LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 06-25-2010, 08:10 PM   #1
JamesShijie
LQ Newbie
 
Registered: Jun 2010
Posts: 5

Rep: Reputation: 0
Browser Configuration for OpenVPN


Hi All,

I have recently configured OpenVPN on my company VPS, and have set up my Windows openVPN Client. It connects and everything looks good, but Firefox and/or Chrome aren't using my Client's traffic! I don't know what I'm doing wrong. Here are my conf files, could someone help me spot the error of my ways?

==server.conf==
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
port 1194
# TCP or UDP server?
;proto tcp
proto udp
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
ca ca.crt
cert server.crt
key server.key
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
server 10.8.0.0 255.255.255.0
# Push routes to the client to allow it
# to reach other private subnets behind
# the server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

==Client.conf==
client
dev tun
remote 96.30.**.** 1194 (Actual address not shown)
resolv-retry infinite
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
ca ca.crt
cert james.crt
key james.key

The OpenVPN Client GUI says "Connected on 10.8.0.10" So I know it's working, just none of my browser requests are being pushed to it. Let me know what I need to do. Thank you in advance!

Last edited by JamesShijie; 06-26-2010 at 08:39 AM.
 
Old 06-27-2010, 04:10 AM   #2
halvy
Member
 
Registered: Aug 2005
Location: Boston Massachussets, USA
Distribution: my own Debian creation :)
Posts: 884

Rep: Reputation: 40
Just a shot in the dark.. maybe you should tell the browsers where to look.. like the proxy setup sections..

Also your environment (gnome proxy settings, etc.) may or may not need to be configured for your new set up.
 
Old 06-28-2010, 08:41 AM   #3
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian PPC/i386/AMD64 6/7, Vista, XP , WIN7, Server 03/08
Posts: 1,278

Rep: Reputation: 91
There is a server side option in the openVPN configuration that will force all traffic through the VPN, by default the behavior is to only route VPN traffic to the VPN.

Code:
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
;push "redirect-gateway def1 bypass-dhcp"
Alternatively if you are using a proxy on the VPN side, you could setup your proxy settings in the browser to use the VPN proxy, in which case all requests would go to the proxy in the VPN LAN.
 
Old 07-06-2010, 04:55 AM   #4
JamesShijie
LQ Newbie
 
Registered: Jun 2010
Posts: 5

Original Poster
Rep: Reputation: 0
Solved

Hi all,

Sorry for the long wait in reply. I was able to get this working by forwarding all my traffic through the VPN like this:

My configuration is a VPS server running Virtuozzo 3. MASQUERADE is not virtualized on Virtuozzo 3, so I used SNAT instead. Also, most other places had eth0 instead of venet0 on the postrouting iptables command, and my server needed venet0. I made those changes, including my changes in the server.conf file (below), and it works fine.
Run the following commands:
Code:
iptables -F
iptables -F -t nat     (gets rid of previous iptables entries) 
iptables -X

iptables -t nat -A POSTROUTING -o venet0  -j SNAT --to 111.111.111.111 #This is where you put your server IP address
iptables -A FORWARD  -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
In the server.conf file, I changed these settings to make it work:
Code:
# Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel.  Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
push "redirect-gateway def1"

# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses.  CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
;push "dhcp-option WINS 10.8.0.1"
8.8.8.8 and 8.8.4.4 Are google's public DNS, and will work fine for anyone's needs. You don't need to change those values.

I finally got it working! I'm in Mainland China, and am subsequently blocked from youtube, facebook, hulu, twitter, etc... so this was a good way to get access to those sites and services.

Last edited by JamesShijie; 07-10-2010 at 12:23 AM. Reason: clarity, and fluidity
 
  


Reply

Tags
client, configuration, forwarding, network, openvpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN configuration issue tiedyeguy64 Linux - Networking 6 11-18-2009 07:15 AM
OpenVPN configuration whoas TheGorf Linux - Networking 2 08-11-2009 08:01 AM
OpenVPN configuration problems dmi Linux - Software 1 11-13-2008 03:44 PM
Configuration of OPENVPN Camara Suse/Novell 1 10-04-2006 04:29 PM
Accessing Openvpn client through browser using port nos. jomy Linux - Networking 0 05-20-2006 06:42 AM


All times are GMT -5. The time now is 07:01 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration