i try to setup openvpn on a vps and I'm able to establish a connection to the server, but the gateway isn't assigned to the client.
Here are my config files:
client dev tun proto udp remote foo.bar 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client1.crt key client1.key ns-cert-type server redirect-gateway comp-lzo verb 3 pull
port 1194 proto udp dev tun ca easy-rsa/2.0/keys/ca.crt cert easy-rsa/2.0/keys/server.crt key easy-rsa/2.0/keys/server.key dh easy-rsa/2.0/keys/dh2048.pem server 172.30.90.0 255.255.255.192 ifconfig-pool-persist ipp.txt push "redirect-gateway def1" push "dhcp-option DNS 188.8.131.52" push "dhcp-option DNS 184.108.40.206" keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log openvpn.log log-append openvpn.log verb 3
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 172.30.90.6 --> 172.30.90.5 netmask 0xffffffff open (pid 42823)
iptables rules on the server:
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
I want to route the whole traffic over the VPN. I already added redirect-gateway, so it should work. I really can't see whats wrong here and I hope that you can help me to fix the issue.
After connecting to the VPN, run the command
route -n or
netstat -rn on the client and see if the gateway address is assigned.
Check if you've done the following:
On the server:
push gateway to client:
Add this to file: /etc/openvpn/server.conf
push "redirect-gateway def1"
Add this to file: /etc/sysctl.conf
Or issue the following command to set this variable for the current session:
echo 1 > /proc/sys/net/ipv4/ip_forward
Issue the following commands to configure iptables to properly forward traffic through the VPN:
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s [vpn client subnet] -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s [vpn client subnet] -o eth0 -j MASQUERADE
in the client configuration.
You are already pushing the
redirect-gateway configuration via the
push mechanism of the server and only in that case you are sending it with the correct parameter (
The behavior of
redirect-gateway without parameter is openvpn-version-dependent (and you did not specify your specific version) so better be on the safe side.
If this does not help, I see different possible problems.
I suggest the following troubleshoot:
iptables -L -t nat) or in the forwarding configuration
User contributions licensed under CC BY-SA 3.0