Internet access through OpenVPN

scottalanmiller

Use netstat -tulpn to see what is listening as a starting point.

Ambarishrh

What I have now is:
root@openvpn:~# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 777/sshd
tcp6 0 0 :::22 :::* LISTEN 777/sshd
udp 0 0 0.0.0.0:1194 0.0.0.0:* 946/openvpn

scottalanmiller

Okay, so port 946 is what we need to have open. It is definitely listening for something, so that is a good start.

Ambarishrh

I am just trying to figure out what firewall is being used in this box. OpenVPN client connects without me opening any ports. Its only that the client that is connected is not routing internet through the VPN

Ambarishrh

And its the port 1194- for openvpn. 946 is the PID.
7-1-2015 11-27-00 AM.png

scottalanmiller

Oh yeah, 4am here. Haven't had much sleep for days. Pretty blurry here.

Ambarishrh

All ok now? And I think you really need some rest!

Ambarishrh

Ok the command I was typing for ufw was wrong!
root@openvpn:~# ufw --help

root@openvpn:~# ufw disable
Firewall stopped and disabled on system startup
root@openvpn:~# ufw status
Status: inactive

Ambarishrh

On syslog, I could see that the connection starts, and also see the openvpn sending the defaults set on the server.conf
Jul 1 04:16:53 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 MULTI: primary virtual IP for openvpn/80.227.101.130:27531: 10.8.0.6
Jul 1 04:16:55 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 PUSH: Received control message: 'PUSH_REQUEST'
Jul 1 04:16:55 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 send_push_reply(): safe_cap=960
Jul 1 04:16:55 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 SENT CONTROL [openvpn]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Jul 1 04:16:55 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 Bad LZO decompression header byte: 96
Jul 1 04:16:57 ovpn-server[1518]: last message repeated 4 times
Jul 1 04:16:57 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 Bad LZO decompression header byte: 69
Jul 1 04:16:58 ovpn-server[1518]: last message repeated 11 times
Jul 1 04:16:58 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 Bad LZO decompression header byte: 96
Jul 1 04:16:59 openvpn ovpn-server[1518]: openvpn/80.227.101.130:27531 Bad LZO decompression header byte: 69
Jul 1 04:17:00 ovpn-server[1518]: last message repeated 6 times

Ambarishrh

That error is gone after commenting comp-lzo on server.conf

Enable compression on the VPN link.

If you enable it here, you must also

enable it in the client config file.

;comp-lzo

But still trying to figure out routing internet through vpn

Ambarishrh

Fixed!

All i had to do is to add the IPtables entry
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to xxx.xx.xx.xx (ServerIP)

Now connected and internet routing through VPN

Ambarishrh

Now I need to save this to load the rule on start up and checking on it now!

Ambarishrh

Found it.
First run the iptables entry
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to xxx.xx.xx.xx

Then run sudo apt-get install iptables-persistent, and follow the prompts. When it asks to save the current rules, hit "Yes" at both prompts. Now, on reboots, your iptables rules will be restored.
All done, working fine!