lam4o1
asked on
OpenVPN automatic iroute?
Hello Experts,
I have a really interesting question.
When a client is connecting to OpenVPN and he is not having a public IP but has a LAN IP, OpenVPN prints an error " MULTI: bad source address from client" and drops the packets. Therefore, the client is not able to surf internet. However, this can be fixed by using ccd directory and adding the iroute option to his network and then adding route option to server.conf.
Do you know a way how to automatically add an iroute when client is connecting without making this whole procedure so he is able to successfully use the OpenVPN?
Thank you very much. Your help is highly appreciated.
I have a really interesting question.
When a client is connecting to OpenVPN and he is not having a public IP but has a LAN IP, OpenVPN prints an error " MULTI: bad source address from client" and drops the packets. Therefore, the client is not able to surf internet. However, this can be fixed by using ccd directory and adding the iroute option to his network and then adding route option to server.conf.
Do you know a way how to automatically add an iroute when client is connecting without making this whole procedure so he is able to successfully use the OpenVPN?
Thank you very much. Your help is highly appreciated.
You might want to have a look at the redirect-gateway option ..this will allow the clients to browse the net through the openvpn server network
ASKER
Hi, this setting is enabled and users with public IP are able to surf without problems.
This setting should set the OpenVPN server to be the gateway..you have to enable forwarding and masquerading on the openvpn server
iptables -t nat -A POSTROUTING -j SNAT --to-source ip.of.vpn.server
echo 1 > /proc/sys/net/ipv4/ip_forw ard
iptables -t nat -A POSTROUTING -j SNAT --to-source ip.of.vpn.server
echo 1 > /proc/sys/net/ipv4/ip_forw
ASKER
No, it doesn't help. You have to iroute the client's private IP and then to route in the main config so the kernel knows about it. I am asking if this could be done automatically like a starting script using --client-connect
ASKER
I found the reason of why client can't connect to Internet.
It should be some DNS problem. Client can connect to any website by IP address but it can't resolve it using the hostname. Can you help solving this. I already tried pushing the dns and wins to the client but it didn't help. Is it a server setting?
It should be some DNS problem. Client can connect to any website by IP address but it can't resolve it using the hostname. Can you help solving this. I already tried pushing the dns and wins to the client but it didn't help. Is it a server setting?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.