Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Could not get Openvpn working on KVM :(
New on LowEndTalk? Please Register and read our Community Rules.

Could not get Openvpn working on KVM :(

stormeyestormeye Member
edited April 2015 in Help

The issue is openvpn client is able to connect to the openvpn server(set up on this KVM vps), but Not able to connect to internet(can not ping either). I used the set setup on openvz with tun/tap enabled and it was working.( and of course i changed details to match kvm's interface and ip). I don't see any option to enable tun/tap on control panel. And i already use the POSTROUTING.
Any help please? Is there anything special to setup openvpn on KVM vps?

Problem solved. Thanks for all the replies. :) Anyway to close the thread?

Comments

  • patrick7patrick7 Member, LIR

    Did you enable IPv4 forwrding?

    echo 1 > /proc/sys/net/ipv4/conf/all/forwarding

    RIPE NCC member | IPv4 & IPv6 & ASN: https://www.ipv4.ch/ | 5x /24 available |

  • @patrick7 said:
    Did you enable IPv4 forwrding?

    echo 1 > /proc/sys/net/ipv4/conf/all/forwarding

    Yes I did. Do I need to enable tun/tap from kernal ?

  • ATHKATHK Member
    edited April 2015

    @stormeye said:
    Yes I did. Do I need to enable tun/tap from kernal ?

    Yes you do. Or from solus if that's available to you.

  • @ATHK said:
    Yes you do. Or from solus if that's available to you.

    Oh thanks. I don't see anything on the panel that are related to it, guess I probably need to do it from kernal.

  • netomxnetomx Member, Moderator

    If you have KVM, yo dn't need to enable it on the panel. Can you ping the host?

  • LegionboxLegionbox Member
    edited April 2015

    try

    cat /dev/net/tun

    "cat: /dev/net/tun: File descriptor in bad state"

    *"File descriptor in bad state" means tun/tap is active, otherwise please ask your provider to activate it

    Edit /etc/sysctl.conf

    find

    net.ipv4.ip_forward = 0

    and replace with

    net.ipv4.ip_forward = 1

    Route iptables
    /sbin/iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j SNAT --to-source IPVPSSERVER
    mkdir /etc/iptables

    /sbin/iptables-save > /etc/iptables/rules

    echo "/sbin/iptables-restore < /etc/iptables/rules" >> /etc/rc.d/rc.local

    reboot

    all ready!

    *10.10.10.0 - block ip like in server.conf
    (server 10.10.10.0 255.255.255.0)

    LegionBox – XEN VPS Hosting. Location: Russia, Usa, Switzerland or Germany. From $7.

  • patrick7patrick7 Member, LIR

    I wouldn't do NAT this way. I'd use masquerade:

    iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE

    RIPE NCC member | IPv4 & IPv6 & ASN: https://www.ipv4.ch/ | 5x /24 available |

  • @Legionbox said:
    try

    cat /dev/net/tun

    "cat: /dev/net/tun: File descriptor in bad state"

    *"File descriptor in bad state" means tun/tap is active, otherwise please ask your provider to activate it

    Edit /etc/sysctl.conf

    find

    net.ipv4.ip_forward = 0

    and replace with

    net.ipv4.ip_forward = 1

    Route iptables
    /sbin/iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j SNAT --to-source IPVPSSERVER
    mkdir /etc/iptables

    /sbin/iptables-save > /etc/iptables/rules

    echo "/sbin/iptables-restore < /etc/iptables/rules" >> /etc/rc.d/rc.local

    reboot

    all ready!

    *10.10.10.0 - block ip like in server.conf
    (server 10.10.10.0 255.255.255.0)

    Thank you, problem solved. I miss configured the subnet. Or maybe forgot to reboot…… or too many iptables rules causing conflicts. :) Anyway, it is working now :)

  • @patrick7 said:
    I wouldn't do NAT this way. I'd use masquerade:

    iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE

    Thank you, i miss configured the subnet. :) I changed yours to 10.8.0.0/24 and it's working now. :)

Sign In or Register to comment.