Internet access through OpenVPN
-
I configured an Ubuntu box with openvpn. I am able to connect from the client to the vpn server, but would also like to route traffic through the server.
On the OpenVPN conf, I've set push "redirect-gateway def1 bypass-dhcp" also set DNS to openDNS IPs.
Is this could be a firewall issue? Haven't used Ubuntu much, but as I read i though it was ufw, but when I try to disable ufw to test it says command not found. Same with iptables too.
-
Use netstat -tulpn to see what is listening as a starting point.
-
What I have now is:
root@openvpn:~# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 777/sshd
tcp6 0 0 :::22 :::* LISTEN 777/sshd
udp 0 0 0.0.0.0:1194 0.0.0.0:* 946/openvpn -
Okay, so port 946 is what we need to have open. It is definitely listening for something, so that is a good start.
-
I am just trying to figure out what firewall is being used in this box. OpenVPN client connects without me opening any ports. Its only that the client that is connected is not routing internet through the VPN
-
And its the port 1194- for openvpn. 946 is the PID.
-
Oh yeah, 4am here. Haven't had much sleep for days. Pretty blurry here.
-
All ok now? And I think you really need some rest!
-
Ok the command I was typing for ufw was wrong!
root@openvpn:~# ufw --help
root@openvpn:~# ufw disable
Firewall stopped and disabled on system startup
root@openvpn:~# ufw status
Status: inactive -
On syslog, I could see that the connection starts, and also see the openvpn sending the defaults set on the server.conf
Jul 1 04:16:53 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 MULTI: primary virtual IP for openvpn/80.227.101.130:27531: 10.8.0.6
Jul 1 04:16:55 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 PUSH: Received control message: 'PUSH_REQUEST'
Jul 1 04:16:55 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 send_push_reply(): safe_cap=960
Jul 1 04:16:55 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 SENT CONTROL [openvpn]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Jul 1 04:16:55 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 Bad LZO decompression header byte: 96
Jul 1 04:16:57 ovpn-server[1518]: last message repeated 4 times
Jul 1 04:16:57 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 Bad LZO decompression header byte: 69
Jul 1 04:16:58 ovpn-server[1518]: last message repeated 11 times
Jul 1 04:16:58 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 Bad LZO decompression header byte: 96
Jul 1 04:16:59 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 Bad LZO decompression header byte: 69
Jul 1 04:17:00 ovpn-server[1518]: last message repeated 6 times -
That error is gone after commenting comp-lzo on server.conf
Enable compression on the VPN link.
If you enable it here, you must also
enable it in the client config file.
;comp-lzo
But still trying to figure out routing internet through vpn
-
Fixed!
All i had to do is to add the IPtables entry
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to xxx.xx.xx.xx (ServerIP)Now connected and internet routing through VPN
-
Now I need to save this to load the rule on start up and checking on it now!
-
Found it.
First run the iptables entry
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to xxx.xx.xx.xxThen run sudo apt-get install iptables-persistent, and follow the prompts. When it asks to save the current rules, hit "Yes" at both prompts. Now, on reboots, your iptables rules will be restored.
All done, working fine!