[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] openvpn / NAT problems in routed config.please help

  • Subject: [Openvpn-users] openvpn / NAT problems in routed config.please help
  • From: j p <gbuddha@xxxxxxxxx>
  • Date: Fri, 19 Nov 2004 14:23:27 -0700

Hello ,

firstly, kudos to the developers/contributors of openvpn..very slick..

using openvpn 2.0 beta15

I am having trouble  getting the home-laptop client (xp sp2) use the
openvpn server (linux, using iptables) as the default gateway to
browse internet..once VPN connection established,
basically want to channel all traffic from client to use the VPN
server to get out and in to the internet.

please bear with me while i detail the setup and what I have done..thanx
death by too much info:-)


office network already has a working Linux firewall server with NAT.
has 2 interfaces
internet< ==>[eth0 (IP a.b.c.d)  Linux FW/NAT ( eth1]
<===>Intranet (

a.b.c.d is the routable IP from ISP. prior to the Openvpn setup, NAT
is working. intranet servers
are able to bowse/access internet. I setup the OpenVPN on the FW/NAT
Linux server..

I setup a working Openvpn env with the following config files.
after the VPN connection between XP client and the Linux server, I am
able to access the
hosts on the intranet( etc..so basically
tells me the config/env is
setup correct from VPN perspective..( host are able to
ping the homelaptop
as well..)

using the sample setup/examples from this
client config: homelaptop(XP sp2) 
dev tun
proto udp
remote a.b.c.d 1194
ca my-ca.crt
cert home.crt
key home.key
verb 6
mute 20
server config Linux(2.6.9, iptables)
;local a.b.c.d
port 1194
proto udp
dev tun
ca keys/my-ca.crt
cert keys/office.crt
key keys/office.key  # This file should be kept secret
dh keys/hd1024.pem
push "route"
push "route"
push "redirect-gateway"
push "dhcp-option DNS"
keepalive 10 60
user openvpn
group openvpn
status /var/log/openvpn/openvpn-status.log
log         /var/log/openvpn/openvpn.log
log-append  /var/log/openvpn/openvpn.log
verb 6
mute 20

After the VPN setup on the server, the clients on network
are still able to browse
internet..tells me NAT is  still working and OpenVPn did'nt break
anything (which it shouldn't)..

But the homelaptop which got the IP(  assigned by the VPN
server  is not able to
access internet. here is "route print" output. Note  is
the home network for  the
laptop (laptop ===router===cablemodem===internet)

on the laptop
Network Destination        Netmask          Gateway       Interface  Metric
       1       1       30       30       20       20       30       20
   a.b.c.d       1       1       1       1       30       20               3       1       1       1
Default Gateway:

on the server
tun0      Link encap:Point-to-Point Protocol
          inet addr:  P-t-P:  Mask:
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:417 (417.0 b)  TX bytes:185 (185.0 b

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface UH        0 0          0 tun0
x.y.w.0 U         0 0          0 eth0 UG        0 0          0 tun0   U         0 0          0 eth1     U         0 0          0 eth1       U         0 0          0 lo         x.y.w.z         UG        0 0          0 eth0

I have updated the iptables with setting/suggestions made in How-to for VPN

I am still unable to browse internet from my homelaptop by using DNS
names or even
just IP addresses of website (just to eliminate DNS being and issues).
But the clinets in the
office on network can browse/access internet..

I basically want all the network traffic to the internet from 
homelatop to go via the VPN server..
I have searched the list, couldn't find the info(really, i did
search)..it's been almost 2 days I have
been battling with this..I am so close to make  a complete/perfect solution..
any thoughts on how to fix this issue?? any help/suggestions is very welcome..

and thanx for reading.

Openvpn-users mailing list