[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] openvpn / NAT problems in routed config.please help


  • Subject: [Openvpn-users] openvpn / NAT problems in routed config.please help
  • From: j p <gbuddha@xxxxxxxxx>
  • Date: Fri, 19 Nov 2004 14:23:27 -0700

Hello ,

firstly, kudos to the developers/contributors of openvpn..very slick..

using openvpn 2.0 beta15

I am having trouble  getting the home-laptop client (xp sp2) use the
openvpn server (linux, using iptables) as the default gateway to
browse internet..once VPN connection established,
basically want to channel all traffic from client to use the VPN
server to get out and in to the internet.

please bear with me while i detail the setup and what I have done..thanx
death by too much info:-)

setup/env:

office network already has a working Linux firewall server with NAT.
has 2 interfaces
                            
internet< ==>[eth0 (IP a.b.c.d)  Linux FW/NAT (192.166.10.1) eth1]
<===>Intranet (192.168.10.0)

a.b.c.d is the routable IP from ISP. prior to the Openvpn setup, NAT
is working. intranet servers
are able to bowse/access internet. I setup the OpenVPN on the FW/NAT
Linux server..

I setup a working Openvpn env with the following config files.
after the VPN connection between XP client and the Linux server, I am
able to access the
hosts on the intranet(192.168.10.0)..telnet/ping etc..so basically
tells me the config/env is
setup correct from VPN perspective..(192.168.10.0 host are able to
ping the homelaptop
as well..)

using the sample setup/examples from this
http://openvpn.sourceforge.net/20notes.html#examples
+++++++
client config: homelaptop(XP sp2) 
#####
client
dev tun
proto udp
remote a.b.c.d 1194
ca my-ca.crt
cert home.crt
key home.key
comp-lzo
verb 6
mute 20
#######
server config Linux(2.6.9, iptables)
#######
;local a.b.c.d
port 1194
proto udp
dev tun
ca keys/my-ca.crt
cert keys/office.crt
key keys/office.key  # This file should be kept secret
dh keys/hd1024.pem
server 10.8.0.0 255.255.255.0
push "route 192.168.10.0 255.255.255.0"
push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway"
push "dhcp-option DNS 10.8.0.1"
duplicate-cn
keepalive 10 60
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log         /var/log/openvpn/openvpn.log
log-append  /var/log/openvpn/openvpn.log
verb 6
mute 20
====
++++++++

After the VPN setup on the server, the clients on 192.168.10.0 network
are still able to browse
internet..tells me NAT is  still working and OpenVPn did'nt break
anything (which it shouldn't)..

But the homelaptop which got the IP(10.8.0.6)  assigned by the VPN
server  is not able to
access internet. here is "route print" output. Note 10.10.2.0/24  is
the home network for  the
laptop (laptop ===router===cablemodem===internet)

on the laptop
++++++++++
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.8.0.5        10.8.0.6       1
         10.8.0.1  255.255.255.255         10.8.0.5        10.8.0.6       1
         10.8.0.4  255.255.255.252         10.8.0.6        10.8.0.6       30
         10.8.0.6  255.255.255.255        127.0.0.1       127.0.0.1       30
        10.10.2.0    255.255.255.0        10.10.2.2       10.10.2.2       20
        10.10.2.2  255.255.255.255        127.0.0.1       127.0.0.1       20
   10.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       30
   10.255.255.255  255.255.255.255        10.10.2.2       10.10.2.2       20
   a.b.c.d  255.255.255.255        10.10.2.1       10.10.2.2       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
     192.168.10.0    255.255.255.0         10.8.0.5        10.8.0.6       1
     192.168.20.0    255.255.255.0         10.8.0.5        10.8.0.6       1
        224.0.0.0        240.0.0.0         10.8.0.6        10.8.0.6       30
        224.0.0.0        240.0.0.0        10.10.2.2       10.10.2.2       20
  255.255.255.255  255.255.255.255         10.8.0.6               3       1
  255.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       1
  255.255.255.255  255.255.255.255        10.10.2.2       10.10.2.2       1
Default Gateway:          10.8.0.5
++++++++++

on the server
+++++++++++
tun0      Link encap:Point-to-Point Protocol
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:417 (417.0 b)  TX bytes:185 (185.0 b
++++++++++

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.8.0.2        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
x.y.w.0  0.0.0.0         255.255.255.240 U         0 0          0 eth0
10.8.0.0        10.8.0.2        255.255.255.128 UG        0 0          0 tun0
192.168.10.0    0.0.0.0         255.255.255.0   U         0 0          0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         x.y.w.z  0.0.0.0         UG        0 0          0 eth0
++++++++++++++++

I have updated the iptables with setting/suggestions made in How-to for VPN
http://openvpn.sourceforge.net/howto.html

I am still unable to browse internet from my homelaptop by using DNS
names or even
just IP addresses of website (just to eliminate DNS being and issues).
But the clinets in the
office on 192.168.10.0 network can browse/access internet..


I basically want all the network traffic to the internet from 
homelatop to go via the VPN server..
I have searched the list, couldn't find the info(really, i did
search)..it's been almost 2 days I have
been battling with this..I am so close to make  a complete/perfect solution..
any thoughts on how to fix this issue?? any help/suggestions is very welcome..

and thanx for reading.
jp

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users