route the internet traffic through openvpn

I need to route all the internet traffic through openvpn server

============= Server Config  ==================
pott 1194 #- port
proto udp #- protocol
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
client-to-client
duplicate-cn
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
server 10.8.0.0 255.255.255.0
status openvpn-status.log
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
verb 3

Open in new window


=============== Client Config ===============

client
dev tun 
proto udp
remote 192.168.1.40 1194
resolv-retry infinite
nobind 
persist-key
persist-tun 
ca ca.crt
cert client.crt 
key client.key
cipher AES-256-CBC
auth-user-pass
comp-lzo
verb 3

Open in new window

LizaMolyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
And the config does say that.
LizaMolyAuthor Commented:
I tried that configurations but it doesn't work.  Is there any configuration for iptables or any other things related to vps hosting ?
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
You need to tell us a lot more about the details. We now know you are using IPTables on a VPS as server.

What exactly does not work? Is Internet traffic not redirected?
Or is it, and packets don't pass? If so, did you try a traceroute on client to an internet address?

Also check the client routing table; there should be new routes related to OpenVPN.
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

LizaMolyAuthor Commented:
The problem is that the internet traffic not redirected. The vpn connection establishes but i cant open any website. i made tracert 8.8.8.8 but it always says request time out.
Also the tun adapter does not take a gateway form the openvpn server range.
I'm  using windows client.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
The Windows client needs to get two routes, and no default gateway, from OpenVPN: 0.0.0.0 mask 128.0.0.0 and 128.0.0.0 mask 128.0.0.0. Check for this routes on client.
I assume that routes are there, but IPTables won't allow OpenVPN traffic to pass. You are using a different subnet for OpenVPN?
LizaMolyAuthor Commented:
The check for routes results is :
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101     25
          0.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     30
         10.8.0.0    255.255.255.0         10.8.0.5         10.8.0.6     30
         10.8.0.4  255.255.255.252         On-link          10.8.0.6    286
         10.8.0.6  255.255.255.255         On-link          10.8.0.6    286
         10.8.0.7  255.255.255.255         On-link          10.8.0.6    286
    52.17.188.215  255.255.255.255      192.168.1.1    192.168.1.101     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     30
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    281
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    281
     192.168.75.0    255.255.255.0         On-link      192.168.75.1    276
     192.168.75.1  255.255.255.255         On-link      192.168.75.1    276
   192.168.75.255  255.255.255.255         On-link      192.168.75.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    281
        224.0.0.0        240.0.0.0         On-link      192.168.75.1    276
        224.0.0.0        240.0.0.0         On-link          10.8.0.6    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    281
  255.255.255.255  255.255.255.255         On-link      192.168.75.1    276
  255.255.255.255  255.255.255.255         On-link          10.8.0.6    286

Open in new window



It seems that route work fine on client , but the server couldn't rout the traffic.
My local network is 192.168.1.0/24
My vpn network is  10.8.0.0/24
Craig BeckCommented:
Are you using routing or NAT mode at the server?
LizaMolyAuthor Commented:
It's NAT mode
LizaMolyAuthor Commented:
Worked fine
IP forwarding :  in (/proc/sys/net/ipv4/ip_forword : 1)
run these commands :

modprobe iptable_nat
iptables -F
iptables -t nat -A POSTROUTING -o tun3 -j MASQUERADE
iptables -A FORWORD -i eth0 -J ACCEPT

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LizaMolyAuthor Commented:
Good solution
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.