1

I set up Openvpn in a Ubuntu vps following this.

This is my client route -n

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.0.5        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         122.84.124.1    0.0.0.0         UG    0      0        0 ppp0
10.8.0.1        10.8.0.5        255.255.255.255 UGH   0      0        0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
122.84.124.1    0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
128.0.0.0       10.8.0.5        128.0.0.0       UG    0      0        0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 ppp0
183.181.60.117  122.84.124.1    255.255.255.255 UGH   0      0        0 ppp0

On client, I can ping 10.8.0.1, but other than that I don't seem to have the Internet access. I tried mtr 8.8.8.8, I get

Host                          Lost% ...
1. 10.8.0.1                    0.0% ...
2. ???

While on server, mtr 8.8.8.8 shows the path.

Any advice what might have gone wrong? Thanks!

zjk
  • 135
  • 1
  • 6

2 Answers2

2

You should set up NAT & routing correctly on the server.

If mtr from the server is working correctly, but not from the clients, you should add a rule like this on the server:

# iptables -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source <public IP of server>

Also, be sure that routing is enabled on the server:

# sysctl net.ipv4.ip_forward 
net.ipv4.ip_forward = 0   <<< disabled
# sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1   <<< enabled

Or if you want to enable it at startup, change net.ipv4.ip_forward to 1 in /etc/sysctl.conf and run sysctl -p.

petrus
  • 5,297
  • 26
  • 42
0

Just in case it's useful, although I see the other answer has already been accepted...

@petrus' answer assumes that you want all internet traffic to go through the OpenVPN network. That's the way to do it if that's what you want.

However, it is common to only need the OpenVPN for accessing resources in that network (e.g. a fileserver/intranet), and to use your normal internet connection for general internet access. In this case you can speed things up by telling your client machine to not route all traffic through OpenVPN. How you do this will depend on your client software and OS, but I thought I'd offer it as I'd noticed that this was happening to my OpenVPN clients and causing an unnecessary slowdown.

artfulrobot
  • 2,949
  • 13
  • 36
  • 60