Setup OpenVPN server
I've followed this guide in order to run my linode as a VPN server, to be able to connect to it from my desktop (Windows8):
I have opened UDP port 1194 and made all necessary configurations. However, when I try to connect to my hostname and port, the OpenVPN log at the server (using tail -f) says nothing at all…
I have:
1) Set hostname and port in server.conf
2) Opened post 1194 (UDP) in my firewall (csf)
3) Started the service.
One remark on this.. I'm using a wildcard SSL issued by GlobalSign, where CA in the server.conf is Globalsigns "Trusted Root", and CERT and KEY are the wildcard certificates resp. files.
But I don't think it's a certficiate related issue, since the log says nothing when trying to connect.
An help on this would be highly appreciated. Thanks!
38 Replies
udp 0 0 0.0.0.0:1194 0.0.0.0:* 17476/openvpn
Looks like it doesn't listen to any ipadress? Where in the configuration do I set this?
Now netstat shows the correct address. Tried to telnet "hostname 1194" but nothing happens. At the same time, if I telnet "hostname 21" (ftp) or "hostname 587" (smtp) I get connected.
When using port 1194 I'm just getting "Connection lost", no lines in syslog, openvpn log which is strange?
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- !lo * 109.74.193.20 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- !lo * 109.74.193.20 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- !lo * 109.74.193.20 0.0.0.0/0 tcp spt:53
32 4055 ACCEPT udp -- !lo * 109.74.193.20 0.0.0.0/0 udp spt:53
0 0 ACCEPT tcp -- !lo * 109.74.192.20 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- !lo * 109.74.192.20 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- !lo * 109.74.192.20 0.0.0.0/0 tcp spt:53
32 4511 ACCEPT udp -- !lo * 109.74.192.20 0.0.0.0/0 udp spt:53
0 0 ACCEPT tcp -- !lo * 109.74.194.20 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- !lo * 109.74.194.20 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- !lo * 109.74.194.20 0.0.0.0/0 tcp spt:53
21198 3688K ACCEPT udp -- !lo * 109.74.194.20 0.0.0.0/0 udp spt:53
151K 711M LOCALINPUT all -- !lo * 0.0.0.0/0 0.0.0.0/0
82042 25M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
22118 4195K INVALID tcp -- !lo * 0.0.0.0/0 0.0.0.0/0
20960 4143K ACCEPT all -- !lo * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
3 160 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
3 164 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143
1 40 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
510 30600 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:465
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:587
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10031
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:1194
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:21
1 58 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:1194
0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg 1/sec burst 5
0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 3
48 2194 LOGDROPIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 109.74.193.20 tcp dpt:53
32 1763 ACCEPT udp -- * !lo 0.0.0.0/0 109.74.193.20 udp dpt:53
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 109.74.193.20 tcp spt:53
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 109.74.193.20 udp spt:53
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 109.74.192.20 tcp dpt:53
32 1767 ACCEPT udp -- * !lo 0.0.0.0/0 109.74.192.20 udp dpt:53
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 109.74.192.20 tcp spt:53
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 109.74.192.20 udp spt:53
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 109.74.194.20 tcp dpt:53
21198 1473K ACCEPT udp -- * !lo 0.0.0.0/0 109.74.194.20 udp dpt:53
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 109.74.194.20 tcp spt:53
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 109.74.194.20 udp spt:53
202K 32M LOCALOUTPUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
96 7095 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 tcp spt:53
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 udp spt:53
82042 25M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
23659 8669K INVALID tcp -- * !lo 0.0.0.0/0 0.0.0.0/0
20250 8444K ACCEPT all -- * !lo 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
846 50760 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:113
11 660 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:465
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:587
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:21
1 75 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:113
9 684 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123
0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 3
3196 298K DROP all -- * !lo 0.0.0.0/0 0.0.0.0/0
Chain ALLOWIN (1 references)
pkts bytes target prot opt in out source destination
4530 297K ACCEPT all -- !lo * 121.54.32.164 0.0.0.0/0
36 1779 ACCEPT all -- !lo * 64.20.227.0/24 0.0.0.0/0
0 0 ACCEPT all -- !lo * 195.74.38.28 0.0.0.0/0
62007 470M ACCEPT all -- !lo * 192.168.129.118 0.0.0.0/0
517 59504 ACCEPT all -- !lo * 192.168.133.2 0.0.0.0/0
61969 237M ACCEPT all -- !lo * 192.168.165.29 0.0.0.0/0
0 0 ACCEPT all -- !lo * 112.198.90.180 0.0.0.0/0
Chain ALLOWOUT (1 references)
pkts bytes target prot opt in out source destination
3361 935K ACCEPT all -- * !lo 0.0.0.0/0 121.54.32.164
27 1962 ACCEPT all -- * !lo 0.0.0.0/0 64.20.227.0/24
0 0 ACCEPT all -- * !lo 0.0.0.0/0 195.74.38.28
88216 11M ACCEPT all -- * !lo 0.0.0.0/0 192.168.129.118
494 45856 ACCEPT all -- * !lo 0.0.0.0/0 192.168.133.2
85707 11M ACCEPT all -- * !lo 0.0.0.0/0 192.168.165.29
0 0 ACCEPT all -- * !lo 0.0.0.0/0 112.198.90.180
Chain DENYIN (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- !lo * 109.63.109.182 0.0.0.0/0
0 0 DROP all -- !lo * 58.137.72.110 0.0.0.0/0
0 0 DROP all -- !lo * 117.253.106.71 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.134.93 0.0.0.0/0
0 0 DROP all -- !lo * 184.168.107.159 0.0.0.0/0
0 0 DROP all -- !lo * 182.74.88.26 0.0.0.0/0
0 0 DROP all -- !lo * 109.161.237.190 0.0.0.0/0
0 0 DROP all -- !lo * 188.135.155.234 0.0.0.0/0
0 0 DROP all -- !lo * 184.168.116.249 0.0.0.0/0
0 0 DROP all -- !lo * 109.63.95.90 0.0.0.0/0
0 0 DROP all -- !lo * 203.113.130.207 0.0.0.0/0
0 0 DROP all -- !lo * 109.63.124.202 0.0.0.0/0
0 0 DROP all -- !lo * 190.60.31.107 0.0.0.0/0
0 0 DROP all -- !lo * 218.87.111.118 0.0.0.0/0
0 0 DROP all -- !lo * 109.63.85.22 0.0.0.0/0
0 0 DROP all -- !lo * 200.145.214.205 0.0.0.0/0
0 0 DROP all -- !lo * 182.74.219.250 0.0.0.0/0
0 0 DROP all -- !lo * 117.253.218.191 0.0.0.0/0
0 0 DROP all -- !lo * 200.222.97.71 0.0.0.0/0
0 0 DROP all -- !lo * 182.72.186.146 0.0.0.0/0
0 0 DROP all -- !lo * 177.200.144.10 0.0.0.0/0
0 0 DROP all -- !lo * 109.161.204.46 0.0.0.0/0
0 0 DROP all -- !lo * 189.90.36.125 0.0.0.0/0
0 0 DROP all -- !lo * 87.249.47.6 0.0.0.0/0
0 0 DROP all -- !lo * 184.168.115.157 0.0.0.0/0
0 0 DROP all -- !lo * 189.126.169.176 0.0.0.0/0
0 0 DROP all -- !lo * 109.161.193.240 0.0.0.0/0
0 0 DROP all -- !lo * 117.253.168.114 0.0.0.0/0
0 0 DROP all -- !lo * 109.161.238.77 0.0.0.0/0
0 0 DROP all -- !lo * 95.191.203.92 0.0.0.0/0
0 0 DROP all -- !lo * 109.63.68.14 0.0.0.0/0
0 0 DROP all -- !lo * 117.253.221.139 0.0.0.0/0
0 0 DROP all -- !lo * 177.154.77.148 0.0.0.0/0
0 0 DROP all -- !lo * 182.74.219.170 0.0.0.0/0
0 0 DROP all -- !lo * 71.13.204.170 0.0.0.0/0
0 0 DROP all -- !lo * 218.87.111.117 0.0.0.0/0
0 0 DROP all -- !lo * 124.234.13.254 0.0.0.0/0
0 0 DROP all -- !lo * 61.160.215.102 0.0.0.0/0
0 0 DROP all -- !lo * 203.94.243.84 0.0.0.0/0
0 0 DROP all -- !lo * 188.190.115.58 0.0.0.0/0
0 0 DROP all -- !lo * 182.100.67.102 0.0.0.0/0
0 0 DROP all -- !lo * 183.195.114.70 0.0.0.0/0
0 0 DROP all -- !lo * 43.255.191.169 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.134.96 0.0.0.0/0
0 0 DROP all -- !lo * 1.214.119.230 0.0.0.0/0
0 0 DROP all -- !lo * 58.218.204.248 0.0.0.0/0
0 0 DROP all -- !lo * 61.160.213.190 0.0.0.0/0
0 0 DROP all -- !lo * 58.218.204.245 0.0.0.0/0
0 0 DROP all -- !lo * 58.218.201.17 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.134.88 0.0.0.0/0
0 0 DROP all -- !lo * 58.218.204.241 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.134.97 0.0.0.0/0
9 540 DROP all -- !lo * 222.186.134.89 0.0.0.0/0
0 0 DROP all -- !lo * 58.218.201.19 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.134.86 0.0.0.0/0
0 0 DROP all -- !lo * 195.154.56.56 0.0.0.0/0
0 0 DROP all -- !lo * 221.229.166.29 0.0.0.0/0
0 0 DROP all -- !lo * 221.229.166.30 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.134.85 0.0.0.0/0
0 0 DROP all -- !lo * 218.87.111.116 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.134.91 0.0.0.0/0
0 0 DROP all -- !lo * 221.229.166.27 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.134.92 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.134.98 0.0.0.0/0
0 0 DROP all -- !lo * 91.236.75.124 0.0.0.0/0
0 0 DROP all -- !lo * 58.218.213.254 0.0.0.0/0
0 0 DROP all -- !lo * 61.115.79.20 0.0.0.0/0
0 0 DROP all -- !lo * 58.218.199.49 0.0.0.0/0
0 0 DROP all -- !lo * 58.218.204.226 0.0.0.0/0
0 0 DROP all -- !lo * 221.229.166.28 0.0.0.0/0
0 0 DROP all -- !lo * 218.6.168.220 0.0.0.0/0
0 0 DROP all -- !lo * 182.100.67.112 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.134.87 0.0.0.0/0
0 0 DROP all -- !lo * 222.161.4.147 0.0.0.0/0
0 0 DROP all -- !lo * 74.92.245.100 0.0.0.0/0
0 0 DROP all -- !lo * 123.103.243.254 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.134.94 0.0.0.0/0
0 0 DROP all -- !lo * 58.218.199.195 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.134.90 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.58.131 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.21.209 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.134.99 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.21.198 0.0.0.0/0
0 0 DROP all -- !lo * 58.218.211.190 0.0.0.0/0
0 0 DROP all -- !lo * 182.100.67.115 0.0.0.0/0
0 0 DROP all -- !lo * 218.200.188.213 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.134.95 0.0.0.0/0
0 0 DROP all -- !lo * 221.229.166.98 0.0.0.0/0
0 0 DROP all -- !lo * 218.87.109.62 0.0.0.0/0
0 0 DROP all -- !lo * 222.186.51.228 0.0.0.0/0
0 0 DROP all -- !lo * 222.187.223.214 0.0.0.0/0
0 0 DROP all -- !lo * 42.117.176.195 0.0.0.0/0
0 0 DROP all -- !lo * 218.65.30.73 0.0.0.0/0
0 0 DROP all -- !lo * 61.160.215.103 0.0.0.0/0
0 0 DROP all -- !lo * 202.69.56.190 0.0.0.0/0
0 0 DROP all -- !lo * 103.243.138.30 0.0.0.0/0
0 0 DROP all -- !lo * 115.238.55.163 0.0.0.0/0
0 0 DROP all -- !lo * 125.39.116.219 0.0.0.0/0
0 0 DROP all -- !lo * 61.160.212.27 0.0.0.0/0
0 0 DROP all -- !lo * 216.70.68.137 0.0.0.0/0
Chain DENYOUT (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * !lo 0.0.0.0/0 109.63.109.182
0 0 DROP all -- * !lo 0.0.0.0/0 58.137.72.110
0 0 DROP all -- * !lo 0.0.0.0/0 117.253.106.71
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.93
0 0 DROP all -- * !lo 0.0.0.0/0 184.168.107.159
0 0 DROP all -- * !lo 0.0.0.0/0 182.74.88.26
0 0 DROP all -- * !lo 0.0.0.0/0 109.161.237.190
0 0 DROP all -- * !lo 0.0.0.0/0 188.135.155.234
0 0 DROP all -- * !lo 0.0.0.0/0 184.168.116.249
0 0 DROP all -- * !lo 0.0.0.0/0 109.63.95.90
0 0 DROP all -- * !lo 0.0.0.0/0 203.113.130.207
0 0 DROP all -- * !lo 0.0.0.0/0 109.63.124.202
0 0 DROP all -- * !lo 0.0.0.0/0 190.60.31.107
0 0 DROP all -- * !lo 0.0.0.0/0 218.87.111.118
0 0 DROP all -- * !lo 0.0.0.0/0 109.63.85.22
0 0 DROP all -- * !lo 0.0.0.0/0 200.145.214.205
0 0 DROP all -- * !lo 0.0.0.0/0 182.74.219.250
0 0 DROP all -- * !lo 0.0.0.0/0 117.253.218.191
0 0 DROP all -- * !lo 0.0.0.0/0 200.222.97.71
0 0 DROP all -- * !lo 0.0.0.0/0 182.72.186.146
0 0 DROP all -- * !lo 0.0.0.0/0 177.200.144.10
0 0 DROP all -- * !lo 0.0.0.0/0 109.161.204.46
0 0 DROP all -- * !lo 0.0.0.0/0 189.90.36.125
0 0 DROP all -- * !lo 0.0.0.0/0 87.249.47.6
0 0 DROP all -- * !lo 0.0.0.0/0 184.168.115.157
0 0 DROP all -- * !lo 0.0.0.0/0 189.126.169.176
0 0 DROP all -- * !lo 0.0.0.0/0 109.161.193.240
0 0 DROP all -- * !lo 0.0.0.0/0 117.253.168.114
0 0 DROP all -- * !lo 0.0.0.0/0 109.161.238.77
0 0 DROP all -- * !lo 0.0.0.0/0 95.191.203.92
0 0 DROP all -- * !lo 0.0.0.0/0 109.63.68.14
0 0 DROP all -- * !lo 0.0.0.0/0 117.253.221.139
0 0 DROP all -- * !lo 0.0.0.0/0 177.154.77.148
0 0 DROP all -- * !lo 0.0.0.0/0 182.74.219.170
0 0 DROP all -- * !lo 0.0.0.0/0 71.13.204.170
0 0 DROP all -- * !lo 0.0.0.0/0 218.87.111.117
0 0 DROP all -- * !lo 0.0.0.0/0 124.234.13.254
0 0 DROP all -- * !lo 0.0.0.0/0 61.160.215.102
0 0 DROP all -- * !lo 0.0.0.0/0 203.94.243.84
0 0 DROP all -- * !lo 0.0.0.0/0 188.190.115.58
0 0 DROP all -- * !lo 0.0.0.0/0 182.100.67.102
0 0 DROP all -- * !lo 0.0.0.0/0 183.195.114.70
0 0 DROP all -- * !lo 0.0.0.0/0 43.255.191.169
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.96
0 0 DROP all -- * !lo 0.0.0.0/0 1.214.119.230
0 0 DROP all -- * !lo 0.0.0.0/0 58.218.204.248
0 0 DROP all -- * !lo 0.0.0.0/0 61.160.213.190
0 0 DROP all -- * !lo 0.0.0.0/0 58.218.204.245
0 0 DROP all -- * !lo 0.0.0.0/0 58.218.201.17
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.88
0 0 DROP all -- * !lo 0.0.0.0/0 58.218.204.241
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.97
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.89
0 0 DROP all -- * !lo 0.0.0.0/0 58.218.201.19
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.86
0 0 DROP all -- * !lo 0.0.0.0/0 195.154.56.56
0 0 DROP all -- * !lo 0.0.0.0/0 221.229.166.29
0 0 DROP all -- * !lo 0.0.0.0/0 221.229.166.30
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.85
0 0 DROP all -- * !lo 0.0.0.0/0 218.87.111.116
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.91
0 0 DROP all -- * !lo 0.0.0.0/0 221.229.166.27
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.92
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.98
0 0 DROP all -- * !lo 0.0.0.0/0 91.236.75.124
0 0 DROP all -- * !lo 0.0.0.0/0 58.218.213.254
0 0 DROP all -- * !lo 0.0.0.0/0 61.115.79.20
0 0 DROP all -- * !lo 0.0.0.0/0 58.218.199.49
0 0 DROP all -- * !lo 0.0.0.0/0 58.218.204.226
0 0 DROP all -- * !lo 0.0.0.0/0 221.229.166.28
0 0 DROP all -- * !lo 0.0.0.0/0 218.6.168.220
0 0 DROP all -- * !lo 0.0.0.0/0 182.100.67.112
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.87
0 0 DROP all -- * !lo 0.0.0.0/0 222.161.4.147
0 0 DROP all -- * !lo 0.0.0.0/0 74.92.245.100
0 0 DROP all -- * !lo 0.0.0.0/0 123.103.243.254
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.94
0 0 DROP all -- * !lo 0.0.0.0/0 58.218.199.195
