OpenVPN Ubuntu Server Routing Problems No InternetOpenVPN can't access internet (probably configuration...
Risk of getting Chronic Wasting Disease (CWD) in the United States?
Today is the Center
Is it tax fraud for an individual to declare non-taxable revenue as taxable income? (US tax laws)
Accidentally leaked the solution to an assignment, what to do now? (I'm the prof)
Do VLANs within a subnet need to have their own subnet for router on a stick?
What is the offset in a seaplane's hull?
What defenses are there against being summoned by the Gate spell?
How to test if a transaction is standard without spending real money?
Minkowski space
An academic/student plagiarism
What are the differences between the usage of 'it' and 'they'?
Why dont electromagnetic waves interact with each other?
How can I make my BBEG immortal short of making them a Lich or Vampire?
How to say job offer in Mandarin/Cantonese?
Languages that we cannot (dis)prove to be Context-Free
Arthur Somervell: 1000 Exercises - Meaning of this notation
Can I ask the recruiters in my resume to put the reason why I am rejected?
Why don't electron-positron collisions release infinite energy?
What's the point of deactivating Num Lock on login screens?
Why Is Death Allowed In the Matrix?
Is a tag line useful on a cover?
How much RAM could one put in a typical 80386 setup?
Approximately how much travel time was saved by the opening of the Suez Canal in 1869?
How to write a macro that is braces sensitive?
OpenVPN Ubuntu Server Routing Problems No Internet
OpenVPN can't access internet (probably configuration error)OpenVPN on VPS working correctly until I add “iptables -t nat -A POSTROUTING -j SNAT --to-source <venet's IP>” to iptablesRouting not working with OpenVPNRouting setup for OpenVPN server on Amazon EC2OpenVPN bypass on some portsOpenVPN Server configuration to route internet traficPolicy-based routing on OpenVPN serverOpenvpn server to act as client: Connect to clients from server IPOpenVpn client can't reach internet via Openvpn serverIP Routing Issues OpenVpn
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I'm running OpenVPN on Ubuntu 15.04.
When I connect to the server, I can connect and authenticate correctly (I use PAM auth because I'm lazy). Once connected I can't ping the server or access the internet except when I use my servers public IP then I get my website in a fashion because it can't load the style scripts and javascript in etc...
I'm pretty sure this is a iptables problem...
My goal is that clients can talk to each other and talk to the server while having unrestricted access to the internet.
I can post config files if needed.
Many thanks,
Zac
linux ubuntu iptables firewall openvpn
bumped to the homepage by Community♦ 13 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I'm running OpenVPN on Ubuntu 15.04.
When I connect to the server, I can connect and authenticate correctly (I use PAM auth because I'm lazy). Once connected I can't ping the server or access the internet except when I use my servers public IP then I get my website in a fashion because it can't load the style scripts and javascript in etc...
I'm pretty sure this is a iptables problem...
My goal is that clients can talk to each other and talk to the server while having unrestricted access to the internet.
I can post config files if needed.
Many thanks,
Zac
linux ubuntu iptables firewall openvpn
bumped to the homepage by Community♦ 13 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I'm running OpenVPN on Ubuntu 15.04.
When I connect to the server, I can connect and authenticate correctly (I use PAM auth because I'm lazy). Once connected I can't ping the server or access the internet except when I use my servers public IP then I get my website in a fashion because it can't load the style scripts and javascript in etc...
I'm pretty sure this is a iptables problem...
My goal is that clients can talk to each other and talk to the server while having unrestricted access to the internet.
I can post config files if needed.
Many thanks,
Zac
linux ubuntu iptables firewall openvpn
I'm running OpenVPN on Ubuntu 15.04.
When I connect to the server, I can connect and authenticate correctly (I use PAM auth because I'm lazy). Once connected I can't ping the server or access the internet except when I use my servers public IP then I get my website in a fashion because it can't load the style scripts and javascript in etc...
I'm pretty sure this is a iptables problem...
My goal is that clients can talk to each other and talk to the server while having unrestricted access to the internet.
I can post config files if needed.
Many thanks,
Zac
linux ubuntu iptables firewall openvpn
linux ubuntu iptables firewall openvpn
asked Apr 19 '16 at 17:26
user350312
bumped to the homepage by Community♦ 13 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 13 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
sorry, this is not an answer but my reputation is to low to add a comment on your post. Please post your OpenVPN server config and all your iptables rules. (iptables -L -v and iptables -L -v -t nat)
My first guess would be that you have to add a SNAT or MASQUERADE in your iptables POSTROUTING chain.
Example: (10.8.0.0/24 is your VPN network, eth0 is your network interface connected to the internet)
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
Also you would have to allow traffic in your FORWARDING chain.
Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.
– user350312
Apr 19 '16 at 18:44
You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)
– Knorke
Apr 19 '16 at 18:53
after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."
– user350312
Apr 19 '16 at 18:56
Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.
– Knorke
Apr 19 '16 at 19:05
tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...
