OpenVPN web traffic routing not working Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Come Celebrate our 10 Year Anniversary!Client unable to reach Internet through OpenVPNOpenVPN server will not redirect trafficEnsure PPTP / OpenVPN clients cannot interact with each other?Connect AWS and Azure via OpenVPNCent OS - OpenVPN client connects but can't access internetNO routing in VPN to client sideOpenVPN and multicast routingOpenVPN Client Local LAN AccessOpenVPN in AWS not working - same config works in DigitalOceanRouting and OpenVPN not running on the default gateway
What are the discoveries that have been possible with the rejection of positivism?
Has negative voting ever been officially implemented in elections, or seriously proposed, or even studied?
Getting prompted for verification code but where do I put it in?
Why does 14 CFR have skipped subparts in my ASA 2019 FAR/AIM book?
Amount of permutations on an NxNxN Rubik's Cube
Is the IBM 5153 color display compatible with the Tandy 1000 16 color modes?
Flash light on something
Most bit efficient text communication method?
Why does it sometimes sound good to play a grace note as a lead in to a note in a melody?
How can I set the aperture on my DSLR when it's attached to a telescope instead of a lens?
What is the meaning of 'breadth' in breadth first search?
What does this say in Elvish?
What makes a man succeed?
How does the math work when buying airline miles?
Co-worker has annoying ringtone
preposition before coffee
Project Euler #1 in C++
1-probability to calculate two events in a row
Intuitive explanation of the rank-nullity theorem
Is there public access to the Meteor Crater in Arizona?
What does Turing mean by this statement?
Semigroups with no morphisms between them
How many morphisms from 1 to 1+1 can there be?
Google .dev domain strangely redirects to https
OpenVPN web traffic routing not working
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)
Come Celebrate our 10 Year Anniversary!Client unable to reach Internet through OpenVPNOpenVPN server will not redirect trafficEnsure PPTP / OpenVPN clients cannot interact with each other?Connect AWS and Azure via OpenVPNCent OS - OpenVPN client connects but can't access internetNO routing in VPN to client sideOpenVPN and multicast routingOpenVPN Client Local LAN AccessOpenVPN in AWS not working - same config works in DigitalOceanRouting and OpenVPN not running on the default gateway
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
My first time trying to set up OpenVPN. I followed the HOWTO guide from OpenVPN's site and was successfully connected but when I tried to route my web traffic, it seems that nothing gets through to my server.
My server is an Amazon EC2 box and my client is MacOS Lion. I'm using Tunnelblick on the Mac. I have run/tried the following:
- ran
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADEon my server - disabled firewall on the mac
- enabled UDP 1194 on EC2 firewall
- tried both dev tun and dev tap
- tried using Amazon's name server with "push "dhcp-option DNS 172.16.0.23" as well as Google's 8.8.8.8[/list]
Here is my server config file: http://pastebin.com/izCBxk99
server ifconfig while running OpenVPN: http://pastebin.com/xM9w8kAA
server log, with one client connecting and trying to open a webpage after successful connection: http://pastebin.com/B1WAJ2XH
Client config file: http://pastebin.com/GzPeXE7E
client ifconfig while running OpenVPN: http://pastebin.com/ZQvvP9Z0
client log: http://pastebin.com/xmhEx77g
The only error I notice is in the client log, where it says:
2012-05-06 20:43:44 us=732786 /sbin/ifconfig tap0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2012-05-06 20:43:44 us=738214 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Could that be the problem? I found some webpage that said Tunnelblick used to have problems with Lion, but the version I'm using is higher than the one mentioned as the fix.
In addition, I noticed that after running iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE (with su), my server still shows just the following if I do netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.248.138.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
0.0.0.0 10.248.138.1 0.0.0.0 UG 0 0 0 eth0
The server doesn't seem to have gotten the new routes. Is this the problem?
