I struggled this problem for two days, but the problem is still here. Hope someone can provide suggestion or the way how to diagnose it.
What i want is let all client visit Internet over the OpenVPN server. Therefore, I first follow instructions Routing all client traffic (including web-traffic) through the VPN. After configuration, and setup iptables, the connection between VPN server and client succeeds, but the client can not visit any website (the brower is hang there). The
ping from server and client are OK.
I checked log at the server, and there are some records like:
Oct 3 09:16:21 iZbp15fejv9adv7o3izfm1Z ovpn-delta: laptop/131.202.XX.XX:59701 UDPv4 READ  from [AF_INET]131.202.XX.XX:59701: P_DATA_V1 kid=0 DATA len=92 Oct 3 09:16:21 iZbp15fejv9adv7o3izfm1Z ovpn-delta: laptop/131.202.XX.XX:59701 MULTI: bad source address from client [131.202.XX.XX], packet dropped
where the IP: 131.202.XX.XX is my laptop IP address. This record is explained in “MULTI: bad source address from client , packet dropped” or “GET INST BY VIRT: [failed]”, why this IP is not 10.8.0.6 (tun0) at my laptop, and the detail implementation for the problem? My laptop connects to Internet using WIFI, and it is a device that runs
openvpn --config client.conf.
As this is very simple example, Do I have a way to avoid this error, or any sample to config
client-config-dir and create a ccd file
/etc/openvpn/delta.conf at the server:
# Which local IP address should OpenVPN # listen on? (optional) ;local a.b.c.d port 1194 proto udp dev tun ;dev-node MyTap ca ca.crt cert delta.crt key delta.key # This file should be kept secret dh dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 ;server-bridge ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 ;learn-address ./script ;push "redirect-gateway def1 bypass-dhcp" push "redirect-gateway def1" push "dhcp-option DNS 10.8.0.1" ;push "dhcp-option DNS 184.108.40.206" ;push "dhcp-option DNS 220.127.116.11" keepalive 10 120 ;tls-auth ta.key 0 # This file is secret ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES comp-lzo ;max-clients 100 ;user nobody ;group nogroup persist-key persist-tun status openvpn-status.log ;log openvpn.log ;log-append openvpn.log verb 3 ;mute 20
client dev tun proto udp remote 18.104.22.168 1194 ;remote my-server-2 1194 ;remote-random resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert laptop.crt key laptop.key ns-cert-type server ;tls-auth ta.key 1 comp-lzo verb 3 ;mute 20
For IP router configuration, I added the iptables to
/etc/rc.local, so that iptables can be changed at server startup.
root@iZbp15fejv9adv7o3izfm1Z:/var/log# cat /etc/rc.local #!/bin/sh -e # # rc.local #I also tried comment out first three instructions, but still does not work iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE service dnsmasq restart exit 0
telnet serverIP 80 is OK. In the server: /var/logs/syslog:
Is there any solution?