OpenVPN - can connect to server - can't access internet

Discussion in 'Installation/Configuration' started by hypertyper, Dec 20, 2010.

  1. hypertyper

    hypertyper New Member

    SOLVED

    This line needs to get changed:

    iptables -t nat -A POSTROUTING -j SNAT --to-source YOURVPSIP

    I've managed to install OpenVPN on a CentOs 5 VPS and get it to start. I can log in with my windows client but then I don't have any internet.

    When I try to ping a url he seems to resolve it to an ip address but the ping attempt times out. I can ping the IP of the VPS though even when I'm connected.

    Guide that I followed:
    http://library.linode.com/networking/openvpn/centos-5#installing_openvpn

    My configs look the way the tut describes.

    I've spent over 10 hours on this now doing everything over, trying different pcs etc and I just can't get it to work. I would really appreciate some help.

    this is the log from the client:

    Code:
    Mon Dec 20 15:39:33 2010 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov  8 2010
Mon Dec 20 15:39:33 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Dec 20 15:39:33 2010 LZO compression initialized
Mon Dec 20 15:39:33 2010 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Dec 20 15:39:33 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Dec 20 15:39:33 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Dec 20 15:39:33 2010 Local Options hash (VER=V4): '41690919'
Mon Dec 20 15:39:33 2010 Expected Remote Options hash (VER=V4): '530fdded'
Mon Dec 20 15:39:33 2010 UDPv4 link local: [undef]
Mon Dec 20 15:39:33 2010 UDPv4 link remote: 46.49.167.16:1194
Mon Dec 20 15:39:33 2010 TLS: Initial packet from 46.49.167.16:1194, sid=389525d0 b19e85bc
Mon Dec 20 15:39:33 2010 VERIFY OK: depth=1, /C=UK/ST=BE/L=Manchester/O=Fort-Peter/CN=Fort-Peter_CA/[email protected]
Mon Dec 20 15:39:33 2010 VERIFY OK: nsCertType=SERVER
Mon Dec 20 15:39:33 2010 VERIFY OK: depth=0, /C=UK/ST=BE/L=Manchester/O=Fort-Peter/CN=server/[email protected]
Mon Dec 20 15:39:33 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 20 15:39:33 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 20 15:39:33 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 20 15:39:33 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 20 15:39:33 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Dec 20 15:39:33 2010 [server] Peer Connection Initiated with 46.49.167.16:1194
Mon Dec 20 15:39:36 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Dec 20 15:39:36 2010 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Mon Dec 20 15:39:36 2010 OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec 20 15:39:36 2010 OPTIONS IMPORT: --ifconfig/up options modified
Mon Dec 20 15:39:36 2010 OPTIONS IMPORT: route options modified
Mon Dec 20 15:39:36 2010 ROUTE default_gateway=192.168.1.254
Mon Dec 20 15:39:36 2010 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{0C85BD20-FAFD-43D1-B874-3876A390F03E}.tap
Mon Dec 20 15:39:36 2010 TAP-Win32 Driver Version 9.7 
Mon Dec 20 15:39:36 2010 TAP-Win32 MTU=1500
Mon Dec 20 15:39:36 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {0C85BD20-FAFD-43D1-B874-3876A390F03E} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Mon Dec 20 15:39:36 2010 Successful ARP Flush on interface [2] {0C85BD20-FAFD-43D1-B874-3876A390F03E}
Mon Dec 20 15:39:41 2010 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Mon Dec 20 15:39:41 2010 C:\WINDOWS\system32\route.exe ADD 46.49.167.16 MASK 255.255.255.255 192.168.1.254
Mon Dec 20 15:39:41 2010 Route addition via IPAPI succeeded [adaptive]
Mon Dec 20 15:39:41 2010 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Mon Dec 20 15:39:41 2010 Route addition via IPAPI succeeded [adaptive]
Mon Dec 20 15:39:41 2010 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Mon Dec 20 15:39:41 2010 Route addition via IPAPI succeeded [adaptive]
Mon Dec 20 15:39:41 2010 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Mon Dec 20 15:39:41 2010 Route addition via IPAPI succeeded [adaptive]
Mon Dec 20 15:39:41 2010 Initialization Sequence Completed

    ip table - rc.local file:
    Code:
    iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

touch /var/lock/subsys/local
     
    Last edited: Dec 22, 2010
    hypertyper, Dec 20, 2010
    #1

Share This Page