My first time trying to set up OpenVPN. I followed the HOWTO guide from OpenVPN's site and was successfully connected but when I tried to route my web traffic, it seems that nothing gets through to my server.
My server is an Amazon EC2 box and my client is MacOS Lion. I'm using Tunnelblick on the Mac. I have run/tried the following:
- ran
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
on my server - disabled firewall on the mac
- enabled UDP 1194 on EC2 firewall
- tried both dev tun and dev tap
- tried using Amazon's name server with "push "dhcp-option DNS 172.16.0.23" as well as Google's 8.8.8.8[/list]
Here is my server config file: http://pastebin.com/izCBxk99
server ifconfig while running OpenVPN: http://pastebin.com/xM9w8kAA
server log, with one client connecting and trying to open a webpage after successful connection: http://pastebin.com/B1WAJ2XH
Client config file: http://pastebin.com/GzPeXE7E
client ifconfig while running OpenVPN: http://pastebin.com/ZQvvP9Z0
client log: http://pastebin.com/xmhEx77g
The only error I notice is in the client log, where it says:
2012-05-06 20:43:44 us=732786 /sbin/ifconfig tap0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2012-05-06 20:43:44 us=738214 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Could that be the problem? I found some webpage that said Tunnelblick used to have problems with Lion, but the version I'm using is higher than the one mentioned as the fix.
In addition, I noticed that after running iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
(with su
), my server still shows just the following if I do netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.248.138.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
0.0.0.0 10.248.138.1 0.0.0.0 UG 0 0 0 eth0
The server doesn't seem to have gotten the new routes. Is this the problem?
Please help. Thanks!
Best Answer
Have you enabled
ip_forward
on server?enable it to allow masquerading:
and to make change permanent, edit
/etc/sysctl.conf
: