LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page can't find openvpn key folder
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
Page 7 of 7 « First 56 7
  Search this Thread
Old 09-21-2009, 12:46 PM   #91
prasanta
Member
 
Registered: Mar 2005
Location: India
Distribution: Debian
Posts: 368

Rep: Reputation: 37

Yes.

echo 1 > /proc/sys/net/ipv4/ip_forward

or the above as you have done.

Regards,

--
Prasanta
 
Old 09-21-2009, 12:47 PM   #92
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by qwertyjjj View Post
where does ip_forward=1 have to be set?
sysctl -w net.ipv4.ip_forward=1

So, this:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 88.xxx.xxx.xxx
I added this but the iptables won't restart@

Code:
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 1057 -m state --state NEW -m recent --set --name SSH --rsource
-A INPUT -i eth0 -p tcp -m tcp --dport 1057 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 --rttl --name SSH --rsource -j DROP
-A INPUT -d 88.xxx.xxx.xxx -p tcp -m tcp --dport 1057 -m state --state NEW -j ACCEPT
-A INPUT -d 88.xxx.xxx.xxx -p tcp -m tcp --dport 5555 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8002 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9001 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -d 88.xxx.xxx.xxx -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -d 88.xxx.xxx.xxx -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
-t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 88.xxx.xxx.xxx
-A INPUT -p icmp -m limit --limit 1/sec --limit-burst 1 -j ACCEPT
-A INPUT -d 88.xxx.xxx.xxx -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 88.xxx.xxx.xxx -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
 
Old 09-21-2009, 12:53 PM   #93
prasanta
Member
 
Registered: Mar 2005
Location: India
Distribution: Debian
Posts: 368

Rep: Reputation: 37
/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j SNAT --to-source 88.x.x.x

Regards,

--
Prasanta
 
Old 09-21-2009, 12:56 PM   #94
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by prasanta View Post
/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j SNAT --to-source 88.x.x.x

Regards,

--
Prasanta
Where is this stored?
When I run it, I can't see the forward rule in my iptables file anymore?
my iptables is in /etc/sysconfig
Last edited by qwertyjjj; 09-21-2009 at 01:00 PM.
 
Old 09-21-2009, 12:58 PM   #95
prasanta
Member
 
Registered: Mar 2005
Location: India
Distribution: Debian
Posts: 368

Rep: Reputation: 37
What? Use,

iptables -L -t nat

Regards,

--
Prasanta
 
Old 09-21-2009, 01:18 PM   #96
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by prasanta View Post
What? Use,

iptables -L -t nat

Regards,

--
Prasanta
This is after adding it to /sbin/iptables.
My iptables file is in /etc/sysconfig/iptables - shouldn't I add a rule to the script in the above posts?

Code:
[root@localhost ~]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@localhost ~]#
this seemed to work:

Code:
[root@localhost ~]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 88.208.237.198
[root@localhost ~]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  10.8.0.0/24          anywhere            to:88.xxx.xxx.xxx

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@localhost ~]#
Last edited by qwertyjjj; 09-21-2009 at 01:21 PM.
 
Old 09-21-2009, 01:34 PM   #97
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Original Poster
Rep: Reputation: 30
Ok...so...

server config changed
iptables routing added - I tried both eth0 and eth1

I connect to VPN
I can ping 10.8.0.1
I can ping the server public IP 88.xx.xx.xx
I cannot ping www.google.com
 
Old 09-21-2009, 01:37 PM   #98
prasanta
Member
 
Registered: Mar 2005
Location: India
Distribution: Debian
Posts: 368

Rep: Reputation: 37
Is it resolving? Try pinging with IP.

Regards,

--
Prasanta
 
Old 09-21-2009, 02:00 PM   #99
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by prasanta View Post
Is it resolving? Try pinging with IP.

Regards,

--
Prasanta
No, it does not resolve. I tried pinging google on
ping 66.102.9.105 when connected to the VPN but all the requests timed out.
SHould it definitely be eth1 and not eth0 ?
Last edited by qwertyjjj; 09-21-2009 at 02:05 PM.
 
Old 09-21-2009, 02:06 PM   #100
prasanta
Member
 
Registered: Mar 2005
Location: India
Distribution: Debian
Posts: 368

Rep: Reputation: 37
push "dhcp-option DNS yourdnsip"

Put this in server.conf.

I am not sure why it is not pinging. Need to google.

Regards,

--
Prasanta
 
Old 09-21-2009, 02:22 PM   #101
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by prasanta View Post
push "dhcp-option DNS yourdnsip"

Put this in server.conf.

I am not sure why it is not pinging. Need to google.

Regards,

--
Prasanta
I found my nameservers using:
Code:
[root@localhost keys]# cat /etc/resolv.conf
nameserver 213.171.xxx.xxx
nameserver 213.171.xxx.xxx
So I used:
push "dhcp-option DNS 213.171.xxx.xxx"
could not ping google, could not resolve google.

I tried opendns
push "dhcp-option DNS 208.67.222.222"
could not ping google, could not resolve google.


I tried my server's IP address
push "dhcp-option DNS 88.xxx.xxx.xxx"

Does this look okay, it's what the server prints out:
Code:
Mon Sep 21 20:18:27 2009 myfirst.cert/86.xxx.xxx.xx:3501 SENT CONTROL [myfirst.cert]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Last edited by qwertyjjj; 09-21-2009 at 02:24 PM.
 
Old 09-21-2009, 02:29 PM   #102
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by qwertyjjj View Post
I found my nameservers using:
Code:
[root@localhost keys]# cat /etc/resolv.conf
nameserver 213.171.xxx.xxx
nameserver 213.171.xxx.xxx
So I used:
push "dhcp-option DNS 213.171.xxx.xxx"
could not ping google, could not resolve google.

I tried opendns
push "dhcp-option DNS 208.67.222.222"
could not ping google, could not resolve google.


I tried my server's IP address
push "dhcp-option DNS 88.xxx.xxx.xxx"

Does this look okay, it's what the server prints out:
Code:
Mon Sep 21 20:18:27 2009 myfirst.cert/86.xxx.xxx.xx:3501 SENT CONTROL [myfirst.cert]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
I just did an ipconfig /all on the Windows client to check the push settings from the server and for the TAP_win32 adapter it has the defualt gateway as 10.8.0.5, dhcp server 10.8.0.5, even though the dns server is that of opendns
Is that correct?

http://www.sidekicker.net/connect3.jpg
Last edited by qwertyjjj; 09-21-2009 at 02:36 PM.
 
  


Reply
Page 7 of 7 « First 56 7



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 02:20 AM
OpenVPN key generation chillster Linux - Security 1 12-22-2008 07:21 PM
Openvpn key system paranoid times Linux - Software 0 02-22-2008 01:52 PM
how to configure samba server every time login to that folder need key password. hocheetiong Linux - Software 1 11-23-2007 12:36 AM
SOLVED -- Hard-to-find gotcha in OpenVPN jlinkels Linux - Networking 0 07-30-2007 11:34 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:39 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration