Hello
I have a really simple openvpn setup (the server is in a vps i rent), i will use this from my laptop when im at unsecure wireless and stuff like that.
(due to my semi paranoia my public ipaddress is changed to *.
Server:
Code:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.9.8.1 P-t-P:10.9.8.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1122 errors:0 dropped:0 overruns:0 frame:0
TX packets:224 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:74344 (72.6 KiB) TX bytes:16120 (15.7 KiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:46.*.*.* P-t-P:46.21.104.134 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
Config looks like this:
dev tun0
ifconfig 10.9.8.1 10.9.8.2
secret /etc/openvpn/static.key
log-append /var/log/openvpn.log
route -n looks like this:
10.9.8.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 venet0
Client:
Code:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.137.1.15 netmask 255.255.255.255 broadcast 10.255.255.255
inet6 fe80::216:3eff:fe5e:6c0d prefixlen 64 scopeid 0x20<link>
ether 00:16:3e:5e:6c:0d txqueuelen 1000 (Ethernet)
RX packets 48 bytes 5702 (5.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 297 bytes 41482 (40.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 43
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.9.8.2 netmask 255.255.255.255 destination 10.9.8.1
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 18 bytes 1584 (1.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 257 bytes 15420 (15.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Config:
remote 46.*.*.*
dev tun0
ifconfig 10.9.8.2 10.9.8.1
secret /etc/openvpn/static.key
redirect-gateway def1
route -n looks like this:
0.0.0.0 10.9.8.1 128.0.0.0 UG 0 0 0 tun0
10.9.8.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.137.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
46.*.*.* 10.137.1.1 255.255.255.255 UGH 0 0 0 eth0
128.0.0.0 10.9.8.1 128.0.0.0 UG 0 0 0 tun0
And the iptables looks like this:
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.9.8.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
iptables -t nat -L
chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.9.8.2 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I can ping the tun0 interface from the client/server.
But when i try for example
telnet 12.12.12.12 80 from the client, a tcpdump on the server (on the "internet interface) looks like this:
Code:
19:51:07.868127 IP 10.9.8.2.34251 > 12.12.12.12.www: Flags [S], seq 3575009803, win 14600, options [mss 1366,sackOK,TS val 627596 ecr 0,nop,wscale 6], length 0
19:51:15.883932 IP 10.9.8.2.34251 > 12.12.12.12.www: Flags [S], seq 3575009803, win 14600, options [mss 1366,sackOK,TS val 629600 ecr 0,nop,wscale 6], length 0
19:51:31.915842 IP 10.9.8.2.34251 > 12.12.12.12.www: Flags [S], seq 3575009803, win 14600, options [mss 1366,sackOK,TS val 633608 ecr 0,nop,wscale 6], length 0
Any ideas?