Allowing remote access to openVPN in IPTABLES without Masquerade

ysysysys · 05-28-2010, 12:42 PM

Hello,
I am not a Linux expert and I am trying to resolve the following problem:
I have installed OpenVPN server on CentOS 5.5 x86_64
Now all I need is to allow it to connect to all the remote servers
Right now I am able to connect to the OpenVPN server from my PC (Using the OpenVPN GUI) but unable to access any remote address. Just the local OpenVPN server's address is accessible.
Now I am having troubles with the following iptables rule:

Code:

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

I don't have the MASQUERADE module installed so I am getting the following error:

Quote:

iptables: Unknown error 18446744073709551615

I have tried to install this module but received error and it appear to be impossibe to install
In fact all I need is to find some simple command to allow the OpenVPN server to access all remote servers
I have tried

Code:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source server_ip service iptables

(I have replaced the server_ip with the server's IP address)
But that didn't helped
I have enabled the net.ipv4.ip_forward in sysctl.conf and restarted the server but that didn't helped as well
I'd really appreciate if somebody could help me find a valid command
Thanks in advance!

nimnull22 · 05-29-2010, 08:58 PM

Quote:

Originally Posted by ysysysys

Hello,
I am not a Linux expert and I am trying to resolve the following problem:
I have installed OpenVPN server on CentOS 5.5 x86_64
Now all I need is to allow it to connect to all the remote servers
Right now I am able to connect to the OpenVPN server from my PC (Using the OpenVPN GUI) but unable to access any remote address. Just the local OpenVPN server's address is accessible.

1. What do mean by "remote address"?
2. What do you mean by "Just the local OpenVPN server's address"?

In Linux most thing is equal, and OpenVPN server acts like a router to any packets, whether they came from interface or from VPN. If you want your packets go farther you need to tell your router to forward them any farther.

ysysysys · 06-06-2010, 04:32 AM

Hello,
Thanks for your quick response and sorry for my delayed reaction, Been very busy
I want to give access to the OpenVPN server to the "whole web"
Let's say that the IP address of the server where the VPN is hosted is 012.345.678.9
So my problem is that when I am connecting to the OpenVPN server from my Windows client I am only able to enter to http://012.345.678.9 but none other websites are accessible
What can I do to "open" access to all the other websites on the web?
On a lot of other servers where I have installed OpenVPN I have resolved this problem simply by executing this command from SSH

Code:

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
/etc/init.d/iptables save
/etc/init.d/iptables restart

and all the remote websites started to work properly
But on this server the MASQUERADE module is not available and it seems like it is not possible to install this module so I am unable to execute this command
Is there any alternative?
Thanks in advance!

SuperJediWombat! · 06-06-2010, 06:23 AM

Replace '012.345.678.9' with whatever the real IP address of the server is.

Code:

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT --to-source 012.345.678.9

If that does not work, please run these commands and post the output to us:

Code:

ifconfig
ip route
iptables-save
cat /proc/sys/net/ipv4/ip_forward

Basse1 · 06-06-2010, 06:30 AM

If you are using Masquerading (Many to One NAT), I don't think there is a work around rather than installing Masquerading.

SuperJediWombat! · 06-06-2010, 08:18 AM

the SNAT target will do the same thing, MASQUERADE just automatically gets the source IP which is useful for dynamic IP addresses.