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.90
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.58.131
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.21.209
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.99
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.21.198
0 0 DROP all -- * !lo 0.0.0.0/0 58.218.211.190
0 0 DROP all -- * !lo 0.0.0.0/0 182.100.67.115
0 0 DROP all -- * !lo 0.0.0.0/0 218.200.188.213
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.134.95
0 0 DROP all -- * !lo 0.0.0.0/0 221.229.166.98
0 0 DROP all -- * !lo 0.0.0.0/0 218.87.109.62
0 0 DROP all -- * !lo 0.0.0.0/0 222.186.51.228
0 0 DROP all -- * !lo 0.0.0.0/0 222.187.223.214
0 0 DROP all -- * !lo 0.0.0.0/0 42.117.176.195
0 0 DROP all -- * !lo 0.0.0.0/0 218.65.30.73
0 0 DROP all -- * !lo 0.0.0.0/0 61.160.215.103
0 0 DROP all -- * !lo 0.0.0.0/0 202.69.56.190
0 0 DROP all -- * !lo 0.0.0.0/0 103.243.138.30
0 0 DROP all -- * !lo 0.0.0.0/0 115.238.55.163
0 0 DROP all -- * !lo 0.0.0.0/0 125.39.116.219
0 0 DROP all -- * !lo 0.0.0.0/0 61.160.212.27
0 0 DROP all -- * !lo 0.0.0.0/0 216.70.68.137
Chain INVALID (2 references)
pkts bytes target prot opt in out source destination
570 31758 INVDROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
11 572 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
Chain INVDROP (10 references)
pkts bytes target prot opt in out source destination
581 32330 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOCALINPUT (1 references)
pkts bytes target prot opt in out source destination
151K 711M ALLOWIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
22080 4205K DENYIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
Chain LOCALOUTPUT (1 references)
pkts bytes target prot opt in out source destination
202K 32M ALLOWOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
24379 8795K DENYOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPIN (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:68
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
1 40 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
2 120 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:113
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139
17 816 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:500
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:513
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:513
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
16 660 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix Firewall: *TCP_IN Blocked* '
12 558 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix
Firewall: UDPIN Blocked '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: ICMPIN Blocked '
28 1218 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPOUT (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix Firewall: *TCP_OUT Blocked* '
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix
Firewall: UDPOUT Blocked '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: ICMPOUT Blocked '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
````
My current ip address is listed as the first row in the sections "Chain ALLOWIN" and "Chain ALLOWOUT".
One more issue. I'm not getting the VPN servers gateway and DNS, therefore my public IP won't be the servers. The whole point with this setup is that my ISP provides my (and other customers) ip addresses which are black listed in many countries of the world. So I need to make it "look" like I'm in the same country as the linux box.
How to achieve this? I've been searching a lot and found the push "redirect-gateway" etc. but nothing seems to work.
Thank you!
server 192.168.255.0 255.255.255.0
verb 3
key-direction 0
keepalive 10 60
persist-key
persist-tun
comp-lzo
proto udp
port 1194
dev tun0
status /tmp/openvpn-status.log
client-config-dir /etc/openvpn/ccd
user nobody
group nogroup
push dhcp-option DNS 8.8.4.4
push dhcp-option DNS 8.8.8.8
route 192.168.254.0 255.255.255.0
Still no luck in this matter.
Is it really going to be like this:
server 192.168.255.0 255.255.255.0
...
route 192.168.254.0 255.255.255.0
I.e. 255.0 as server and 254.0 in "route" ?
When I'm connected the network settings looks like this:
What is strange is that gateway and DNS is 192.168.254.5. Whe I try to ping that, a timeout occurrs. In the meantime, I can ping 192.168.254.2 which I believe is the server, and 192.168.254.6 which is the client itself.
Note that in the image above, I also enabled push "redirect-gateway" in the config (which is different from your config) but when I comment it out, the only difference is that "Default gateway" is blank when connected to the server.
Is there anything else I have to do/install at server level? I have installated dnsmasq and it's configurated to listen the ip. Is there any firewall rules etc. to add and if there are, how do I add those? In your config you're using dev tun0 but in mine it's only dev tun.
Try turning off your firewall on the server and see if that helps, you'll also want to ensure IP forwarding is enabled by running
cat /proc/sys/net/ipv4/ip_forward
if that outputs 0 then run
echo 1 > /proc/sys/net/ipv4/ip_forward; echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
Problem is still there though.. "Gateway" is empty in my Windows Ethernet Interface, and DHCP 192.168.255.5
One more strange thing, I've put 255.255.255.0 as subnet mask, the Ethernet info says IPv4 Subnet Mask: 255.255.255.252
More ideas? Something to add to iptables?
My plan with this is do be enable to connect to SMTP, FTP services etc. on the server, using the local IPs.
dh
ca
cert
key
I'm connected, but still with gateway 192.168.255.5 and DCHP 192.168.255.5 instead of 192.168.255.1
Can't figure out what's going on, or how I can fix this. Have googled for hours reading threads from people with different issues but doesn't matter what I try, the problem persits.
@obs:
You should get your servers IP if you connect to an external site.
Don't you need to set up IP Masquerading for that to work?
I still don't understand why I cannot ping the DNS or Gateway (192.168.255.5) I'm getting, what is the reason for that?
@sweh:
@obs:You should get your servers IP if you connect to an external site.
Don't you need to set up IP Masquerading for that to work?
Possibly, I don't on my server but it could be the OPs firewall killing it or something else specific to their server or even their ISP. I run openvpn from docker so all I have is ip forwarding enabled in the kernel, and iptables forwarding ovpn requests to the docker instance, it just works out of the box for me.
@Webkungen:
Good morning
Note that in the image above, I also enabled push "redirect-gateway" in the config (which is different from your config) but when I comment it out, the only difference is that "Default gateway" is blank when connected to the server.
I read in one of the online guides, you need to put the redirect-gateway in the client config file, as putting it in the server config file didn't work properly.
This may or may not help:
“redirect-gateway def1″ changes client routing table so that all traffic is directed via server. Without it only traffic sent to servers ip 10.66.77.1 will be sent there. Most materials in web recommend to add to server config push “redirect-gateway def1″ but this is not working in some cases so better add this config directly to client
#:/etc/openvpn# ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.255.1 P-t-P:192.168.255.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1542 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:113781 (111.1 KiB) TX bytes:724 (724.0 B)
My server is configured with local IP as well, is there a way to use those ip addresses for the VPN as well, i.e. so I will be able to reach the other debian boxes in the local network?
eth0:0 Link encap:Ethernet HWaddr f2:3c:91:df:58:af
inet addr:192.168.192.172 Bcast:192.168.255.255 Mask:255.255.128.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Fri May 01 08:45:44 2015 PUSH: Received control message: 'PUSHREPLY,redirect-gateway def1,dhcp-option DNS 8.8.4.4,dhcp-option DNS 8.8.8.8,route 192.168.255.1,topology net30,ping 10,ping-restart 60,ifconfig 192.168.255.6 192.168.255.5'
Fri May 01 08:45:44 2015 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 01 08:45:44 2015 OPTIONS IMPORT: --ifconfig/up options modified
Fri May 01 08:45:44 2015 OPTIONS IMPORT: route options modified
Fri May 01 08:45:44 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri May 01 08:45:44 2015 doifconfig, tt->ipv6=0, tt->didifconfigipv6setup=0
Fri May 01 08:45:44 2015 MANAGEMENT: >STATE:1430441144,ASSIGNIP,,192.168.255.6,
Fri May 01 08:45:44 2015 opentun, tt->ipv6=0
Fri May 01 08:45:44 2015 TAP-WIN32 device [Ethernet 2] opened: \.\Global{BB81A1BE-F61B-4431-A315-F44EA2AA0E91}.tap
Fri May 01 08:45:44 2015 TAP-Windows Driver Version 9.21
Fri May 01 08:45:44 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.255.6/255.255.255.252 on interface {BB81A1BE-F61B-4431-A315-F44EA2AA0E91} [DHCP-serv: 192.168.255.5, lease-time: 31536000]
Fri May 01 08:45:44 2015 Successful ARP Flush on interface [48] {BB81A1BE-F61B-4431-A315-F44EA2AA0E91}
Fri May 01 08:45:49 2015 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Fri May 01 08:45:49 2015 C:\WINDOWS\system32\route.exe ADD 178.79.135.11 MASK 255.255.255.255 192.168.0.1
Fri May 01 08:45:49 2015 Warning: route gateway is ambiguous: 192.168.0.1 (2 matches)
Fri May 01 08:45:49 2015 Route addition via IPAPI failed [adaptive]
Fri May 01 08:45:49 2015 Route addition fallback to route.exe
Fri May 01 08:45:49 2015 envblock: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri May 01 08:45:49 2015 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.255.5
Fri May 01 08:45:49 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri May 01 08:45:49 2015 Route addition via IPAPI succeeded [adaptive]
Fri May 01 08:45:49 2015 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.255.5
Fri May 01 08:45:49 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri May 01 08:45:49 2015 Route addition via IPAPI succeeded [adaptive]
Fri May 01 08:45:49 2015 MANAGEMENT: >STATE:1430441149,ADD_ROUTES,,,
Fri May 01 08:45:49 2015 C:\WINDOWS\system32\route.exe ADD 192.168.255.1 MASK 255.255.255.255 192.168.255.5
Fri May 01 08:45:49 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri May 01 08:45:49 2015 Route addition via IPAPI succeeded [adaptive]
Fri May 01 08:45:49 2015 Initialization Sequence Completed
Fri May 01 08:45:49 2015 MANAGEMENT: >STATE:1430441149,CONNECTED,SUCCESS,192.168.255.6,178.79.135.11
This looks like an error, but what does it mean?````
Fri May 01 08:45:49 2015 C:\WINDOWS\system32\route.exe ADD 178.79.135.11 MASK 255.255.255.255 192.168.0.1
Fri May 01 08:45:49 2015 Warning: route gateway is ambiguous: 192.168.0.1 (2 matches)
Fri May 01 08:45:49 2015 Route addition via IPAPI failed [adaptive]
Fri May 01 08:45:49 2015 Route addition fallback to route.exe
Can the problem had to do with my local ips?
From my modem I'm getting 192.168.0.x in my local network, and on the vpn server there is also a local ip setup, using 192.168.192.x
I upgraded to Debian 8 this week, to get openvpn with IP6, but with my original configs, I can't get to the outside world anymore, and yes, I have set IP forwarding in the kernel.
So are you by chance running Debian 8. If so I don't have an answer. Also you need to have redirect-gateway without the def1 to get the default gateway to be set for the vpn. Well at least I did, and it was also mentioned at one other tutorial site. Problem is so much has changed, and most of the tutorials appear out of date, compared to how you had to do things, and how you now have to do things.
In the log above, you have:
Warning: route gateway is ambiguous: 192.168.0.1 (2 matches)
this could be bad, maybe.
When I connect to the VPN, I'm unable to browse any website at all. However, I can ping and telnet services on the local network (VPN server).
