried it once it looks it's Internet redirect traffic problem.
    2. Yes, my OpenVPN works on 10.8.0.x local network, as you can see in the source code.

    Thank you guys for answers.

    EDIT: Problem isn't resolved, any clues? :)

  • @Anna_Parker

    If you wish I can setup OpenVPN AS

  • netomxnetomx Moderator, Veteran

    Have you enable IP forwarding in /etc/sysctl.conf and then sysctl -w ?

  • MY_IP should probably be your internal IP, not the public one.

    Thanked by 1netomx
  • bf1bf1 Member
    edited January 2015

    Maybe try another script, I am using this one https://github.com/viljoviitanen/setup-simple-openvpn

    You should also check the policy on the POSTROUTING, e.g.


    iptables -t nat -P POSTROUTING ACCEPT
    iptables -t nat -P PREROUTING ACCEPT
    iptables -t nat -P OUTPUT ACCEPT

  • tomletomle Member, LIR

    What jemaltz said - easy to make that mistake

  • My iptables looks a bit different:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 192.168.x.x

  • Anna_ParkerAnna_Parker Member
    edited January 2015

    @TinyTunnel_Tom @netomx @jemaltz @bf1 @tomle @foetti
    Thank you guys, @jemaltz solved it. I've just edited this file:

    /etc/rc.local

    Changed the:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to EXTERNAL_SHARED_IP

    To:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to INTERNAL_NANOVZ_IP

    Rebooted the server and it works! I love you all - thanks once again.

    Thanked by 1netomx
  • NyrNyr Community Contributor, Veteran

    It would be really helpful if you guys reported problems with the script to me, so they can be troubleshooted.

    Also, cwaffles's fork is outdated and should not be used. My script includes all the changes incorporated by him available as options anyway.

    That said, I just purchased a NanoVZ trying to reproduce this and was not able to. I did try on a clean Debian 7 template, as Anna_Parker suggested.

  • @Nyr Nice I see you here, I wanna thank you for your awesome script, used by me on any VPS I have. Uhm, when I run the script as IP I've entered the external one, not internal, so this the key, I guess.

  • tomletomle Member, LIR

    Yes, first time the script asks for the IP you should enter the internal one. If the script detects that you are behind NAT, it will ask for the external IP in the end.
    Works every time :)

Sign In or Register to comment.