Please help. Thanks!
openvpn
asked May 10 '12 at 0:03
jetjet
1263
migrated from stackoverflow.com Jun 21 '12 at 13:59
This question came from our site for professional and enthusiast programmers.
add a comment |
My first time trying to set up OpenVPN. I followed the HOWTO guide from OpenVPN's site and was successfully connected but when I tried to route my web traffic, it seems that nothing gets through to my server.
My server is an Amazon EC2 box and my client is MacOS Lion. I'm using Tunnelblick on the Mac. I have run/tried the following:
- ran
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADEon my server - disabled firewall on the mac
- enabled UDP 1194 on EC2 firewall
- tried both dev tun and dev tap
- tried using Amazon's name server with "push "dhcp-option DNS 172.16.0.23" as well as Google's 8.8.8.8[/list]
Here is my server config file: http://pastebin.com/izCBxk99
server ifconfig while running OpenVPN: http://pastebin.com/xM9w8kAA
server log, with one client connecting and trying to open a webpage after successful connection: http://pastebin.com/B1WAJ2XH
Client config file: http://pastebin.com/GzPeXE7E
client ifconfig while running OpenVPN: http://pastebin.com/ZQvvP9Z0
client log: http://pastebin.com/xmhEx77g
The only error I notice is in the client log, where it says:
2012-05-06 20:43:44 us=732786 /sbin/ifconfig tap0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2012-05-06 20:43:44 us=738214 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Could that be the problem? I found some webpage that said Tunnelblick used to have problems with Lion, but the version I'm using is higher than the one mentioned as the fix.
In addition, I noticed that after running iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE (with su), my server still shows just the following if I do netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.248.138.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
0.0.0.0 10.248.138.1 0.0.0.0 UG 0 0 0 eth0
The server doesn't seem to have gotten the new routes. Is this the problem?
Please help. Thanks!
openvpn
asked May 10 '12 at 0:03
jetjet
1263
migrated from stackoverflow.com Jun 21 '12 at 13:59
This question came from our site for professional and enthusiast programmers.
add a comment |
My first time trying to set up OpenVPN. I followed the HOWTO guide from OpenVPN's site and was successfully connected but when I tried to route my web traffic, it seems that nothing gets through to my server.
My server is an Amazon EC2 box and my client is MacOS Lion. I'm using Tunnelblick on the Mac. I have run/tried the following:
- ran
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADEon my server - disabled firewall on the mac
- enabled UDP 1194 on EC2 firewall
- tried both dev tun and dev tap
- tried using Amazon's name server with "push "dhcp-option DNS 172.16.0.23" as well as Google's 8.8.8.8[/list]
Here is my server config file: http://pastebin.com/izCBxk99
server ifconfig while running OpenVPN: http://pastebin.com/xM9w8kAA
server log, with one client connecting and trying to open a webpage after successful connection: http://pastebin.com/B1WAJ2XH
Client config file: http://pastebin.com/GzPeXE7E
client ifconfig while running OpenVPN: http://pastebin.com/ZQvvP9Z0
client log: http://pastebin.com/xmhEx77g
The only error I notice is in the client log, where it says:
2012-05-06 20:43:44 us=732786 /sbin/ifconfig tap0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2012-05-06 20:43:44 us=738214 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Could that be the problem? I found some webpage that said Tunnelblick used to have problems with Lion, but the version I'm using is higher than the one mentioned as the fix.
In addition, I noticed that after running iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE (with su), my server still shows just the following if I do netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.248.138.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
0.0.0.0 10.248.138.1 0.0.0.0 UG 0 0 0 eth0
The server doesn't seem to have gotten the new routes. Is this the problem?
Please help. Thanks!
openvpn
asked May 10 '12 at 0:03
jetjet
1263
My first time trying to set up OpenVPN. I followed the HOWTO guide from OpenVPN's site and was successfully connected but when I tried to route my web traffic, it seems that nothing gets through to my server.
