openvpn:routing_from_server_to_client
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| openvpn:routing_from_server_to_client [2021/01/04 22:11] – created peter | openvpn:routing_from_server_to_client [2021/01/04 22:26] (current) – peter | ||
|---|---|---|---|
| Line 5: | Line 5: | ||
| ---- | ---- | ||
| - | ===== Masquerading | + | ===== Allow Port Forwarding |
| The machine that is going to function as the egress point to the Internet has to be configured to allow IPv4 forwarding. | The machine that is going to function as the egress point to the Internet has to be configured to allow IPv4 forwarding. | ||
| Line 17: | Line 17: | ||
| ---- | ---- | ||
| - | Also allow masquerading (so that packets intended to be forwarded from the internal network to the Internet can be re-tagged with the egress point external IP address). | + | ===== Allow Masquerading ===== |
| - | Then, you’ll need the following | + | This allows packets intended to be forwarded from the internal network to the Internet to be re-tagged with the egress point external IP address. |
| + | |||
| + | The following | ||
| <code bash> | <code bash> | ||
| Line 66: | Line 68: | ||
| If OpenVPN receives traffic on the tun adapter for those IPs, it doesn’t know which connected client should receive the packets and so it drops them. | If OpenVPN receives traffic on the tun adapter for those IPs, it doesn’t know which connected client should receive the packets and so it drops them. | ||
| - | You will also need **iroutes** for those networks in the client configuration directives for your client; | + | You will also need **iroutes** for those networks in the client configuration directives for your client. |
| <file bash / | <file bash / | ||
| Line 81: | Line 83: | ||
| ===== Testing ===== | ===== Testing ===== | ||
| - | Ping one of the routes you’ve added. | + | Check that you can ping one of the routes you’ve added. |
| <code bash> | <code bash> | ||
| Line 88: | Line 90: | ||
| <WRAP info> | <WRAP info> | ||
| - | **NOTE: | + | **NOTE: |
| - | If not, the first thing to check is that the traffic | + | * This tells you that packets are hitting your server (which could be the router), being redirected into OpenVPN. |
| + | * OpenVPN | ||
| + | * If you don’t see the packets landing on the tun interface: | ||
| + | * Check your firewall log on the client and make sure your firewall rules are fine. | ||
| + | * Check the logs on your server (router). | ||
| - | Examine | + | If the ping fails: |
| - | Assuming it is, on your client end, run the following; | + | * Check that the traffic is actually getting routed. |
| - | + | * Examine the routing table on the server (which could be the router) and see if the route is listed. | |
| - | <code bash> | + | * Assuming it is, on your client end, run the following: <code bash> |
| tcpdump -i tun0 | tcpdump -i tun0 | ||
| </ | </ | ||
| + | * If packets are being dropped, examine **/ | ||
| </ | </ | ||
| - | <WRAP info> | ||
| - | **NOTE: | ||
| - | |||
| - | If you do, this tells you that packets are hitting your router, being redirected into OpenVPN. | ||
| - | |||
| - | OpenVPN is passing them down the tunnel and they’re breaking out at the tun interface on your client. | ||
| - | |||
| - | Check your firewall log on the client and make sure your firewall rules are fine. | ||
| - | |||
| - | If you don’t see the packets landing on the tun interface, check the logs on your router. | ||
| - | |||
| - | If there are complaints about packets being dropped, examine / | ||
| - | </ | ||
openvpn/routing_from_server_to_client.1609798294.txt.gz · Last modified: 2021/01/04 22:11 by peter