1

I set up an OpenVPN server on my VPS, using this guide: http://vpsnoc.com/blog/how-to-install-openvpn-on-a-debianubuntu-vps-instantly/

And I can connect to it without problems. Connect, that is, because no traffic is being redirected. When I try to load a webpage when connected to the vpn I just get an error.

This is the config file it generated:

dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway"
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group daemon
daemon

This is my iptables.conf

# Generated by iptables-save v1.4.4 on Sat May  7 13:09:44 2011
*raw
:PREROUTING ACCEPT [37938267:10998335127]
:OUTPUT ACCEPT [35616847:14165347907]
COMMIT
# Completed on Sat May  7 13:09:44 2011
# Generated by iptables-save v1.4.4 on Sat May  7 13:09:44 2011
*nat
:PREROUTING ACCEPT [794948:91051460]
:POSTROUTING ACCEPT [1603974:108147033]
:OUTPUT ACCEPT [1603974:108147033]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
COMMIT
# Completed on Sat May  7 13:09:44 2011
# Generated by iptables-save v1.4.4 on Sat May  7 13:09:44 2011
*mangle
:PREROUTING ACCEPT [37938267:10998335127]
:INPUT ACCEPT [37677226:10960834925]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [35616847:14165347907]
:POSTROUTING ACCEPT [35680187:14169930490]
COMMIT
# Completed on Sat May  7 13:09:44 2011
# Generated by iptables-save v1.4.4 on Sat May  7 13:09:44 2011
*filter
:INPUT ACCEPT [37677226:10960834925]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [35616848:14165347947]
-A INPUT -i eth0 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A FORWARD -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A FORWARD -i eth0 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
COMMIT
# Completed on Sat May  7 13:09:44 2011
Jelle De Loecker
  • 1,055
  • 6
  • 16
  • 29
  • Is the config you posted for your VPN server or client? Can you post both? What is the error you received when trying to load a webpage? – tehfink May 07 '11 at 22:52

4 Answers4

3

Just make sure you add a NAT rule to permit outbound traffic over your server's gateway.

You haven't mentioned your client pool - so I'll just take a guess, but correct it to suit. 

iptables -t nat -I POSTROUTING -o tun+ -s 10.8.1.0/24 -j MASQUERADE

And depending on your other firewall rules, you might need to add this too

iptables -P FORWARD ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT

I also wrote a detailed configuration for a basic set-up here https://serverfault.com/a/403016/113375

Community
  • 1
Ben Lessani
  • 5,174
  • 16
  • 37
2

You should try this :

edit server.conf and add :

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

Router config

echo "1" > /proc/sys/net/ipv4/ip_forward

Edit /etc/sysctl.conf and add 

net.ipv4.ip_forward = 1

Then 

sudo sh -c "iptables-save > /etc/iptables.rules"

REstart your VPN:

sudo service openvpn restart

This should worx

x_vi_r
  • 300
  • 2
  • 4
  • 15
1

Make sure you have uncommented the below line in your /etc/sysctl.conf file

net.ipv4.ip_forward=1
sukupandachu
  • 11
  • 2
0

Fix for Ubuntu/Debian

edit - /etc/openvpn/server.conf

add: push "redirect-gateway def1"

edit - /etc/sysctl.conf

add: net.ipv4.ip_forward=1

Add these rules to your Iptables:

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Install dnsmasq - apt-get install dnsmasq

edit - /etc/openvpn/server.conf

add: push "dhcp-option DNS 10.8.0.1"

Reboot Server.

Server should now tunnel ipv4 and DNS traffic.

Hawk
  • 107
  • 2