Saturday, June 9, 2012

Issue: OpenVPN connected but cannot surf internet

Proceed as said in the wiki till  https://wiki.archlinux.org/index.php/OpenVPN#Testing_the_OpenVPN_configuration

Make sure that you are able to ping both the machines from one another. If you are able to do so you have successfully established the connection.

Now comes the part which is kind of hidden in the wiki. After the openvpn connection has been established, you need to tell the server to forward the packets, in other words enable masquerading. To do that, do
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Now, all the traffic that has the source IP address as 10.8.0.0/24 (your client falls in that category as it has the up 10.8.0.6 if you followed the wiki relogiously) will be forwarded. To make the iptables changes permanent, issue a command "$iptables save" and add iptables to the daemon array.

Edit your /etc/sysctl.conf and enable forwarding for the system by changing the value of the variable "net.ipv4.ip_forward".

At the server side in server.conf add the following two lines:
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
The DNS option is added because after the openvpn changed the gateway, it may be possible that the DNS you are currently using gets inaccessible. Now, we are all set, the above configuration will work perfectly for windows client but not for linux client. The reason being that the DNS is not successfully changed on the client side in spite of configuring the server that way. To do that part in linux, install openresolv that will be used by the client to change the nameservers in /etc/resolv.conf. Follow this part of the wiki to accomplish that https://wiki.archlinux.org/index.php/OpenVPN#DNS

No comments:

Post a Comment