How to forward all traffic through openvpn?

Question

and thanks in advance.

I'm having problems trying to forward all openvpn clients traffic through the vpn network.

The vpn server, has 2 interfaces, one connecting to the internet (eth0), and the other one acting as a router to the rest of the local network (eth2).

Right now, I can connect through the vpn and access the local network machines, but no more than that (no pinging remote sites, no web browsing).

This is my actual server.conf file:

port 1194
proto udp
dev tun
ca ca.crt
cert secret.crt
key secret.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

;push "route 10.0.0.0 255.255.255.0"
;push "route 192.168.1.200 255.255.255.0"

push "redirect-gateway def1"
;push "redirect-gateway def1 bypass-dhcp"

;push "dhcp-option DNS 192.168.1.3"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

keepalive 10 120
comp-lzo
;user nobody
;group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

This is my iptables rule:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

And my interfaces information:

eth0      Link encap:Ethernet  direcciónHW c0:3f:0e:9e:07:e9  
          Direc. inet:80.43.xxx.xxx  Difus.:255.255.255.255  Másc:255.255.255.224
          Dirección inet6: fe80::c23f:eff:fe9e:7e9/64 Alcance:Enlace
          ACTIVO DIFUSIÓN FUNCIONANDO MULTICAST  MTU:1500  Métrica:1
          Paquetes RX:14845931 errores:0 perdidos:0 overruns:0 frame:0
          Paquetes TX:12048857 errores:0 perdidos:0 overruns:0 carrier:0
          colisiones:0 long.colaTX:1000 
          Bytes RX:16129224868 (16.1 GB)  TX bytes:7782589421 (7.7 GB)
          Interrupción:19 Dirección base: 0x2c00 

eth2      Link encap:Ethernet  direcciónHW 00:21:85:70:20:e7  
          Direc. inet:192.168.1.3  Difus.:192.168.1.255  Másc:255.255.255.0
          ACTIVO DIFUSIÓN FUNCIONANDO PROMISCUO MULTICAST  MTU:1500  Métrica:1
          Paquetes RX:12070405 errores:335 perdidos:0 overruns:325 frame:10
          Paquetes TX:14701425 errores:0 perdidos:0 overruns:0 carrier:0
          colisiones:0 long.colaTX:1000 
          Bytes RX:7798699159 (7.7 GB)  TX bytes:16098011373 (16.0 GB)
          Interrupción:43 Dirección base: 0x8000 

lo        Link encap:Bucle local  
          Direc. inet:127.0.0.1  Másc:255.0.0.0
          Dirección inet6: ::1/128 Alcance:Anfitrión
          ACTIVO BUCLE FUNCIONANDO  MTU:16436  Métrica:1
          Paquetes RX:14111 errores:0 perdidos:0 overruns:0 frame:0
          Paquetes TX:14111 errores:0 perdidos:0 overruns:0 carrier:0
          colisiones:0 long.colaTX:0 
          Bytes RX:1393623 (1.3 MB)  TX bytes:1393623 (1.3 MB)

tun0      Link encap:UNSPEC  direcciónHW 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          Direc. inet:10.8.0.1  P-t-P:10.8.0.2  Másc:255.255.255.255
          ACTIVO PUNTO A PUNTO FUNCIONANDO NOARP MULTICAST  MTU:1500  Métrica:1
          Paquetes RX:35 errores:0 perdidos:0 overruns:0 frame:0
          Paquetes TX:35 errores:0 perdidos:0 overruns:0 carrier:0
          colisiones:0 long.colaTX:100 
          Bytes RX:2728 (2.7 KB)  TX bytes:2728 (2.7 KB)

Any help will be appreciated. Kind regards, Simon.

Edit

Traceroute results:

$ traceroute -n 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
1 10.8.0.1 74.563 ms 89.505 ms 90.249 ms
2 10.35.192.1 98.905 ms 99.901 ms 99.455 ms
3 10.47.243.141 109.398 ms 99.572 ms 169.625 ms
4 10.47.242.169 109.367 ms 99.899 ms 140.137 ms
5 10.254.4.2 109.517 ms 109.496 ms 119.538 ms
6 *^C

So, on the OpenVPN clients, running `traceroute -n 8.8.8.8` shows it going through 10.8.0.1 on the first or second hop? — cjc, Aug 01 '12 at 17:11
This is the output (sorry, I don't know how to format it): traceroute -n 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets 1 10.8.0.1 74.563 ms 89.505 ms 90.249 ms 2 10.35.192.1 98.905 ms 99.901 ms 99.455 ms 3 10.47.243.141 109.398 ms 99.572 ms 169.625 ms 4 10.47.242.169 109.367 ms 99.899 ms 140.137 ms 5 10.254.4.2 109.517 ms 109.496 ms 119.538 ms 6 *^C — Simon, Aug 02 '12 at 10:11
The thing is, that the the same configuration, works fine from my home imac. In the office, I'm trying with a macbook air with a 3G usb modem, without success (I'm able to ping other computers in the office, but without being able to exit to the world). — Simon, Aug 02 '12 at 10:15
Hmm, I think you need to edit your Question and post the routing tables for the OpenVPN server and the client. I see `inet:80.43.xxx.xxx` for eth0, which is the public IP. The traceroute shows the packet going through the VPN, but then the next hop is 10.35.192.1, which presumably is eth1's network. — cjc, Aug 02 '12 at 15:01

How to forward all traffic through openvpn?

0 Answers0