Jon, Please post your OpenVPN server config file... Also check that you are enabling IP forwarding in the kernel on your server, as OpenVPN runs in userspace, it does not route, you need the kernel to do that.
On red-hat based distros edit /etc/sysctl.conf: remove: net.ipv4.ip_forward = 0 add: net.ipv4.ip_forward = 1 This only takes effect on reboot, to enable it without rebooting the server: echo 1 > /proc/sys/net/ipv4/ip_forward then we'll take a look at your server config file (edit out the secret bits) and see what we see. Thanks, On Wed, 2006-29-11 at 22:46 -0700, Jon wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You could be right, but there's nothing in the docs about that. It seems > like the OpenVPN server is supposed to do it's own routing based on the > settings I've listed off in clug-tech. > > J > > Jamie Furtner wrote: > > You probably need to set up your server to masquerade the traffic coming > > through your VPN network. By default, your machine should not know how > > to deal with these packets as they're from an unknown network. > > > > Something like (from memory) > > iptables -t nat -A POSTROUTING -j MASQUERADE -o eth0 -s 192.168.0.0/24 > > should do it - change the eth0 and 192.168.0.0/24 for your > > internet-facing adapter and your VPN network, respectively. > > > > Jamie > > > > > > Jon wrote: > > Hmm...nope. Can't get it. I've tried everything on the OpenVPN mailing > > list. I'm going to move this to Clug-Tech even though it doesn't appear > > to me that anyone watches that group. > > > > J > > > > Jon wrote: > > > >>>> Good lord that was easy. Well, kind of - I'm getting MULTI: bad source > >>>> address from client [192.168.0.103], packet dropped from the server now, > >>>> but I'll sort that out. At least the traffic is going to the openVPN > >>>> server. > >>>> > >>>> Very cool, thanks. > >>>> > >>>> J > >>>> > >>>> Robert Toole wrote: > >>>> > >>>>>> You need to uncomment the following line in the OpenVPN server config > >>>>>> file: > >>>>>> > >>>>>> push "redirect-gateway" > >>>>>> > >>>>>> see the comments in the sample config file from the OpenVPN package for > >>>>>> detailed explanation. > >>>>>> > >>>>>> Hope that helps. > >>>>>> > >>>>>> Robert Toole > >>>>>> [EMAIL PROTECTED] > >>>>>> > >>>>>> Jon wrote: > >>>>>> Hi All, > >>>>>> > >>>>>> I think I'm about 3 seconds away from understanding how to do this, but > >>>>>> it's a looong three seconds. > >>>>>> > >>>>>> I've set up an OpenVPN server and can successfully connect to it from > >>>>>> my > >>>>>> laptop using the OpenVPN in client mode. All is good, but I'm not quite > >>>>>> able to make the leap to what I really want to happen. > >>>>>> > >>>>>> I want to experiment using this VPN in public hotspots to secure my > >>>>>> traffic. In short, I want all my traffic to go from my wifi card to my > >>>>>> OpenVPN server and THEN out into the Internet. At the moment, even when > >>>>>> connected to the VPN, a quick visit to What's my IP shows my home WAN > >>>>>> IP > >>>>>> so I know I'm not coming out of my VPN server. > >>>>>> > >>>>>> I'm thinking I need to be looking at routing or tunneling or something. > >>>>>> I'm familiar with using VPNs to access server shares, mail servers, and > >>>>>> the like, but not how to tell my NIC to exclusively send traffic to it > >>>>>> instead out to the Internet at large. > >>>>>> > >>>>>> Does that even make sense? Sheesh...nudges welcome. Oh, and since this > >>>>>> is a Talk list - I'm totally up for hearing about cool things one can > >>>>>> do > >>>>>> with a VPN. > >>>>>> > >>>>>> Thanks! > >>>>>> > >>>>>> J > >>>>>> > >>>> _______________________________________________ > >>>> clug-talk mailing list > >>>> [email protected] > >>>> http://clug.ca/mailman/listinfo/clug-talk_clug.ca > >>>> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > >>>> **Please remove these lines when replying > >>>> > >>>>>> _______________________________________________ > >>>>>> clug-talk mailing list > >>>>>> [email protected] > >>>>>> http://clug.ca/mailman/listinfo/clug-talk_clug.ca > >>>>>> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > >>>>>> **Please remove these lines when replying > >>>>>> > >>>> -- > >>>> Key fingerprint: BDE0 DE52 B8C0 0CDF 7653 E5A2 D861 7877 0D3B 813E > >>>> http://www.jonwatson.ca > >>>> +1.403.875.6048 > >>>> > > _______________________________________________ > > clug-talk mailing list > > [email protected] > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > > **Please remove these lines when replying > > > > -- > > Key fingerprint: BDE0 DE52 B8C0 0CDF 7653 E5A2 D861 7877 0D3B 813E > > http://www.jonwatson.ca > > +1.403.875.6048 > >> > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying > >> > > - -- > Key fingerprint: BDE0 DE52 B8C0 0CDF 7653 E5A2 D861 7877 0D3B 813E > http://www.jonwatson.ca > +1.403.875.6048 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFbnBA2GF4dw07gT4RAgCzAJ9G3HCG9i5Ssq7CCKYfThH+QGnF5ACgq0En > Ulg40A1NE+jldsSKlAS8iXA= > =Gtt/ > -----END PGP SIGNATURE----- > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying -- Robert Toole Sr. Systems Engineer KN Logistics / Calgary [EMAIL PROTECTED] (403) 717-8463 _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
