Linode Forum

[Trido]

I setup OpenVPN on a VPS runing Debian (Lenny). I have manage to set it up seemingly correctly, got the client running on Windows 7 Pro x64, even got it connected successfully, but I can't do anything. I can't ping the VPN server or access the internet through it. Is anyone able to help me? I pretty much followed the directions of the Linode Library guide. One thing I am wondering about is that I am using my work network at the moment which employs firewalls, etc. If 1194 isn't allowed through, is it possible that this is why I can connect to the server, but can't browse or ping anything?

My conf is below:

CLIENT

client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote server.name 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client.crt
key client.key
;ns-cert-type server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
;mute 20

SERVER

;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway def1"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 10.8.0.1"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
max-clients 3
;user nobody
;group nogroup
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20

I installed dnsmasq and ran the following commands to add stuff to the iptables.

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Everything seems right, and as I said, I can connect to to the server. I just can't do anything once connected. Any help would be appreciated.

[efuoax]

Have you set:

echo 1 > /proc/sys/net/ipv4/ip_forward


Regards

[Trido]

Yep.

[Guspaz]

I know this is not terribly helpful, but OpenVPN has a turnkey solution called "OpenVPN Access Server" that handles all the setup for you and gives you a nice web UI for managing it all. Unfortunately, the free license is only good for two simultaneous connections. You can still override client and server settings through the web UI (which I use, for example, to bypass the VPN for certain subnets). Some client settings are pulled automatically from the server on connect, although some require you to re-import the config file.

It also auto-generates client installers with the config files baked in.

[ohkus]

Follow this guide, it has always worked for me:

http://www.webhostingtalk.com/showthread.php?t=595436

[stan]

Recommend that you review your syslog file and look for error Openvpn messages. If the messages were generated by Iptables, you will know where to add or modify rules.

Trido wrote: I setup OpenVPN on a VPS runing Debian (Lenny). I have manage to set it up seemingly correctly, got the client running on Windows 7 Pro x64, even got it connected successfully, but I can't do anything. I can't ping the VPN server or access the internet through it. Is anyone able to help me? I pretty much followed the directions of the Linode Library guide. One thing I am wondering about is that I am using my work network at the moment which employs firewalls, etc. If 1194 isn't allowed through, is it possible that this is why I can connect to the server, but can't browse or ping anything?

My conf is below:

CLIENT

client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote server.name 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client.crt
key client.key
;ns-cert-type server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
;mute 20

SERVER

;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway def1"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 10.8.0.1"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
max-clients 3
;user nobody
;group nogroup
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20

I installed dnsmasq and ran the following commands to add stuff to the iptables.

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Everything seems right, and as I said, I can connect to to the server. I just can't do anything once connected. Any help would be appreciated.