2

I've setup OpenVPN following this tutorial, and everything works fine except that I don't have an internet connection on the client while connected to VPN.

http://www.howtoforge.com/internet-and-lan-over-vpn-using-openvpn-linux-server-windows-linux-clients-works-for-gaming-and-through-firewalls

My VPS server config is as follows (Ubuntu):

dev tun
proto udp
port 1194


ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem


user nobody
group nogroup
server 10.8.0.0 255.255.255.0


persist-key
persist-tun


status /var/log/openvpn-status.log
verb 3
client-to-client


push "redirect-gateway local def1"
#set the dns servers
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"


log-append /var/log/openvpn
comp-lzo


plugin /usr/lib/openvpn/openvpn-auth-pam.so common-auth

My client config is as follows (Windows 7):

dev tun
client
proto udp
remote XXX.XXX.XXX.XXX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert stefan.crt
key stefan.key
comp-lzo
verb 3
auth-user-pass
redirect-gateway local def1

I've turned off the firewall on the server for testing purposes (it doesn't help), and tried both wired and wireless connecting on the client.

I've tried many Google results... but nothing seems to help.

Can you help me?

Thanks so far...

Stefan
  • 21
  • 1
  • 1
  • 2
  • 1
    have you turn ip forwarding on your vps server ? what is it ? is it centos ? in /etc/sysctl.conf , net.ipv4.ip_forward = 1 and of course your IPTABELS MASQUERADE rule mentioned earlier . –  Jan 03 '15 at 04:04

1 Answers1

3

If you're pushing all Internet traffic through the VPN like it's configured to (the redirect-gateway directive), you also need to tell the server to route the traffic with iptables like so:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Adjust to your requirements, but that's the jist of it.

Nathan C
  • 15,059
  • 4
  • 43
  • 62
  • The IP assigned by the VPN client is 10.8.0.6, is that the IP I should use in the iptables command? – Stefan May 08 '14 at 19:00
  • 1
    I've tried both... still no internet access – Stefan May 08 '14 at 19:06
  • Is the client on your local network? If it is, add `local` to your `redirect-gateway` line. Also, make sure eth0 is current (your main interface). – Nathan C May 08 '14 at 19:09
  • The client is running at home (behind the ISP router), the server is a VPS running in a webserver. Adding local makes no difference. Eth0 is running (on the server that is). – Stefan May 08 '14 at 19:19
  • What would the equivalent command be for IPv6, assuming I've configured OpenVPN with a /64 block? – Nathan Osman Aug 31 '15 at 04:35