+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Network and Classroom Management Thread, OpenVPN in Technical; Hi Everyone, I have just managed to set-up OpenVPN on Ubuntu everything is working and connecting fine apart from internet ...
  1. #1
    MattGibson's Avatar
    Join Date
    May 2008
    Location
    Epsom
    Posts
    169
    Thank Post
    20
    Thanked 11 Times in 8 Posts
    Rep Power
    15

    OpenVPN

    Hi Everyone,

    I have just managed to set-up OpenVPN on Ubuntu everything is working and connecting fine apart from internet explorer - I want all web traffic to be routed through the open access server. FireFox is working fine with the schools proxy details but IE just wont connect.

    Anyone using OpenVPN? or managed to achieve routing all traffic?

    Regards
    Matt

  2. #2

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    I always had to do something like

    Code:
    iptables -t nat -A POSTROUTING -s $PRIVATE -o eth0 -j MASQUERADE
    to get openvpn working..

    Also, did you remember to
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward

  3. Thanks to RabbieBurns from:

    MattGibson (21st June 2010)

  4. #3
    MattGibson's Avatar
    Join Date
    May 2008
    Location
    Epsom
    Posts
    169
    Thank Post
    20
    Thanked 11 Times in 8 Posts
    Rep Power
    15
    Hi There,

    Thanks for your reply i simply copied and pasted:
    iptables -t nat -A POSTROUTING -s $PRIVATE -o eth0 -j MASQUERADE
    But this returned Bad command.

    your second comment says have i tried
    echo 1 > /proc/sys/net/ipv4/ip_forward
    I'm not actually sure what this is as i'm new to all this. Could you give me some sort of guide? it would be really useful to get this up and running.

    Many Thanks
    Matt Gibson

  5. #4


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,618
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    $PRIVATE in the nat command is a variable, like $foo or $bar. Fill in the appropriate source IP.

  6. Thanks to pete from:

    MattGibson (21st June 2010)

  7. #5
    MattGibson's Avatar
    Join Date
    May 2008
    Location
    Epsom
    Posts
    169
    Thank Post
    20
    Thanked 11 Times in 8 Posts
    Rep Power
    15
    Source being my Proxy or Router?

    Cheers
    Matt

  8. #6

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Code:
         iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    This command assumes that the VPN subnet is 10.8.0.0/24 (taken from the server directive in the OpenVPN server configuration) and that the local ethernet interface is eth0.
    HOWTO

    Also, the
    Code:
     
    echo 1 > /proc/sys/net/ipv4/ip_forward
    line edits the file ip_forward in /proc/sys/net/ipv4 and puts a 1 into the file, to enable Ip Forwarding (routing?)

  9. Thanks to RabbieBurns from:

    MattGibson (21st June 2010)

  10. #7
    MattGibson's Avatar
    Join Date
    May 2008
    Location
    Epsom
    Posts
    169
    Thank Post
    20
    Thanked 11 Times in 8 Posts
    Rep Power
    15
    Hi Guys,

    Really sorry to be a pain but i've run the above commands and still not getting anywhere. Here's my setup:

    OpenVPN Server is on 10.18.52.2
    Router is 10.18.55.254
    Proxy is 10.18.52.11

    Using Layer 2 (to get IP address from DHCP server)

    iptables -t nat -A POSTROUTING -s 10.18.52.0/24 -o eth0 -j MASQUERADE
    and tried
    echo 1 > /proc/sys/net/ipv4/ip_forward

    Also manually looked into the IP_forward file and it has a 1 listed.

    My Client needs to be routed through our Proxy on site which is 10.18.52.11 port 8000

    Also manually looked into the IP_forward file and it has a 1 listed.
    Last edited by MattGibson; 21st June 2010 at 11:28 AM.

  11. #8

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    the -s should be the IP of the Tunnel network I think. what have you specified in the openvpn config?

    For example, my network is 192.168.2.0/24 so I made the tunnel network 10.0.8.0/24

    What subnet mask are you using on your 10.18 network?

