OpenVPN Ubuntu Server Routing Problems No InternetOpenVPN can't access internet (probably configuration...

Risk of getting Chronic Wasting Disease (CWD) in the United States?

Today is the Center

Is it tax fraud for an individual to declare non-taxable revenue as taxable income? (US tax laws)

Accidentally leaked the solution to an assignment, what to do now? (I'm the prof)

Do VLANs within a subnet need to have their own subnet for router on a stick?

What is the offset in a seaplane's hull?

What defenses are there against being summoned by the Gate spell?

How to test if a transaction is standard without spending real money?

Minkowski space

An academic/student plagiarism

What are the differences between the usage of 'it' and 'they'?

Why dont electromagnetic waves interact with each other?

How can I make my BBEG immortal short of making them a Lich or Vampire?

How to say job offer in Mandarin/Cantonese?

Languages that we cannot (dis)prove to be Context-Free

Arthur Somervell: 1000 Exercises - Meaning of this notation

Can I ask the recruiters in my resume to put the reason why I am rejected?

Why don't electron-positron collisions release infinite energy?

What's the point of deactivating Num Lock on login screens?

Why Is Death Allowed In the Matrix?

Is a tag line useful on a cover?

How much RAM could one put in a typical 80386 setup?

Approximately how much travel time was saved by the opening of the Suez Canal in 1869?

How to write a macro that is braces sensitive?



OpenVPN Ubuntu Server Routing Problems No Internet


OpenVPN can't access internet (probably configuration error)OpenVPN on VPS working correctly until I add “iptables -t nat -A POSTROUTING -j SNAT --to-source <venet's IP>” to iptablesRouting not working with OpenVPNRouting setup for OpenVPN server on Amazon EC2OpenVPN bypass on some portsOpenVPN Server configuration to route internet traficPolicy-based routing on OpenVPN serverOpenvpn server to act as client: Connect to clients from server IPOpenVpn client can't reach internet via Openvpn serverIP Routing Issues OpenVpn






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I'm running OpenVPN on Ubuntu 15.04.



When I connect to the server, I can connect and authenticate correctly (I use PAM auth because I'm lazy). Once connected I can't ping the server or access the internet except when I use my servers public IP then I get my website in a fashion because it can't load the style scripts and javascript in etc...



I'm pretty sure this is a iptables problem...



My goal is that clients can talk to each other and talk to the server while having unrestricted access to the internet.



I can post config files if needed.



Many thanks,
Zac










share|improve this question














bumped to the homepage by Community 13 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.






















    0















    I'm running OpenVPN on Ubuntu 15.04.



    When I connect to the server, I can connect and authenticate correctly (I use PAM auth because I'm lazy). Once connected I can't ping the server or access the internet except when I use my servers public IP then I get my website in a fashion because it can't load the style scripts and javascript in etc...



    I'm pretty sure this is a iptables problem...



    My goal is that clients can talk to each other and talk to the server while having unrestricted access to the internet.



    I can post config files if needed.



    Many thanks,
    Zac










    share|improve this question














    bumped to the homepage by Community 13 mins ago


    This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.


















      0












      0








      0








      I'm running OpenVPN on Ubuntu 15.04.



      When I connect to the server, I can connect and authenticate correctly (I use PAM auth because I'm lazy). Once connected I can't ping the server or access the internet except when I use my servers public IP then I get my website in a fashion because it can't load the style scripts and javascript in etc...



      I'm pretty sure this is a iptables problem...



      My goal is that clients can talk to each other and talk to the server while having unrestricted access to the internet.



      I can post config files if needed.



      Many thanks,
      Zac










      share|improve this question














      I'm running OpenVPN on Ubuntu 15.04.



      When I connect to the server, I can connect and authenticate correctly (I use PAM auth because I'm lazy). Once connected I can't ping the server or access the internet except when I use my servers public IP then I get my website in a fashion because it can't load the style scripts and javascript in etc...



      I'm pretty sure this is a iptables problem...



      My goal is that clients can talk to each other and talk to the server while having unrestricted access to the internet.



      I can post config files if needed.



      Many thanks,
      Zac







      linux ubuntu iptables firewall openvpn






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Apr 19 '16 at 17:26







      user350312












      bumped to the homepage by Community 13 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







      bumped to the homepage by Community 13 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
























          1 Answer
          1






          active

          oldest

          votes


















          0














          sorry, this is not an answer but my reputation is to low to add a comment on your post. Please post your OpenVPN server config and all your iptables rules. (iptables -L -v and iptables -L -v -t nat)



          My first guess would be that you have to add a SNAT or MASQUERADE in your iptables POSTROUTING chain.



          Example: (10.8.0.0/24 is your VPN network, eth0 is your network interface connected to the internet)



          iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE


          Also you would have to allow traffic in your FORWARDING chain.






          share|improve this answer


























          • Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.