– user350312
Apr 19 '16 at 20:51
|
show 4 more comments
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f771507%2fopenvpn-ubuntu-server-routing-problems-no-internet%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
sorry, this is not an answer but my reputation is to low to add a comment on your post. Please post your OpenVPN server config and all your iptables rules. (iptables -L -v and iptables -L -v -t nat)
My first guess would be that you have to add a SNAT or MASQUERADE in your iptables POSTROUTING chain.
Example: (10.8.0.0/24 is your VPN network, eth0 is your network interface connected to the internet)
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
Also you would have to allow traffic in your FORWARDING chain.
Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.
– user350312
Apr 19 '16 at 18:44
You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)
– Knorke
Apr 19 '16 at 18:53
after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."
– user350312
Apr 19 '16 at 18:56
Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.
– Knorke
Apr 19 '16 at 19:05
tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...
– user350312
Apr 19 '16 at 20:51
|
show 4 more comments
sorry, this is not an answer but my reputation is to low to add a comment on your post. Please post your OpenVPN server config and all your iptables rules. (iptables -L -v and iptables -L -v -t nat)
My first guess would be that you have to add a SNAT or MASQUERADE in your iptables POSTROUTING chain.
Example: (10.8.0.0/24 is your VPN network, eth0 is your network interface connected to the internet)
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
Also you would have to allow traffic in your FORWARDING chain.
Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.
– user350312
Apr 19 '16 at 18:44
You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)
– Knorke
Apr 19 '16 at 18:53
after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."
– user350312
Apr 19 '16 at 18:56
Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.
– Knorke
Apr 19 '16 at 19:05
tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...
– user350312
Apr 19 '16 at 20:51
|
show 4 more comments
sorry, this is not an answer but my reputation is to low to add a comment on your post. Please post your OpenVPN server config and all your iptables rules. (iptables -L -v and iptables -L -v -t nat)
My first guess would be that you have to add a SNAT or MASQUERADE in your iptables POSTROUTING chain.
Example: (10.8.0.0/24 is your VPN network, eth0 is your network interface connected to the internet)
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
Also you would have to allow traffic in your FORWARDING chain.
sorry, this is not an answer but my reputation is to low to add a comment on your post. Please post your OpenVPN server config and all your iptables rules. (iptables -L -v and iptables -L -v -t nat)
My first guess would be that you have to add a SNAT or MASQUERADE in your iptables POSTROUTING chain.
Example: (10.8.0.0/24 is your VPN network, eth0 is your network interface connected to the internet)
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
Also you would have to allow traffic in your FORWARDING chain.
edited Apr 19 '16 at 19:11
answered Apr 19 '16 at 18:36
KnorkeKnorke
1313
1313
Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.
– user350312
Apr 19 '16 at 18:44
You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)
– Knorke
Apr 19 '16 at 18:53
after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."
– user350312
Apr 19 '16 at 18:56
Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.
– Knorke
Apr 19 '16 at 19:05
tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...
– user350312
Apr 19 '16 at 20:51
|
show 4 more comments
Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.
– user350312
Apr 19 '16 at 18:44
You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)
– Knorke
Apr 19 '16 at 18:53
after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."
– user350312
Apr 19 '16 at 18:56
Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.
– Knorke
Apr 19 '16 at 19:05
tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...
– user350312
Apr 19 '16 at 20:51
Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.
– user350312
Apr 19 '16 at 18:44
Hello, please find outputs pastebin.com/2rktvdmu I have tried adding some iptable rules but no luck so i flushed the (-F) and rebooted. Im running it on a vps so im guessing i need to use venet0 not eth0? Ignore all the other rules in the iptables, im running vestacp and need them for that. thanks for getting back to me.
– user350312
Apr 19 '16 at 18:44
You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)
– Knorke
Apr 19 '16 at 18:53
You can use the ifconfig command to see your network interfaces, but you're right, on a vps its often called venet0. You should replace the interface parameter within your iptables rules then. (Please also remove your public IP from the pastebin file)
– Knorke
Apr 19 '16 at 18:53
after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."
– user350312
Apr 19 '16 at 18:56
after running your command above and changing the interface, i get this back: "iptables v1.4.21: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information."
– user350312
Apr 19 '16 at 18:56
Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.
– Knorke
Apr 19 '16 at 19:05
Sorry, it's -o venet0 (?) because its the outgoing interface. My bad. Where did you get this line in your server config from? 'push "route 0.0.0.0 255.0.0.0"' Doesn't make that much sense, does it? If you want to reach the local subnet of your server from the client, you have to put it in this line.
– Knorke
Apr 19 '16 at 19:05
tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...
– user350312
Apr 19 '16 at 20:51
tried that command and still no luck. I also removed the push "route 0.0.0.0 255.0.0.0 from my config and still no luck...
– user350312
Apr 19 '16 at 20:51
|
show 4 more comments
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f771507%2fopenvpn-ubuntu-server-routing-problems-no-internet%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown