Problem setting up OpenVPN server

E

Elle Solomina2013-06-06 20:42:31

linux

Elle Solomina, 2013-06-06 20:42:31

There is a VDS on Ubuntu 11.04 (GNU/Linux 2.6.18-348.4.1.el5.028stab107.1 i686). I'm trying to set up OpenVPN access to the Internet through this server, but for some reason it doesn't work. Please tell me what I'm doing wrong.
Server side settings:

# cat /etc/openvpn/server_udp.conf | grep -E "^[az]"

port 9999
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/xxxx.ca.crt
key /etc/openvpn/keys/xxxx.ca .key # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem
server 192.168.50.0 255.255.255.0
ifconfig-pool-persist ipp_udp.txt
push "route 0.0.0.0 0.0.0.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
auth SHA1
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-udp-status.log
verb 3

# cat /etc/rc.local | grep -E "^[az]"

iptables -A FORWARD -s 192.168.50.0/24 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168. 50.0/24 -o eth0 -j MASQUERADE
exit 0

# cat /etc/sysctl.conf | grep -E "^[az]"

net.ipv4.ip_forward=1

#
#

Client config (Windows 7):

client
dev tun
dev-node extVPN
proto udp
remote xxxx 9999
resolv-retry infinite
nobind
persist-key
persist-tun
ca sunnyville/ca.crt
cert xxxx/xxxx. crt
key xxxx/xxxx.key ns -
cert-type server
auth SHA1
cipher AES-128-CBC
comp-lzo
verb

any ip reaches 192.168.50.1 and then pitch silence.

Reply

Answer the question

In order to leave comments, you need to log in

8 answer(s)

P

pcdesign, 2013-06-06
@ElleSolomina

Try this:
iptables -t nat -I POSTROUTING -s 192.168.50.0/24 -j SNAT --to-source XX.XX.XX.XX
XX.XX.XX.XX is your white server IP.
And add the line:
log-append /var/log/openvpn.log
To see detailed logs on the server.
PS Well, maybe AppArmor is fooling his head.
P.S.2. Well, do not forget to run openvpn in Windows as an administrator.

S

smartlight, 2013-06-06
@smartlight

push «route 0.0.0.0 0.0.0.0»
 push «redirect-gateway def1 bypass-dhcp»
 push «dhcp-option DNS 208.67.220.220»
 push «dhcp-option DNS 208.67.222.222»
 push «dhcp-option DNS 8.8.8.8»
 push «dhcp-option DNS 8.8.4.4»

and it is better to separate it into a separate file and do it through ccd

S

smartlight, 2013-06-06
@smartlight

it doesn't hurt to do this:

iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT

S

SergeyShibka, 2013-06-07
@SergeyShibka

and run the client on 7k from the admin?

S

shur1k, 2013-06-07
@shur1k

There was a similar situation www.linux.org.ru/forum/admin/9190469

S

smartlight, 2013-06-07
@smartlight

iptables -v -nL pls

S

smartlight, 2013-06-07
@smartlight

OK. i would start with simple openvpn without getaway assignment

M

mOlind, 2013-06-10
@mOlind

I don't quite have a solution to your original openvpn problem. However, I can offer another fallback option for connecting to the Internet without filters, I somehow used it myself: justfreevpn.com