New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
OpenVPN on NanoVZ with shared IPv4 problem
Anna_Parker
Member
Got VPS with shared IPv4 from NanoVZ/evobilling.com. I'm on Debian 7 Wheezy, installed OpenVPN by script as usual:
wget https://raw.github.com/cwaffles/ezopenvpn/master/ezopenvpn.sh --no-check-certificate -O ezopenvpn.sh; chmod +x ezopenvpn.sh; ./ezopenvpn.sh
Changed the IP to shared one, port to assigned to my container. I'm able to connect to OpenVPN, however there's "no Internet" on client side. This command won't do the job:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to MY_IP
I've read on that forum that someone had the same problem, switching to Ubuntu solved it. But for me it's not a solution, any guess good guys/bad boys?
Comments
Try using this script which is made for lowendspirit boxes.
http://forum.lowendspirit.com/viewtopic.php?id=235
Anna, just to confirm:
@joodle
Reinstalling to fresh system and will try the original Nyr's script. Will update soon. EDIT: As I supposed (because cwaffles's script is based on Nyr's) it didn't help.
@netomx
1. Yes, just wrote to MY_IP to mask the NanoVZ's IP. This command is automatically run by script, but I just tried it once it looks it's Internet redirect traffic problem.
2. Yes, my OpenVPN works on 10.8.0.x local network, as you can see in the source code.
Thank you guys for answers.
EDIT: Problem isn't resolved, any clues?
@Anna_Parker
If you wish I can setup OpenVPN AS
Have you enable IP forwarding in /etc/sysctl.conf and then sysctl -w ?
MY_IP should probably be your internal IP, not the public one.
Maybe try another script, I am using this one https://github.com/viljoviitanen/setup-simple-openvpn
You should also check the policy on the POSTROUTING, e.g.
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
What jemaltz said - easy to make that mistake
My iptables looks a bit different:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 192.168.x.x
@TinyTunnel_Tom @netomx @jemaltz @bf1 @tomle @foetti
Thank you guys, @jemaltz solved it. I've just edited this file:
Changed the:
To:
Rebooted the server and it works! I love you all - thanks once again.
It would be really helpful if you guys reported problems with the script to me, so they can be troubleshooted.
Also, cwaffles's fork is outdated and should not be used. My script includes all the changes incorporated by him available as options anyway.
That said, I just purchased a NanoVZ trying to reproduce this and was not able to. I did try on a clean Debian 7 template, as Anna_Parker suggested.
@Nyr Nice I see you here, I wanna thank you for your awesome script, used by me on any VPS I have. Uhm, when I run the script as IP I've entered the external one, not internal, so this the key, I guess.
Yes, first time the script asks for the IP you should enter the internal one. If the script detects that you are behind NAT, it will ask for the external IP in the end.
Works every time