  12. #9
    MattGibson's Avatar
    Join Date
    May 2008
    Location
    Epsom
    Posts
    169
    Thank Post
    20
    Thanked 11 Times in 8 Posts
    Rep Power
    15
    Hi Everyone,

    I've now switched it back to Layer 3 and now everything is working! I confused myself by changing it to Layer 2. Thanks to everyone for you input into this.

    I may need to open a new thread for this but its regarding OpenVPN. In our school we have two networks Admin and Curriculum when I install Open VPN on a curriculum laptop I will need to cross-over to our admin network to connect to our MIS (SIMS) However I've tested this and it wont let me.

    Can anyone advise a work around for this? I was hoping to use OpenVPN for this purpose.

    Ping Results
    Main Forest Root (curriculum)

    Server-001.curriculum.internal This ping's fine when I run > Ping Server

    Main Admin Network (Admin containing MIS)

    Admin-001.admin.internal This doesn't when I run > Ping admin-001 "No Reply"
    This ping's fine when I run > Ping admin-001.admin.internal

    I have tried running the UNC path to the simshare but obviously no reply.

  13. #10

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Do you have trusts set up between the domains? Are the domains on the same physical network / subnet ?

  14. #11
    MattGibson's Avatar
    Join Date
    May 2008
    Location
    Epsom
    Posts
    169
    Thank Post
    20
    Thanked 11 Times in 8 Posts
    Rep Power
    15
    Hi There,

    Yes, We have a trust between the two domains and they are on the same subnet and physical network.

  15. #12

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Im a bit lost.. I dont really understand what you are trying to achieve with openvpn ?

    If pings to the FQDN arent working, can you ping the IP of the hosts.. If so, I reckon its just DNS you have to look at ...

  16. #13
    MattGibson's Avatar
    Join Date
    May 2008
    Location
    Epsom
    Posts
    169
    Thank Post
    20
    Thanked 11 Times in 8 Posts
    Rep Power
    15
    Hi Guys,

    Is it possible for OpenVPN Client to run a script after its connected. Basically I want staff to be able to connect to the network when they are at home OpenVPN seems to do everything I want it to but after its connected I want a .BAT to run so that it will map the network drives.

    Regards
    Matt

  17. #14
    MattGibson's Avatar
    Join Date
    May 2008
    Location
    Epsom
    Posts
    169
    Thank Post
    20
    Thanked 11 Times in 8 Posts
    Rep Power
    15
    Does anyone know, I'm pretty sure its to do with the Client Config Directives to make this happen but none are working for me.

  18. #15

    Join Date
    May 2008
    Location
    Basingstoke
    Posts
    21
    Thank Post
    0
    Thanked 2 Times in 1 Post
    Rep Power
    13
    Quote Originally Posted by RabbieBurns View Post
    Im a bit lost.. I dont really understand what you are trying to achieve with openvpn ?

    If pings to the FQDN arent working, can you ping the IP of the hosts.. If so, I reckon its just DNS you have to look at ...
    Ok I've resolved this.

    On "VPN Settings > Routing > Specify the private subnets to which all clients should be given access" I made the internal network entry more specific. It was 10.0.0.0/8 and I changed it to 10.1.1.0/24

    Then further down under "DNS Settings" I selected "Have clients use these DNS servers:" and I specified the internal DNS servers on the network. I saved and updated the server and reconnected the client. I can now resolve computer names on the remote network.

    Regards, David.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. OpenVPN as a replacement for Easylink???
    By ba9ag in forum Wireless Networks
    Replies: 11
    Last Post: 27th January 2010, 07:22 PM
  2. VPN. Should I use server2003 or openVPN?
    By ASNet0007 in forum Wireless Networks
    Replies: 4
    Last Post: 9th December 2009, 11:53 AM
  3. [Gentoo] openvpn / iptables
    By RabbieBurns in forum *nix
    Replies: 9
    Last Post: 4th August 2009, 03:18 PM
  4. openvpn problem
    By RabbieBurns in forum *nix
    Replies: 9
    Last Post: 30th July 2008, 12:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •