All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
OpenVPN help
I was trying to set up an OpenVPN using @Damian 32MB VPS however after connected to the VPN, I could not visit any website including Google.com.
I have set up both clients and server keys, certs and so on and my PC appear to be able to ping the VPS using the internal IP address when connected:
Pinging 10.8.0.1 with 32 bytes of data:
Reply from 10.8.0.1: bytes=32 time=47ms TTL=64
Reply from 10.8.0.1: bytes=32 time=43ms TTL=64
Reply from 10.8.0.1: bytes=32 time=52ms TTL=64
Reply from 10.8.0.1: bytes=32 time=43ms TTL=64
IP forwarding is enabled:
cat /proc/sys/net/ipv4/ip_forward
1
TUN/TAP is enabled:
ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 TX bytes:0 (0.0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:93 errors:0 dropped:0 overruns:0 frame:0
TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:7414 (7.2 KiB) TX bytes:1790 (1.7 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:1155 errors:0 dropped:0 overruns:0 frame:0
TX packets:726 errors:0 dropped:137 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:138015 (134.7 KiB) TX bytes:97109 (94.8 KiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:198.xxx.xxx.xxx P-t-P:198.144.190.94 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
OpenVPN.conf:
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1"
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group daemon
daemon
Client.conf
client
remote 198.xxx.xxx.xxx 1194
dev tun
comp-lzo
ca ca.crt
cert client1.crt
key client1.key
route-delay 2
route-method exe
redirect-gateway def1
dhcp-option DNS 10.8.0.1
verb 3
I have also installed iptables however I am not sure if this is OK:
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I suspect I did something wrong with the iptables. Any idea what might be the cause? Thanks a lot!
Comments
I don't have the files on me right now (I'm at work) but I'm thinking you have to do the IPTables on your host. Everything else looks fine.
Its the other one that isn't MASQUERADE
Here it is:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to
Run that and then restart iptables.
Oh and double check with this: http://library.linode.com/networking/openvpn/debian-6-squeeze
Looks like Sapphaire is down again?
@HalfEatenPie:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT -to
iptables v1.4.8: You must specify --to-source
So I tried
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT -to venet0
Bad argument `venet0'
I Think you need venet0:0 but I could be wrong.
Also this is what I meant to write (Seems I formatted it wrong)
Read my below comment
So basically this:
>
Mmm...weird, that does not seem to work as well:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT -to xxx.xxx.xxx.xxx
Bad argument `xxx.xxx.xxx.xxx'
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT -to venet0:0
Bad argument `venet0:0'
--to-source VPS_PUBLIC_IP
why don't you just setup access server. saves all the messing about
That one. Haha if I was home I'd have the script that takes care of all this.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0:0 -j SNAT –-to-source (VPS Public IP Here)
Remember its venet0:0 is before the SNAT part (just copy and paste it)
still no luck....the command is OK and I ran iptables-save after that, no luck accessing Google though....
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0:0 -j SNAT –-to-source (VPS Public IP Here)
Remember its venet0:0 is before the SNAT part (just copy and paste it)
32MB of RAM
did you restart iptables?
service iptables restart
wait... does that require an iptables restart?
venet0 or eth0
service iptables restart
iptables: unrecognized service
its not impossible :P
once I get home I'll take a look at my script :P but I think someone else should most likely help him out because I'm kinda blind without mah scripts!
is totally not a script/drug user
This is the correct answer,
here is what I did:
iptables --table nat --flush
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to-source MYIP
iptables-save
Ok yeah well I'm glad its working out for you haha.
Sorry about that, I'm not on my usual machine so I was mostly guessing myself.
Please don't apologize, you were definitely the person who pointed to me the right direction and I really appreciate that
iptables isn't a service.