Linode Forum :: OpenVPN connecting but nothing works

I setup OpenVPN on a VPS runing Debian (Lenny). I have manage to set it up seemingly correctly, got the client running on Windows 7 Pro x64, even got it connected successfully, but I can't do anything. I can't ping the VPN server or access the internet through it. Is anyone able to help me? I pretty much followed the directions of the Linode Library guide. One thing I am wondering about is that I am using my work network at the moment which employs firewalls, etc. If 1194 isn't allowed through, is it possible that this is why I can connect to the server, but can't browse or ping anything?

My conf is below:

CLIENT

client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote server.name 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client.crt
key client.key
;ns-cert-type server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
;mute 20

SERVER

;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway def1"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 10.8.0.1"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
max-clients 3
;user nobody
;group nogroup
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20

I installed dnsmasq and ran the following commands to add stuff to the iptables.

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Everything seems right, and as I said, I can connect to to the server. I just can't do anything once connected. Any help would be appreciated.

Author:	Trido [ Wed Mar 31, 2010 10:21 pm ]
Post subject:	OpenVPN connecting but nothing works
I setup OpenVPN on a VPS runing Debian (Lenny). I have manage to set it up seemingly correctly, got the client running on Windows 7 Pro x64, even got it connected successfully, but I can't do anything. I can't ping the VPN server or access the internet through it. Is anyone able to help me? I pretty much followed the directions of the Linode Library guide. One thing I am wondering about is that I am using my work network at the moment which employs firewalls, etc. If 1194 isn't allowed through, is it possible that this is why I can connect to the server, but can't browse or ping anything? My conf is below: CLIENT client ;dev tap dev tun ;dev-node MyTap ;proto tcp proto udp remote server.name 1194 ;remote-random resolv-retry infinite nobind ;user nobody ;group nobody persist-key persist-tun ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] ;mute-replay-warnings ca ca.crt cert client.crt key client.key ;ns-cert-type server ;tls-auth ta.key 1 ;cipher x comp-lzo verb 3 ;mute 20 SERVER ;local a.b.c.d port 1194 ;proto tcp proto udp ;dev tap dev tun ;dev-node MyTap ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 ;server-bridge ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" push "redirect-gateway def1" ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 ;learn-address ./script ;push "redirect-gateway def1 bypass-dhcp" ;push "dhcp-option DNS 208.67.222.222" ;push "dhcp-option DNS 208.67.220.220" push "dhcp-option DNS 10.8.0.1" ;client-to-client ;duplicate-cn keepalive 10 120 ;tls-auth ta.key 0 # This file is secret ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES comp-lzo max-clients 3 ;user nobody ;group nogroup persist-key persist-tun status openvpn-status.log ;log openvpn.log ;log-append openvpn.log verb 3 ;mute 20 I installed dnsmasq and ran the following commands to add stuff to the iptables. iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE Everything seems right, and as I said, I can connect to to the server. I just can't do anything once connected. Any help would be appreciated.

Author:	efuoax [ Thu Apr 01, 2010 1:24 am ]
Post subject:
Have you set: echo 1 > /proc/sys/net/ipv4/ip_forward Regards

Author:	Trido [ Thu Apr 01, 2010 2:18 am ]
Post subject:
Yep.

Author:	Guspaz [ Wed Apr 07, 2010 4:05 pm ]
Post subject:
I know this is not terribly helpful, but OpenVPN has a turnkey solution called "OpenVPN Access Server" that handles all the setup for you and gives you a nice web UI for managing it all. Unfortunately, the free license is only good for two simultaneous connections. You can still override client and server settings through the web UI (which I use, for example, to bypass the VPN for certain subnets). Some client settings are pulled automatically from the server on connect, although some require you to re-import the config file. It also auto-generates client installers with the config files baked in.

Author:	ohkus [ Wed Apr 07, 2010 4:36 pm ]
Post subject:
Follow this guide, it has always worked for me: http://www.webhostingtalk.com/showthread.php?t=595436

Linode Forum https://forum.linode.com/

OpenVPN connecting but nothing works https://forum.linode.com/viewtopic.php?f=19&t=5389	Page 1 of 1

Author:	stan [ Sun Apr 18, 2010 5:06 pm ]
Post subject:	Re: OpenVPN connecting but nothing works
Recommend that you review your syslog file and look for error Openvpn messages. If the messages were generated by Iptables, you will know where to add or modify rules. Trido wrote: I setup OpenVPN on a VPS runing Debian (Lenny). I have manage to set it up seemingly correctly, got the client running on Windows 7 Pro x64, even got it connected successfully, but I can't do anything. I can't ping the VPN server or access the internet through it. Is anyone able to help me? I pretty much followed the directions of the Linode Library guide. One thing I am wondering about is that I am using my work network at the moment which employs firewalls, etc. If 1194 isn't allowed through, is it possible that this is why I can connect to the server, but can't browse or ping anything? My conf is below: CLIENT client ;dev tap dev tun ;dev-node MyTap ;proto tcp proto udp remote server.name 1194 ;remote-random resolv-retry infinite nobind ;user nobody ;group nobody persist-key persist-tun ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] ;mute-replay-warnings ca ca.crt cert client.crt key client.key ;ns-cert-type server ;tls-auth ta.key 1 ;cipher x comp-lzo verb 3 ;mute 20 SERVER ;local a.b.c.d port 1194 ;proto tcp proto udp ;dev tap dev tun ;dev-node MyTap ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 ;server-bridge ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" push "redirect-gateway def1" ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 ;learn-address ./script ;push "redirect-gateway def1 bypass-dhcp" ;push "dhcp-option DNS 208.67.222.222" ;push "dhcp-option DNS 208.67.220.220" push "dhcp-option DNS 10.8.0.1" ;client-to-client ;duplicate-cn keepalive 10 120 ;tls-auth ta.key 0 # This file is secret ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES comp-lzo max-clients 3 ;user nobody ;group nogroup persist-key persist-tun status openvpn-status.log ;log openvpn.log ;log-append openvpn.log verb 3 ;mute 20 I installed dnsmasq and ran the following commands to add stuff to the iptables. iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE Everything seems right, and as I said, I can connect to to the server. I just can't do anything once connected. Any help would be appreciated.

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/