[troubleshooting] VPN can’t browsing

by Lewi Verdatama on Jul.12, 2010, under Tutorial

Well, honestly.. i’ve re-installed my VPS almost for 12 times. All because my vpn server can’t browsing even it’s connected to internet (on status). This is my problematic configuration:

dev tun
port 1194
proto udp
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
persist-key
persist-tun
server 10.8.0.0 255.255.255.0
keepalive 10 30
client-to-client
comp-lzo
ifconfig-pool-persist ipp.txt
status /etc/openvpn/openvpn-status.log
verb 3
push "redirect-gateway"

and the openvpn client config is below:

dev tun
client
proto udp
persist-tun
persist-key
resolv-retry infinite
mute-replay-warnings
remote REMOTE.HOST 1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client1.crt
key /etc/openvpn/client1.key
comp-lzo
verb 3

The problem:
Using the above config files I continuously got errors like this on the server syslog:

May 1 00:00:00 hostname ovpn-openvpn[22563]: client1/X.Y.Z.W:1194 MULTI: bad source address from client [10.10.1.11], packet dropped

where X.Y.Z.W is my public IP and 10.10.1.11 is the Lan IP of the machine that makes the connection to the openvpn server.

The solution:
finally, here’s the solution for all that problematic configuration:

open your .conf file and edit it! Please add two lines on the bottom below:

dev tun
port 1194
proto udp
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
persist-key
persist-tun
server 10.8.0.0 255.255.255.0
keepalive 10 30
client-to-client
comp-lzo
ifconfig-pool-persist ipp.txt
status /etc/openvpn/openvpn-status.log
verb 3
push "redirect-gateway"
client-config-dir ccd
route 10.10.1.0 255.255.255.0

once again, remember to add the two lines:

client-config-dir ccd
route 10.10.1.0 255.255.255.0

Then I created the /etc/openvpn/ccd/ dir and put inside a file named client1 with the following contents:

# cat /etc/openvpn/ccd/client1
iroute 10.10.1.0 255.255.255.0

Client configuration stays the same.

All should be fine now and in your server logs you will now see entries like this:

May 1 00:00:00 hostname ovpn-openvpn[27096]: client1/X.Y.Z.W:1194 MULTI: Learn: 10.10.1.11 -> client1/X.Y.Z.W:1194

Remember to load you NAT again!
credit to VOID

I am an observer of developments in information technology. I love the challenge and delighted with many new things. I am open to criticism and all suggestions are gladly accepted. (YM: eugene_d1mitry)

:Fix VPN, NAT linux CentOS, VPN can't browsing

RSS feed for this post (comments) TrackBack URI

Hi! Welcome to Full HeartDisk!
Thanks for dropping by! Feel free to join the discussion by leaving comments, and stay updated by subscribing to the RSS feed. See ya around!
Recent Posts
Browse by tags
april fool Automatic Copyright Year Base System Device Create offline YM doa domain highlight plugins Domain Transfer Firefox vs IE8 Godaddy to Name.com HBO Miniseries HeartDisk JMicron driver konami code Migrasi ke 64-bit paskibraka PHP ban IP range phpinfo() phpinfo.info rapidleech revive after dying Securing WordPress situs resmi PPI The Pacific (2010) Welcoming Note Win7 Win7 64-bit Windows7 Themes WordPress AntiVirus WordPress Firewall Yahoo! Messenger offline

Categories
- Tutorial
- Umum
- Uneg2

Meta
- Log in
- Valid XHTML

[troubleshooting] VPN can’t browsing

Leave a Reply

Hi! Welcome to Full HeartDisk!

Recent Posts

Browse by tags

Categories

Meta

Looking for something?

Blogroll

Archives