Home » General » Support » *SOLVED* OpenVPN in VPS : Masquerade
| *SOLVED* OpenVPN in VPS : Masquerade [message #8117] |
Wed, 08 November 2006 07:03  |
laurent
Messages: 18
Registered: April 2006
|
Junior Member |
|
|
Hi
I installed an OpenVPN server in a VPS, it work well.
i can, from an Openvpn client , access to the VPS trought a VPN connection.
an ifconfig in the VPS :
tun0 Lien encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet adr:10.34.34.1 P-t-P:10.34.34.2 Masque:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:10
RX bytes:600 (600.0 b) TX bytes:0 (0.0 b)
venet0 Lien encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet adr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Masque:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:3105 errors:0 dropped:0 overruns:0 frame:0
TX packets:3029 errors:0 dropped:10 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:482798 (471.4 KiB) TX bytes:294943 (288.0 KiB)
venet0:0 Lien encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet adr:192.168.7.145 P-t-P:192.168.7.145 Bcast:192.168.7.145 Masque:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
I m trying to connect from the openvpn client to the venet0 network 192.168.7.0/24 (of the VPS)
and it doesn't work. i supposed that i have to masquerade traffic inside the VPS, but ...
i trying to use ine the VPS
# iptables -t nat -A POSTROUTING -s 10.34.34.0/24 -j MASQUERADE
and i have :
iptables: No chain/target/match by that name
I read a lot of messages in the openvz forum , but there is no solution detailed!
some other information :
in the Host
lsmod | grep iptable
iptable_mangle 4544 8
iptable_nat 27540 10 ipt_SAME,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,ip_nat_irc,i p_nat_tftp,ip_nat_ftp
ip_conntrack 37420 15 ipt_SAME,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,ipt_helper,i pt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,ip_conntrack_ irc,ip_conntrack_tftp,ip_conntrack_ftp,iptable_nat,ipt_state
iptable_filter 4384 8
ip_tables 22064 26 iptable_mangle,ipt_ttl,ipt_TOS,ipt_tos,ipt_TCPMSS,ipt_tcpmss ,ipt_SAME,ipt_REDIRECT,ipt_recent,ipt_NETMAP,ipt_multiport,i pt_MASQUERADE,ipt_MARK,ipt_mark,ipt_mac,ipt_LOG,ipt_limit,ip t_length,ipt_iprange,ipt_helper,ipt_conntrack,ipt_CLASSIFY,i ptable_nat,ipt_REJECT,ipt_state,iptable_filter
cat /etc/sysconfig/vz | grep iptab
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length iptable_nat ipt_REDIRECT ipt_conntrack ip_conntrack"
uname -r
2.6.8-022stab077.1-smp
in the VPS:
iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
thanks in advance for any solution
[Updated on: Thu, 14 June 2007 09:41] by Moderator Report message to a moderator |
|
|
|
|
|
| Re: OpenVPN in VPS : Masquerade [message #14016 is a reply to message #13977] |
Mon, 11 June 2007 05:15  |
 |
curx
Messages: 739
Registered: February 2006
Location: Nürnberg, Germany
|
Senior Member |
|
|
Hi,
iptables "MASQUERADE" isn't virtualized,
only listed iptables modules can be used in VE context:
(see man-page of vzctl)
iptable_filter,iptable_mangle, ipt_limit, ipt_multiport,
ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,
ipt_ttl, ipt_LOG, ipt_length, ip_conntrack, ip_conntrack_ftp,
ip_conntrack_irc, ipt_conntrack, ipt_state, ipt_helper,
iptable_nat, ip_nat_ftp, ip_nat_irc, ipt_REDIRECT xt_mac.
|
|
|
|
|
|
| Re: *SOLVED* OpenVPN in VPS : Masquerade [message #22231 is a reply to message #8117] |
Tue, 23 October 2007 23:52 |
tomfra
Messages: 28
Registered: September 2007
|
Junior Member |
|
|
Is there some workaround for this problem? When I run:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
on the VPS where I've just installed OpenVPN, I get this error:
iptables: Unknown error 18446744073709551615
I suppose it's related to the described problem? Everything else in my OpenVPN setup works.
Tomas
Do you really believe the Internet is a safe place?
IdentityCloaker.com - Take Back Your Privacy!
|
|
|
|
| Re:OpenVPN in VPS : Masquerade [message #37590 is a reply to message #22231] |
Mon, 28 September 2009 18:54 |
cosminnci
Messages: 6
Registered: September 2009
Location: RO
|
Junior Member |
|
|
Hello,
I have the same problem 
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
how to rewrite this rule?
so far i read
"You can configure many to one NAT to an IP alias, using the POSTROUTING and not the MASQUERADE statement."
[Updated on: Mon, 28 September 2009 18:55] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
| Re: *SOLVED* OpenVPN in VPS : Masquerade [message #45251 is a reply to message #8117] |
Mon, 20 February 2012 18:46 |
x100
Messages: 2
Registered: February 2012
|
Junior Member |
|
|
If anybody still interested. Checked the above rule and it did not actually let me access external resources being connected to the VPN server. I got connected to the server being able to ping external addresses this way, but there was no route to them through the VPN tunnel (when tracerouting). To be fully able to reach the external net through the VPN server I use the following:
iptables -t nat -A POSTROUTING -j SNAT --to-source <venet's IP>
And don't forget enabling IP forwarding in /etc/sysctl.conf:
|
|
|
|
Goto Forum:
Current Time: Tue Nov 19 06:08:06 GMT 2024
Total time taken to generate the page: 0.03048 seconds
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
