OpenVPN via tun-device help needed

Message

baeksu · Post by **baeksu** » Thu Dec 27, 2007 4:25 am

I'm trying to set up an OpenVPN tunnel between my home server and my Nokia N800. After following the instruction on Gentoo Wiki (HOWTO OpenVPN primer), I was able to establish connection to the server.

My setup is as follows:

N800 -> through NAT router -> VPN server

I have some services running on the server (imap, ftp), and I can access those through the VPN without a problem. I cannot, however, reach any other machine within my home network. Also, none of the traffic destined outside of the network goes through the VPN.

I think I'm lacking something in either the gateway or route settings. I followed the wiki closely (including enabling packet forwarding), so you can see my configurations from there.

Katphish · Post by **Katphish** » Thu Dec 27, 2007 4:43 am

Did you setup the server to instruct the clients to use openvpn as the default gateway?

I use the second method myself:

Code: Select all

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel.  Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
;push "redirect-gateway"

#
# The push "redirect-gateway def1" command,
# commented out in the example, instructs the
# OpenVPN server to send additional routing
# details to connecting clients. Specifically,
# this sends two new routes which are just
# slightly more specific than the normal default
# route. Due to the way routing works
# (more specific before less specific), the
# result is that these new routes effectively
# become the new default routes for all client
# traffic.
# This means that the VPN server effectively
# becomes the default gateway for all VPN traffic.
# This may or may not be what you want.
push "redirect-gateway def1"

The openvpn primer is good but it is a little dated. The default port number is 1194 among other changes. There is a mostly full server configuration at /usr/share/doc/openvpn-2.0.6/examples/sample-config-files/server.conf.gz. The file is gzipped so use zmore to view it.

Here is a more current tutorial with some nicer features:

http://gentoo-wiki.com/HOWTO_Road_Warriors_with_OpenVPN

baeksu · Post by **baeksu** » Thu Dec 27, 2007 8:17 am

Simply adding the gateway option you suggested didn't work, so I'm going to have a look at the road warrior vpn guide.

I was hoping I wouldn't have to muck with network bridging to get this work, but I guess there's no other way...

baeksu · Post by **baeksu** » Thu Dec 27, 2007 1:46 pm

Well, I tried following the guide, but I guess I got lost on the way. Lost network connection, which is inconvenient on a headless server.

I guess I'll go back to the simple, though less functional openvpn setup I had, and just ssh tunnel whatever few services I need to get through.

Thanks for the help, though.