Trying to trace Google.com:
# tracert google.com
Tracing route to google.com [216.58.221.46]
over a maximum of 30 hops:
1 464 ms 448 ms 399 ms 192.168.255.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
...
30 * * * Request timed out.
As you see I never come outside the network on the server. Same result with firewall (csf) disabled. My guess is that there MUST BE some kind of server config betwen the network interfaces (bridging or similar?) I'm missing?
Also you can have def1 in the client side, and existing connections (ssh) will be maintained when the VPN comes up.
On the Server:````
Set your server IP address here
local xx.xx.xx.xx
port 1194
proto udp
dev tun
Default topology is net30 - change to use normal subnet
topology subnet
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 172.16.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 1800 4000
tls-auth ta.key 0 # This file is secret
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 4
On the client:````
client
dev tun
dev-node "Windows TAP Adapter"
proto udp
# Put your server IP address or Domain name here
remote example.com 1194
redirect-gateway def1
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\PC.crt"
key "C:\\Program Files\\OpenVPN\\config\\PC.key"
remote-cert-tls server
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1
comp-lzo
verb 3
Turn on IP forwarding on the server:````
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -o eth0 -j MASQUERADE
````
Now, back to that pesky IP6 part.
18: tun0:
and the client ipconfig /all (trimmed)
Ethernet adapter Windows TAP Adapter:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-C6-B6-B4-D3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.16.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, 1 May 2015 7:26:56 PM
Lease Expires . . . . . . . . . . : Saturday, 30 April 2016 7:26:56 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 172.16.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Note there is no default gateway, but whatismyip returns my servers ip address, not my ISP's.
Removing the def1 from the client config sets this.
Ethernet adapter Windows TAP Adapter:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-C6-B6-B4-D3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.16.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, 1 May 2015 8:23:03 PM
Lease Expires . . . . . . . . . . : Saturday, 30 April 2016 8:23:02 PM
Default Gateway . . . . . . . . . : 172.16.1.1
DHCP Server . . . . . . . . . . . : 172.16.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled
````
Tried to disable both csf and my anti-virus/firewall software (ESET).
If it's on a private 192, 172, 10 it will be dropped by your servers upstream routers.
Also if you are trying to connect other servers / computes on the private IP address subnet of the VPN, you need to look into the client-to-client server config option and associated magic with ccd files that is required to make this work. I can't help you with that as I don't use it or need it.
My goal is masquerade my IP and make it look Im in London, this is becuase my ISP gives me dirty ip addresses all the time which are blacklisted, so I cannot connect to certain hosting providers, or do my job in a good way.
It's possible that iptables is sending your VPN traffic (assuming my config) from 172.16.1.1 out your private IP address on eth0, instead of you public IP address on eth0, and upstream is dropping it. I have no idea how you would even test for that.
I'm assuming you have actually done the following, and the kernel you are using will actually forward traffic.
My Debian kernel does, does the Linode one? Don't know.
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -o eth0 -j MASQUERADE
If this doesn't work, I don't know what to suggest next.
I have issued the commands above for up_forward. Running Debian 6.
Would it be possible to use my local LAN config IP's for the VPN as well? I.e. my eth0 is configured for both WAN and LAN, and can I use the same ip range (192.168.172.0) for the VPN?
Have downloaded a software (SoftEther VPN Client) for Windows and I'm able to connect to the public VPN servers in that program, and get their resp. public ips, so this MUST be a matter of debian/serverconfig and has nothing to do with my modem/pocket wifi I thought before.
Only difference is that software is using TCP instead of UDP. Have tried to change OpenVPN config to TCP but now I cannot connect at all (yes I have opened TCP 1194 in CSF).
Any advise?
ifconfig eth0:0
eth0:0 Link encap:Ethernet HWaddr f2:3c:91:df:58:af
inet addr:192.168.192.172 Bcast:192.168.255.255 Mask:255.255.128.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
````
How should the server config for OpenVPN look like? Thanks!
I think this is more a Linux networking / IP forwarding thing than an OpenVPN thing. But this is just a guess, it's above my pay grade.
I would temporarily take down your private IP's, so eth0 only has the primary public IP and test if that works.
If it does, you can then try and find out why it doesn't with private IP's.
Thanks,