Hello, I have openvpn up and running successfully on FC9. I’m using routing mode with the following configuration
My internal LAN range 10.10.10.0/24
My Openvpn client range 10.8.0.0/24
I can connect and ping the openvpn server from the openvpn client but can’t talk to the other machines on the internal LAN subnet. However, the machines on the internal LAN subnet can ping the openvpn clients. I have entered the following in iptables.
iptables -t nat -I POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE
iptables -I INPUT -i tun+ -j ACCEPT
iptables -I INPUT -i tap+ -j ACCEPT
iptables -I FORWARD -i tap+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I INPUT -i eth0 -j ACCEPT
iptables -I FORWARD -i eth0 -j ACCEPT
I have also added a route on my d-link router that routes any traffic destined to 10.8.0.0/24 back to the OPENVPN server(10.10.10.xxx). This all works as it should when the firewall is disabled so apparently I’m missing some rule in iptables…Any help would be greatly appreciated..thanks..
|
|
The fact that round trip communication occurs indicates the routing is OK. It’s probably an access control issue. You should put a LOG and a DROP rule at the end of the INPUT, and FORWARD chains and see what the output of /var/log/messages says.
Maybe you also need a FORWARD with -o (output) on the eth0, tap+ and tun+ interfaces.
Maybe ICMP (ping) echo is being blocked from client side, but not ICMP echo-reply.
Posting Permissions
Reply With Quote
Bookmarks