iCloud stuff stops working while connected to OpenVPN [closed]

Posted by Taco Bob on Server Fault See other posts from Server Fault or by Taco Bob
Published on 2012-10-30T00:47:33Z Indexed on 2012/10/30 5:05 UTC
Read the original article Hit count: 401

Filed under:
|

I have a fairly simple OpenVPN setup on an OpenVZ VPS with Ubuntu 11.10. Client is the Viscosity client on Mac OS X 10.8.2, and after some testing, we can rule out the client as being part of the problem. Everything has been working fine except for Apple's iCloud stuff. Web surfing, email, FTP, NNTP, and Skype are all working as expected. It's ONLY the iCloud services that cease to function.

If I connect to the VPN, iCloud stuff stops working. I no longer get anything in Messages, Calendar items don't get updated, and Notifications stop working. If I disconnect, the iCloud stuff all starts working. Connect again, iCloud stops working.

Here's the server.conf:

status openvpn-status.log
log /var/log/openvpn.log
verb 4
port 1194
proto udp 
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.9.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push “dhcp-option DNS 10.9.8.1?
keepalive 10 120
duplicate-cn
cipher BF-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
tun-mtu  1500
mssfix 1400

I'm using iptables in a script, and it's also fairly simplistic.

iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -A FORWARD -i tun0 -o venet0 -j ACCEPT
iptables -A FORWARD -i venet0 -o tun0 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.9.8.0/24 -j SNAT --to-source <server's public ip>
echo 1 > /proc/sys/net/ipv4/ip_forward

I tried forwarding ports as well, with no success.

iptables -A FORWARD -p tcp -d 10.9.8.0/24 --dport 5222:5230 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 5222:5230 -j DNAT --to-destination 10.9.8.6

I am also sometimes behind a double-NAT situation that I have no control over.

Client -> work VPN -> my OpenVPN box -> Internet.

Client -> Airport Express -> ISP (which is doing NAT) -> my OpenVPN box -> Internet.

Those two situations are just the fact of life where I am, and I cannot change them. I do have full control over my client and the OpenVPN server.

I am completely out of ideas. I have posted a similar query at the OpenVPN forums, but it hasn't posted yet and seems to be in their moderation queue still. Tried on freenode irc channels, but nobody is awake, so here I am. I have Googled extensively for this, and can find nothing that is related.

Help me get iCloud stuff working again!

© Server Fault or respective owner

Related posts about iptables

Related posts about openvpn