My server is an Amazon EC2 box and my client is MacOS Lion. I'm using Tunnelblick on the Mac. I have run/tried the following:
- ran
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADEon my server - disabled firewall on the mac
- enabled UDP 1194 on EC2 firewall
- tried both dev tun and dev tap
- tried using Amazon's name server with "push "dhcp-option DNS 172.16.0.23" as well as Google's 8.8.8.8[/list]
Here is my server config file: http://pastebin.com/izCBxk99
server ifconfig while running OpenVPN: http://pastebin.com/xM9w8kAA
server log, with one client connecting and trying to open a webpage after successful connection: http://pastebin.com/B1WAJ2XH
Client config file: http://pastebin.com/GzPeXE7E
client ifconfig while running OpenVPN: http://pastebin.com/ZQvvP9Z0
client log: http://pastebin.com/xmhEx77g
The only error I notice is in the client log, where it says:
2012-05-06 20:43:44 us=732786 /sbin/ifconfig tap0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2012-05-06 20:43:44 us=738214 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Could that be the problem? I found some webpage that said Tunnelblick used to have problems with Lion, but the version I'm using is higher than the one mentioned as the fix.
In addition, I noticed that after running iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE (with su), my server still shows just the following if I do netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.248.138.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
0.0.0.0 10.248.138.1 0.0.0.0 UG 0 0 0 eth0
The server doesn't seem to have gotten the new routes. Is this the problem?
Please help. Thanks!
openvpn
openvpn
asked May 10 '12 at 0:03
jetjet
1263
asked May 10 '12 at 0:03
jetjet
1263
asked May 10 '12 at 0:03
jetjet
1263
asked May 10 '12 at 0:03
jetjet
1263
asked May 10 '12 at 0:03
jetjet
1263
1263
migrated from stackoverflow.com Jun 21 '12 at 13:59
This question came from our site for professional and enthusiast programmers.
migrated from stackoverflow.com Jun 21 '12 at 13:59
This question came from our site for professional and enthusiast programmers.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Have you enabled ip_forward on server?
cat /proc/sys/net/ipv4/ip_forward # 0 disabled, 1 enabled
enable it to allow masquerading:
echo 1 > /proc/sys/net/ipv4/ip_forward
and to make change permanent, edit /etc/sysctl.conf:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
answered Aug 6 '14 at 6:23
LluísLluís
3351320
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f400949%2fopenvpn-web-traffic-routing-not-working%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Have you enabled ip_forward on server?
cat /proc/sys/net/ipv4/ip_forward # 0 disabled, 1 enabled
enable it to allow masquerading:
echo 1 > /proc/sys/net/ipv4/ip_forward
and to make change permanent, edit /etc/sysctl.conf:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
answered Aug 6 '14 at 6:23
LluísLluís
3351320
add a comment |
Have you enabled ip_forward on server?
cat /proc/sys/net/ipv4/ip_forward # 0 disabled, 1 enabled
enable it to allow masquerading:
echo 1 > /proc/sys/net/ipv4/ip_forward
and to make change permanent, edit /etc/sysctl.conf:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
answered Aug 6 '14 at 6:23
LluísLluís
3351320
add a comment |
Have you enabled ip_forward on server?
cat /proc/sys/net/ipv4/ip_forward # 0 disabled, 1 enabled
enable it to allow masquerading:
echo 1 > /proc/sys/net/ipv4/ip_forward
and to make change permanent, edit /etc/sysctl.conf:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
answered Aug 6 '14 at 6:23
LluísLluís
3351320
Have you enabled ip_forward on server?
cat /proc/sys/net/ipv4/ip_forward # 0 disabled, 1 enabled
enable it to allow masquerading:
echo 1 > /proc/sys/net/ipv4/ip_forward
and to make change permanent, edit /etc/sysctl.conf:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
answered Aug 6 '14 at 6:23
LluísLluís
3351320
answered Aug 6 '14 at 6:23
LluísLluís
3351320
answered Aug 6 '14 at 6:23
LluísLluís
3351320
answered Aug 6 '14 at 6:23
LluísLluís
3351320
3351320
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f400949%2fopenvpn-web-traffic-routing-not-working%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
