Pinging an external server through OpenVPN tunnel doesn’t work
Posted
by
qdii
on Super User
See other posts from Super User
or by qdii
Published on 2012-11-03T21:29:21Z
Indexed on
2012/11/03
23:05 UTC
Read the original article
Hit count: 446
I have an OpenVPN server and a client, and I want to use this tunnel to access not only 10.0.8.0/24
but the whole internet. So far, pinging the server from the client through the tun0
interface works, and vice versa.
However, pinging www.google.com
from the client through tun0
doesn’t work (all packets are lost).
I figured that I should configure the server so that any packet coming from tun0
in destination of the internet be forwarded, so I came up with this iptables config line:
interface_connecting_to_the_internet='eth0'
interface_openvpn='tun0'
internet_ip_address=`ifconfig "$interface_connecting_to_the_internet" | sed -n s'/.*inet \([0-9.]*\).*/\1/p'`
iptables -t nat -A POSTROUTING -o "${interface_connecting_to_the_internet}" -j SNAT --to-source "${internet_ip_address}"
echo '1' > /proc/sys/net/ipv4/ip_forward
Yet, this doesn’t work, the packets are still lost and I am wondering what could possibly be wrong with my setup.
Some details:
ip route gives on the server:
default via 176.31.127.254 dev eth0 metric 3
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
127.0.0.0/8 via 127.0.0.1 dev lo
176.31.127.0/24 dev eth0 proto kernel scope link src 176.31.127.109
ip route gives on the client:
default via 192.168.1.1 dev wlan0 proto static
10.8.0.1 via 10.8.0.5 dev tun0
10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6
127.0.0.0/8 via 127.0.0.1 dev lo scope link
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.109
- client uses wifi adapter
wlan0
and TUN adaptertun0
. - server uses ethernet adapter
eth0
and TUN adaptertun0
. the VPN spans on
10.0.8.0/24
both client and linux are using Linux 3.6.1.
© Super User or respective owner