0

I try to setup a vpn between 2 networks over internet following this link https://openvpn.net/community-resources/how-to/

On my server

  • openvpn runs
  • port 1194 transfered
  • interface ; inet 10.9.8.1 peer 10.9.8.2/32 scope global tun0

On my client

  • interface : inet 10.9.8.10 peer 10.9.8.9/32 scope global tun0
  • routes (ip r)
default via 10.9.8.9 dev tun0 
10.0.3.0/24 dev lxcbr0 proto kernel scope link src 10.0.3.1 linkdown 
10.9.8.0/24 via 10.9.8.9 dev tun0 
10.9.8.9 dev tun0 proto kernel scope link src 10.9.8.10 
<my.server.wan.ip> via 192.168.1.254 dev wlp3s0 proto static 
169.254.0.0/16 dev tun0 scope link metric 1000 
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.156 metric 600

From my client, I can access my server from my tun0 interface (ssh 10.9.8.1 → my server)

But I cannot access internet from my client (ping 8.8.8.8 does not work)

I missed st but don’t see what. Thanks for any help.

Improve this question
0

1 Answer 1

Reset to default
1

tcpdump will be very helpful here. Run it on both nodes and reach out to an IP address that you know, best is a site with a static IP. Then you can run

tcpdump -nni any host (the IP)

example output on an icmp ping to 8.8.8.8:

#tcpdump -nni any host 8.8.8.8
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length     262144 bytes
13:28:08.141937 enp2s0 Out IP 192.168.200.200 > 8.8.8.8: ICMP echo     request, id 47151, seq 1, length 64
13:28:08.150955 enp2s0 In  IP 8.8.8.8 > 192.168.200.200: ICMP echo reply,     id 47151, seq 1, length 64

It can tell you which interface the traffic is leaving (Out) as well as received (In).

  • On the client, it should enter the tunnel ("interface name" Out).
  • On the server, you should see the traffic arriving ("interface name" In).

If your server receives the traffic destined for Internet, then your server might not be routing, that is, to forward packets according to certain rules (iptables for example). Since I don't see it explicitly mentioned in your given link, see if this helps as an example (external link to tecadmin) to set the server up as a router.

Improve this answer
2
  • Thank @boro for your reply, I'm not used with tcpdump and did know how to begin, I'll try with your advices and let you know ...
    – Dri372
    Commented Jan 21 at 14:50
  • Right I have to setup IP forwarding & masquerading
    – Dri372
    Commented Jan 21 at 20:08

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .