Ryfujk

Risk of getting Chronic Wasting Disease (CWD) in the United States?

Today is the Center

Is it tax fraud for an individual to declare non-taxable revenue as taxable income? (US tax laws)

Accidentally leaked the solution to an assignment, what to do now? (I'm the prof)

Do VLANs within a subnet need to have their own subnet for router on a stick?

What is the offset in a seaplane's hull?

What defenses are there against being summoned by the Gate spell?

How to test if a transaction is standard without spending real money?

Minkowski space

An academic/student plagiarism

What are the differences between the usage of 'it' and 'they'?

Why dont electromagnetic waves interact with each other?

How can I make my BBEG immortal short of making them a Lich or Vampire?

How to say job offer in Mandarin/Cantonese?

Languages that we cannot (dis)prove to be Context-Free

Arthur Somervell: 1000 Exercises - Meaning of this notation

Can I ask the recruiters in my resume to put the reason why I am rejected?

Why don't electron-positron collisions release infinite energy?

What's the point of deactivating Num Lock on login screens?

Why Is Death Allowed In the Matrix?

Is a tag line useful on a cover?

How much RAM could one put in a typical 80386 setup?

Approximately how much travel time was saved by the opening of the Suez Canal in 1869?

How to write a macro that is braces sensitive?

OpenVPN Ubuntu Server Routing Problems No Internet

OpenVPN can't access internet (probably configuration error)OpenVPN on VPS working correctly until I add “iptables -t nat -A POSTROUTING -j SNAT --to-source <venet's IP>” to iptablesRouting not working with OpenVPNRouting setup for OpenVPN server on Amazon EC2OpenVPN bypass on some portsOpenVPN Server configuration to route internet traficPolicy-based routing on OpenVPN serverOpenvpn server to act as client: Connect to clients from server IPOpenVpn client can't reach internet via Openvpn serverIP Routing Issues OpenVpn

1 Answer
1

active

oldest

votes

0

sorry, this is not an answer but my reputation is to low to add a comment on your post. Please post your OpenVPN server config and all your iptables rules. (iptables -L -v and iptables -L -v -t nat)

My first guess would be that you have to add a SNAT or MASQUERADE in your iptables POSTROUTING chain.

Example: (10.8.0.0/24 is your VPN network, eth0 is your network interface connected to the internet)

iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE

Also you would have to allow traffic in your FORWARDING chain.

share|improve this answer

edited Apr 19 '16 at 19:11

answered Apr 19 '16 at 18:36

KnorkeKnorke

1313

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.
  
  – user350312
  Apr 19 '16 at 18:44
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)
  
  – Knorke
  Apr 19 '16 at 18:53
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."
  
  – user350312
  Apr 19 '16 at 18:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.
  
  – Knorke
  Apr 19 '16 at 19:05
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...
  
  – user350312
  Apr 19 '16 at 20:51
  

  
  
  
  

 | 
show 4 more comments

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f771507%2fopenvpn-ubuntu-server-routing-problems-no-internet%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

sorry, this is not an answer but my reputation is to low to add a comment on your post. Please post your OpenVPN server config and all your iptables rules. (iptables -L -v and iptables -L -v -t nat)

My first guess would be that you have to add a SNAT or MASQUERADE in your iptables POSTROUTING chain.

Example: (10.8.0.0/24 is your VPN network, eth0 is your network interface connected to the internet)

iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE

Also you would have to allow traffic in your FORWARDING chain.

share|improve this answer

edited Apr 19 '16 at 19:11

answered Apr 19 '16 at 18:36

KnorkeKnorke

1313

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.
  
  – user350312
  Apr 19 '16 at 18:44
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)
  
  – Knorke
  Apr 19 '16 at 18:53
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."
  
  – user350312
  Apr 19 '16 at 18:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.
  
  – Knorke
  Apr 19 '16 at 19:05
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...
  
  – user350312
  Apr 19 '16 at 20:51
  

  
  
  
  

 | 
show 4 more comments

0

sorry, this is not an answer but my reputation is to low to add a comment on your post. Please post your OpenVPN server config and all your iptables rules. (iptables -L -v and iptables -L -v -t nat)

My first guess would be that you have to add a SNAT or MASQUERADE in your iptables POSTROUTING chain.

Example: (10.8.0.0/24 is your VPN network, eth0 is your network interface connected to the internet)

iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE

Also you would have to allow traffic in your FORWARDING chain.

share|improve this answer

edited Apr 19 '16 at 19:11

answered Apr 19 '16 at 18:36

KnorkeKnorke

1313

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.
  
  – user350312
  Apr 19 '16 at 18:44
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)
  
  – Knorke
  Apr 19 '16 at 18:53
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."
  
  – user350312
  Apr 19 '16 at 18:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.
  
  – Knorke
  Apr 19 '16 at 19:05
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...
  
  – user350312
  Apr 19 '16 at 20:51
  

  
  
  
  

 | 
show 4 more comments

sorry, this is not an answer but my reputation is to low to add a comment on your post. Please post your OpenVPN server config and all your iptables rules. (iptables -L -v and iptables -L -v -t nat)

My first guess would be that you have to add a SNAT or MASQUERADE in your iptables POSTROUTING chain.

Example: (10.8.0.0/24 is your VPN network, eth0 is your network interface connected to the internet)

iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE

Also you would have to allow traffic in your FORWARDING chain.

share|improve this answer

edited Apr 19 '16 at 19:11

answered Apr 19 '16 at 18:36

KnorkeKnorke

1313

iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE

share|improve this answer

edited Apr 19 '16 at 19:11

answered Apr 19 '16 at 18:36

KnorkeKnorke

1313

answered Apr 19 '16 at 18:36

KnorkeKnorke

1313

answered Apr 19 '16 at 18:36

KnorkeKnorke

1313