Accessing Internet via OpenVPN

scng · 08-04-2009, 02:54 AM

For some reasons, my neighbour country (country A), where I need to travel frequently for business purpose, blocks access of some sites.

i wish to gain full access to the Internet whenever I am in country A.

i then set up a vpn server (ubuntu) at home (country B, and no Internet restriction in country B). i wish to direct all internet access via the vpn server when i am in country A.

Code:

That's to say:


Internet (client) <==> Home router <==> VPN server <==> Home router <==> Internet (restricted sites)

i have completed the installation of vpn and can connect successfully to the vpn server from the Internet. the problem is that the connection is limited from client to the vpn server only, failed to access elsewhere (neither the Internet or File server within the intranet).

Code:

My settings:

                          <===> VPN server
Internet <==> Home router
                          <===> File server


Home subnet: 192.168.1.0
VPN subnet: 10.8.0.0

Home router private IP: 192.168.1.1
VPN server IP: 192.168.1.100 & 10.8.0.1
File server IP: 192.168.1.101

I am a newbie to networking. May I ask somebody's help to illustrate how to complete the configuration, in particular, the routing table and any things to do with the openvpn config files?

Thanks a lots!

ccargo · 08-04-2009, 04:38 AM

Hi!

I got a similar setup working. In the server configuration file you should have something like

Code:

push "redirect-gateway def1"

to route all the client traffic through the server. Then to let the client access your home network, it should be enough to issue

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

where the first line enables ip-forwarding and the second adds the forwarding rule.

Hope it works out, cheers!

scng · 08-05-2009, 08:33 PM

Thanks for response!

Clients connecting thru' VPN can now access hosts in 192.168.1.0.

However, when I add [push "redirect-gateway def1"] or [push "redirect-gateway"] to server.conf, clients would not be getting access to the Internet or even other subnets.

I try to traceroute and see packet has gone through 10.8.0.1 (the openvpn) server, but then nothing else.

I have also check openvpn messages upon login and see something like:

Quote:

ROUTE default_gateway=192.168.0.1

I wonder if the gateway should be 10.8.0.1 (VPN server ip) or 192.168.1.1 (Home's route private ip).

I then try to add to server.conf:

Quote:

push "route-gateway 10.8.0.1"

and later replace it by:

push "route-gateway 10.8.0.1"

Whenever route-gateway is in place, clients cannot even ping the VPN server (10.8.0.1) or hosts in subnet (e.g. 192.168.1.101)

I guess it should be the OpenVpn server fails to route client's traffic and wonder if anything to do with iptables?

ccargo · 08-10-2009, 03:55 AM

Hi,

I'm not sure I fully understand. Did you get access to 192.168.0.1 after adding the push-command to the server configuration file and running the two commands on the server? Or did you already have access?

Regarding the messages on startup, I don't see any similar output. However, as far as I understand it, your default gateway should be 10.8.0.1.