Setting up an openvpn server with tls auth and ip forwarding.
I could connect to the vpn server just fine, but couldn't reach any outside connections
I could not successfully ping 8.8.8.8 the google dns service
but I knew I could connect to the vpn server:
tcpdump -i tun0
where tun0 is my vpn interface
and could see packets comming in from my client.
But the problem was that my iptables chain was reversed
here is my old iptables
-A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m udp --dport 2345 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2345 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j DROP
-A FORWARD -j DROP
-A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.0.0/24 -o eth0 -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT
You can see that this is backwards
-A FORWARD -j DROP
-A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.0.0/24 -o eth0 -j ACCEPT
before any forwarded packet is accepted. it is dropped immediately simply reversing it fixed the issue
-A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.0.0/24 -o eth0 -j ACCEPT
-A FORWARD -j DROP
once I fixed it everything else worked just fine. The only problem is that I feel a little silly
