Running a CENTOS 7 server that is a modem/router of the home network. It runs a PPPoE and DDNS client (dynamic IP), LAMP server, etc...
All clients are WIFI connect to the server
The box has two NICs:
* enp3S0 for private network, Network: 10.5.2.0/24
* ppp0 (enp6s0) is the internet access.
I configured the openvpn server and it works fine. I configured a client (CENTOS 7 too) and was able to connect via WAN to the openvpn server.
But from the client I have no access to internet.
The VPN submet on tun0 is 10.8.0.0
Packet forwarding is set: net.ipv4.ip_forward = 1
I added these lines to the server conf file:
push "route 10.5.2.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 10.5.2.1"
I added this to the firewall script:
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXT_DEV -s $INT_NET -j MASQUERADE ($EXT_DEV=ppp0, $INT_NET=10.5.2.0/24)
What am I missing?
Thanks for your help.
Wolfgang
Can't be missing a lot....
Re: Can't be missing a lot....
Is routing/nat working? Try traceroute (without dns) from client i.e.: traceroute -n 8.8.8.8
Is dns working on client? Note: openvpn for Linux requires update-resolv-conf script
Is dns working on client? Note: openvpn for Linux requires update-resolv-conf script
-
- Posts: 133
- Joined: 2016/11/20 11:58:45
Re: Can't be missing a lot....
Hi fdisk.
this is exactly the problem, buty I don't know how to fix it.
I read this in /var/log/messages:
Feb 8 12:04:28 home named[1340]: error (host unreachable) resolving 'faz.net/A/IN': 80.58.61.254#53
I did not know that openvpn required an update-resolv-conf script
L:et me google and find out.
Thank for the tip.
Wolfgang
this is exactly the problem, buty I don't know how to fix it.
I read this in /var/log/messages:
Feb 8 12:04:28 home named[1340]: error (host unreachable) resolving 'faz.net/A/IN': 80.58.61.254#53
I did not know that openvpn required an update-resolv-conf script
L:et me google and find out.
Thank for the tip.
Wolfgang
-
- Posts: 133
- Joined: 2016/11/20 11:58:45
Re: Can't be missing a lot....
fdisk, thanks for the tip. That made it work. Thanks.
I used these link to set it up / read background info
https://github.com/masterkorp/openvpn-u ... /README.md
https://wiki.archlinux.org/index.php/OpenVPN
I used these link to set it up / read background info
https://github.com/masterkorp/openvpn-u ... /README.md
https://wiki.archlinux.org/index.php/OpenVPN