Can't be missing a lot....

Issues related to configuring your network
Post Reply
wp.rauchholz
Posts: 66
Joined: 2016/11/20 11:58:45

Can't be missing a lot....

Post by wp.rauchholz » 2018/02/12 19:52:34

Running a CENTOS 7 server that is a modem/router of the home network. It runs a PPPoE and DDNS client (dynamic IP), LAMP server, etc...
All clients are WIFI connect to the server
The box has two NICs:
* enp3S0 for private network, Network: 10.5.2.0/24
* ppp0 (enp6s0) is the internet access.

I configured the openvpn server and it works fine. I configured a client (CENTOS 7 too) and was able to connect via WAN to the openvpn server.
But from the client I have no access to internet.

The VPN submet on tun0 is 10.8.0.0

Packet forwarding is set: net.ipv4.ip_forward = 1

I added these lines to the server conf file:
push "route 10.5.2.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 10.5.2.1"

I added this to the firewall script:
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXT_DEV -s $INT_NET -j MASQUERADE ($EXT_DEV=ppp0, $INT_NET=10.5.2.0/24)

What am I missing?
Thanks for your help.

Wolfgang

User avatar
fdisk
Posts: 30
Joined: 2017/11/04 00:59:56

Re: Can't be missing a lot....

Post by fdisk » 2018/02/13 13:15:37

Is routing/nat working? Try traceroute (without dns) from client i.e.: traceroute -n 8.8.8.8

Is dns working on client? Note: openvpn for Linux requires update-resolv-conf script

wp.rauchholz
Posts: 66
Joined: 2016/11/20 11:58:45

Re: Can't be missing a lot....

Post by wp.rauchholz » 2018/02/14 07:39:56

Hi fdisk.

this is exactly the problem, buty I don't know how to fix it.
I read this in /var/log/messages:
Feb 8 12:04:28 home named[1340]: error (host unreachable) resolving 'faz.net/A/IN': 80.58.61.254#53

I did not know that openvpn required an update-resolv-conf script
L:et me google and find out.

Thank for the tip.

Wolfgang

wp.rauchholz
Posts: 66
Joined: 2016/11/20 11:58:45

Re: Can't be missing a lot....

Post by wp.rauchholz » 2018/02/14 22:17:51

fdisk, thanks for the tip. That made it work. Thanks.

I used these link to set it up / read background info

https://github.com/masterkorp/openvpn-u ... /README.md
https://wiki.archlinux.org/index.php/OpenVPN

Post Reply