LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Browser Configuration for OpenVPN (https://www.linuxquestions.org/questions/linux-server-73/browser-configuration-for-openvpn-816433/)

JamesShijie 06-25-2010 08:10 PM

Browser Configuration for OpenVPN
 
Hi All,

I have recently configured OpenVPN on my company VPS, and have set up my Windows openVPN Client. It connects and everything looks good, but Firefox and/or Chrome aren't using my Client's traffic! I don't know what I'm doing wrong. Here are my conf files, could someone help me spot the error of my ways?

==server.conf==
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
port 1194
# TCP or UDP server?
;proto tcp
proto udp
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
ca ca.crt
cert server.crt
key server.key
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
server 10.8.0.0 255.255.255.0
# Push routes to the client to allow it
# to reach other private subnets behind
# the server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

==Client.conf==
client
dev tun
remote 96.30.**.** 1194 (Actual address not shown)
resolv-retry infinite
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
ca ca.crt
cert james.crt
key james.key

The OpenVPN Client GUI says "Connected on 10.8.0.10" So I know it's working, just none of my browser requests are being pushed to it. Let me know what I need to do. Thank you in advance!

halvy 06-27-2010 04:10 AM

Just a shot in the dark.. maybe you should tell the browsers where to look.. like the proxy setup sections..

Also your environment (gnome proxy settings, etc.) may or may not need to be configured for your new set up.

scheidel21 06-28-2010 08:41 AM

There is a server side option in the openVPN configuration that will force all traffic through the VPN, by default the behavior is to only route VPN traffic to the VPN.

Code:

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
;push "redirect-gateway def1 bypass-dhcp"

Alternatively if you are using a proxy on the VPN side, you could setup your proxy settings in the browser to use the VPN proxy, in which case all requests would go to the proxy in the VPN LAN.

JamesShijie 07-06-2010 04:55 AM

Solved
 
Hi all,

Sorry for the long wait in reply. I was able to get this working by forwarding all my traffic through the VPN like this:

My configuration is a VPS server running Virtuozzo 3. MASQUERADE is not virtualized on Virtuozzo 3, so I used SNAT instead. Also, most other places had eth0 instead of venet0 on the postrouting iptables command, and my server needed venet0. I made those changes, including my changes in the server.conf file (below), and it works fine.
Run the following commands:
Code:

iptables -F
iptables -F -t nat    (gets rid of previous iptables entries)
iptables -X

iptables -t nat -A POSTROUTING -o venet0  -j SNAT --to 111.111.111.111 #This is where you put your server IP address
iptables -A FORWARD  -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

In the server.conf file, I changed these settings to make it work:
Code:

# Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel.  Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
push "redirect-gateway def1"

# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses.  CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
;push "dhcp-option WINS 10.8.0.1"

8.8.8.8 and 8.8.4.4 Are google's public DNS, and will work fine for anyone's needs. You don't need to change those values.

I finally got it working! I'm in Mainland China, and am subsequently blocked from youtube, facebook, hulu, twitter, etc... so this was a good way to get access to those sites and services.


All times are GMT -5. The time now is 03:29 AM.