-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Robert,
Thanks for your help. I've posted a reply to this in clug-tech. I don't want Dave freaking out on me for posting a billion line long server.conf in here :) Thanks! J Robert Toole wrote: > Jon, Please post your OpenVPN server config file... > > Also check that you are enabling IP forwarding in the kernel on your > server, as OpenVPN runs in userspace, it does not route, you need the > kernel to do that. > > On red-hat based distros edit /etc/sysctl.conf: > > remove: net.ipv4.ip_forward = 0 > add: net.ipv4.ip_forward = 1 > > This only takes effect on reboot, to enable it without rebooting the > server: > > echo 1 > /proc/sys/net/ipv4/ip_forward > > then we'll take a look at your server config file (edit out the secret > bits) and see what we see. > > Thanks, > > On Wed, 2006-29-11 at 22:46 -0700, Jon wrote: > You could be right, but there's nothing in the docs about that. It seems > like the OpenVPN server is supposed to do it's own routing based on the > settings I've listed off in clug-tech. > > J > > Jamie Furtner wrote: >>>> You probably need to set up your server to masquerade the traffic coming >>>> through your VPN network. By default, your machine should not know how >>>> to deal with these packets as they're from an unknown network. >>>> >>>> Something like (from memory) >>>> iptables -t nat -A POSTROUTING -j MASQUERADE -o eth0 -s 192.168.0.0/24 >>>> should do it - change the eth0 and 192.168.0.0/24 for your >>>> internet-facing adapter and your VPN network, respectively. >>>> >>>> Jamie >>>> >>>> >>>> Jon wrote: >>>> Hmm...nope. Can't get it. I've tried everything on the OpenVPN mailing >>>> list. I'm going to move this to Clug-Tech even though it doesn't appear >>>> to me that anyone watches that group. >>>> >>>> J >>>> >>>> Jon wrote: >>>> >>>>>>> Good lord that was easy. Well, kind of - I'm getting MULTI: bad source >>>>>>> address from client [192.168.0.103], packet dropped from the server now, >>>>>>> but I'll sort that out. At least the traffic is going to the openVPN >>>>>>> server. >>>>>>> >>>>>>> Very cool, thanks. >>>>>>> >>>>>>> J >>>>>>> >>>>>>> Robert Toole wrote: >>>>>>> >>>>>>>>> You need to uncomment the following line in the OpenVPN server config >>>>>>>>> file: >>>>>>>>> >>>>>>>>> push "redirect-gateway" >>>>>>>>> >>>>>>>>> see the comments in the sample config file from the OpenVPN package >>>>>>>>> for >>>>>>>>> detailed explanation. >>>>>>>>> >>>>>>>>> Hope that helps. >>>>>>>>> >>>>>>>>> Robert Toole >>>>>>>>> [EMAIL PROTECTED] >>>>>>>>> >>>>>>>>> Jon wrote: >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> I think I'm about 3 seconds away from understanding how to do this, >>>>>>>>> but >>>>>>>>> it's a looong three seconds. >>>>>>>>> >>>>>>>>> I've set up an OpenVPN server and can successfully connect to it from >>>>>>>>> my >>>>>>>>> laptop using the OpenVPN in client mode. All is good, but I'm not >>>>>>>>> quite >>>>>>>>> able to make the leap to what I really want to happen. >>>>>>>>> >>>>>>>>> I want to experiment using this VPN in public hotspots to secure my >>>>>>>>> traffic. In short, I want all my traffic to go from my wifi card to my >>>>>>>>> OpenVPN server and THEN out into the Internet. At the moment, even >>>>>>>>> when >>>>>>>>> connected to the VPN, a quick visit to What's my IP shows my home WAN >>>>>>>>> IP >>>>>>>>> so I know I'm not coming out of my VPN server. >>>>>>>>> >>>>>>>>> I'm thinking I need to be looking at routing or tunneling or >>>>>>>>> something. >>>>>>>>> I'm familiar with using VPNs to access server shares, mail servers, >>>>>>>>> and >>>>>>>>> the like, but not how to tell my NIC to exclusively send traffic to it >>>>>>>>> instead out to the Internet at large. >>>>>>>>> >>>>>>>>> Does that even make sense? Sheesh...nudges welcome. Oh, and since this >>>>>>>>> is a Talk list - I'm totally up for hearing about cool things one can >>>>>>>>> do >>>>>>>>> with a VPN. >>>>>>>>> >>>>>>>>> Thanks! >>>>>>>>> >>>>>>>>> J >>>>>>>>> >>>>>>> _______________________________________________ >>>>>>> clug-talk mailing list >>>>>>> [email protected] >>>>>>> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >>>>>>> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >>>>>>> **Please remove these lines when replying >>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> clug-talk mailing list >>>>>>>>> [email protected] >>>>>>>>> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >>>>>>>>> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >>>>>>>>> **Please remove these lines when replying >>>>>>>>> >>>>>>> -- >>>>>>> Key fingerprint: BDE0 DE52 B8C0 0CDF 7653 E5A2 D861 7877 0D3B 813E >>>>>>> http://www.jonwatson.ca >>>>>>> +1.403.875.6048 >>>>>>> >>>> _______________________________________________ >>>> clug-talk mailing list >>>> [email protected] >>>> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >>>> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >>>> **Please remove these lines when replying >>>> >>>> -- >>>> Key fingerprint: BDE0 DE52 B8C0 0CDF 7653 E5A2 D861 7877 0D3B 813E >>>> http://www.jonwatson.ca >>>> +1.403.875.6048 > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying > -- > Key fingerprint: BDE0 DE52 B8C0 0CDF 7653 E5A2 D861 7877 0D3B 813E > http://www.jonwatson.ca > +1.403.875.6048 >> _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying - -- Key fingerprint: BDE0 DE52 B8C0 0CDF 7653 E5A2 D861 7877 0D3B 813E http://www.jonwatson.ca +1.403.875.6048 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFbvSQ2GF4dw07gT4RAuf2AKCt5mAOF8ahlwf0pgAhabZ1PsLCuwCeO1NQ xkiJYYfi0InoxU/nBuRnqoY= =hZu3 -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