            – user350312
            Apr 19 '16 at 18:44











          • You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)

            – Knorke
            Apr 19 '16 at 18:53













          • after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."

            – user350312
            Apr 19 '16 at 18:56











          • Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.

            – Knorke
            Apr 19 '16 at 19:05













          • tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...

            – user350312
            Apr 19 '16 at 20:51












          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "2"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f771507%2fopenvpn-ubuntu-server-routing-problems-no-internet%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown
























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          sorry, this is not an answer but my reputation is to low to add a comment on your post. Please post your OpenVPN server config and all your iptables rules. (iptables -L -v and iptables -L -v -t nat)



          My first guess would be that you have to add a SNAT or MASQUERADE in your iptables POSTROUTING chain.



          Example: (10.8.0.0/24 is your VPN network, eth0 is your network interface connected to the internet)



          iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE


          Also you would have to allow traffic in your FORWARDING chain.






          share|improve this answer


























          • Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.

            – user350312
            Apr 19 '16 at 18:44











          • You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)

            – Knorke
            Apr 19 '16 at 18:53













          • after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."

            – user350312
            Apr 19 '16 at 18:56











          • Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.

            – Knorke
            Apr 19 '16 at 19:05













          • tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...

            – user350312
            Apr 19 '16 at 20:51
















          0














          sorry, this is not an answer but my reputation is to low to add a comment on your post. Please post your OpenVPN server config and all your iptables rules. (iptables -L -v and iptables -L -v -t nat)



          My first guess would be that you have to add a SNAT or MASQUERADE in your iptables POSTROUTING chain.



          Example: (10.8.0.0/24 is your VPN network, eth0 is your network interface connected to the internet)



          iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE


          Also you would have to allow traffic in your FORWARDING chain.






          share|improve this answer


























          • Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.

            – user350312
            Apr 19 '16 at 18:44











          • You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)

            – Knorke
            Apr 19 '16 at 18:53













          • after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."

            – user350312
            Apr 19 '16 at 18:56











          • Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.

            – Knorke
            Apr 19 '16 at 19:05













          • tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...

            – user350312
            Apr 19 '16 at 20:51














          0












          0








          0







          sorry, this is not an answer but my reputation is to low to add a comment on your post. Please post your OpenVPN server config and all your iptables rules. (iptables -L -v and iptables -L -v -t nat)



          My first guess would be that you have to add a SNAT or MASQUERADE in your iptables POSTROUTING chain.



          Example: (10.8.0.0/24 is your VPN network, eth0 is your network interface connected to the internet)



          iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE


          Also you would have to allow traffic in your FORWARDING chain.






          share|improve this answer















          sorry, this is not an answer but my reputation is to low to add a comment on your post. Please post your OpenVPN server config and all your iptables rules. (iptables -L -v and iptables -L -v -t nat)



          My first guess would be that you have to add a SNAT or MASQUERADE in your iptables POSTROUTING chain.



          Example: (10.8.0.0/24 is your VPN network, eth0 is your network interface connected to the internet)



          iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE


          Also you would have to allow traffic in your FORWARDING chain.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Apr 19 '16 at 19:11

























          answered Apr 19 '16 at 18:36









          KnorkeKnorke

          1313




          1313













          • Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.

            – user350312
            Apr 19 '16 at 18:44











          • You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)

            – Knorke
            Apr 19 '16 at 18:53













          • after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."

            – user350312
            Apr 19 '16 at 18:56











          • Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.

            – Knorke
            Apr 19 '16 at 19:05













          • tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...

            – user350312
            Apr 19 '16 at 20:51



















          • Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.

            – user350312
            Apr 19 '16 at 18:44











          • You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)

            – Knorke
            Apr 19 '16 at 18:53













          • after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."

            – user350312
            Apr 19 '16 at 18:56











          • Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.

            – Knorke
            Apr 19 '16 at 19:05













          • tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...

            – user350312
            Apr 19 '16 at 20:51

















          Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.

          – user350312
          Apr 19 '16 at 18:44





          Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.

          – user350312
          Apr 19 '16 at 18:44













          You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)

          – Knorke
          Apr 19 '16 at 18:53







          You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)

          – Knorke
          Apr 19 '16 at 18:53















          after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."

          – user350312
          Apr 19 '16 at 18:56





          after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."

          – user350312
          Apr 19 '16 at 18:56













          Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.

          – Knorke
          Apr 19 '16 at 19:05







          Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.

          – Knorke
          Apr 19 '16 at 19:05















          tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...

          – user350312
          Apr 19 '16 at 20:51





          tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...

          – user350312
          Apr 19 '16 at 20:51


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Server Fault!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f771507%2fopenvpn-ubuntu-server-routing-problems-no-internet%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Фонтен-ла-Гаярд Зміст Демографія | Економіка | Посилання |...

          Список ссавців Італії Природоохоронні статуси | Список |...

          Маріан Котлеба Зміст Життєпис | Політичні погляди |...