Problem on Routing/IP_Forwarding

[Edge100x]

The network on a VDS is run just like it is on a dedicated machine, and it supports all the same rules. The changes to be made would be the same ones needed to migrate between dedicated servers -- IPs and the like.

Is the OS tossing out an error when you enter any of these manually?

Have you confirmed that your OpenVPN daemon is not kicking out any errors of its own?

The degree to which I can assist is limited by the fact that I've never experimented with OpenVPN myself.

[paulg1981]

I do appreciate your assistance and I know these are unmanaged servers when renting a vds/dedi, so please don't interpret my frustration with the issue as if it were intended for you!

The problem is just as you described, there shouldn't be any difference in the iptables rules except device names or ip addresses (which i have triple checked) and no other errors are thrown openvpn or otherwise. The traffic is simply not routed to the internet-facing device.

I have the exact same configs on the exact same server configuration and it works as expected. Hence my frustration! If anyone has encountered this issue before, possibly the first poster, and has resolved it please help me to do the same.

Paul

[Edge100x]

Without delving into the OpenVPN setup, the next thing that I would try is running tcpdump on the VDS and windump on the client, and making sure that everything the client is sending is being received by the server. At the same time, you can see if the server is retransmitting the traffic with the correct source IP address.

[paulg1981]

Ok so I reinstalled Ubuntu 12.04 and just updated the system:

apt-get update
apt-get upgrade
apt-get dist-upgrade

Then rebooted.

apt-get install openvpn
Installed my server.conf and certs

The VPN Connection is fine but still no internet access even with no firewall and ip_forwarding enabled?!

What the heck is the problem? Grrrrrr

[Edge100x]

Have you run those concurrent traffic dumps?

[paulg1981]

I have not but I will, I am looking at the tun adapter correct?

[Edge100x]

You would be looking at the physical adapter (eth0).

[paulg1981]

Never could get it sorted and ended up staying with the previous provider

Didn't want to 'upgrade' my server and loose functionality. I tried with numerous distribution (ubuntu 12,10, centos6, debian) and had the exact same issue of no NAT traversal. Either there is something inherently different with the vds that I am not seeing or it is not possible for some reason. Either way I couldn't figure it out!

Thanks for the attempts to help John.

[Edge100x]

It would have been a configuration problem of some sort, certainly, since I know that other customers have used this and other VPN software successfully. Looking at the traffic would likely have revealed that the wrong IP was being used on the outbound, or similar.

[paulg1981]

I would still like to get this working, it is bugging me!

Here is the dump from the VDS with the VPN running and connected:

https://www.dropbox.com/s/vsv5ne206eoqr0f/dump.txt

[paulg1981]

And here is the wireshark log from my home connection:

https://www.dropbox.com/s/udugfkizh8dd3vw/dump2

[paulg1981]

Nevermind

[Edge100x]

For traffic logs, you may need to send those privately.

[paulg1981]

Okay so I have been looking through the logs and I have made some progress. I can now get the vpn connection to respond to (ping and load webpages,etc) from the local machine that runs the openvpn server.

The problem is that I still cannot get the openvpn clients to access the internet through the openvpn connection. I enabled logging for ufw and I can see the ping requests going through tun0 to eth0 like in this attempt to ping google.com from the connection:

Code: Select all

May 13 00:16:14 vds kernel: [20668.474485] [UFW ALLOW] IN=tun0 OUT=eth0 SRC=10.8.0.6 DST=74.125.227.50 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=8031 DF PROTO=TCP SPT=55512 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 

So the traffic is being allowed and the dns is working since google.com got translated to 74.125.227.50.

So why is the traffic not leaving eth0? I feel like it is a simple setting I missed somewhere along the way?

Anyone's help would be most appreciated.

[Edge100x]

Does a tcpdump process monitoring eth0 tell you that any traffic is going out? If so, does it have the correct source IP (your external IP instead of an internal one)?