I have the following configuration and I need internet access from clients:
+-------------------------+
(public IP)| |
{INTERNET}============{ Router |
| |
| LAN switch |
+------------+------------+
| (192.168.0.1)
|
| +-----------------------+
| | |
| | OpenVPN | eth0: 192.168.0.186/24
+--------------{eth0 server | tun0: 192.168.1.1/24
| | |
| | {tun0} |
| +-----------------------+
|
+--------+-----------+
| |
| Other LAN clients |
| |
| 192.168.0.0/24 |
| (internal net) |
+--------------------+
I have not managed to make customers have Internet access. My settings are as follows:
VPN server file
port 1194
proto udp
dev tun0
ca keys/changeme/ca.crt
cert keys/changeme/serverjvpn.crt
key keys/changeme/serverjvpn.key
dh keys/changeme/dh2048.pem
server 192.168.1.0 255.255.255.0
crl-verify keys/changeme/crl.pem
cipher BF-CBC
user nobody
group FabMira
status servers/JorpaVPN/logs/openvpn-status.log
log-append servers/JorpaVPN/logs/openvpn.log
verb 6
mute 20
max-clients 100
keepalive 10 120
client-config-dir /etc/openvpn/servers/JorpaVPN/ccd
client-to-client
comp-lzo
persist-key
persist-tun
ccd-exclusive
route 10.10.1.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
push "route 10.10.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.0.186"
push "redirect-gateway def1"
iptables file
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.10.1.0/24 -o tun0 -j MASQUERADE COMMIT
# Completed on Thu May 5 11:27:58 2016
# Generated by iptables-save v1.4.7 on Thu May 5 11:27:58 2016
*filter :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT
-A INPUT -p udp -m state -m udp --dport 1194 --state NEW -j ACCEPT
-A INPUT -p tcp -m state -m tcp --dport 1194 --state NEW -j ACCEPT
-A INPUT -p tcp -m state -m tcp --dport 5000 --state NEW -j ACCEPT
-A INPUT -p udp -m state -m udp --dport 5000 --state NEW -j ACCEPT
-A INPUT -p udp -m state -m udp --dport 53 --state NEW -j ACCEPT
-A INPUT -p tcp -m state -m tcp --dport 22 --state NEW -j ACCEPT
-A INPUT -p tcp -m state -m tcp --dport 20 --state NEW -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp -i eth0 --dport 1723 -j ACCEPT
-A INPUT -p gre -i eth0 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPT
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -j ACCEPT
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -j ACCEPT
-I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -d 192.168.0.0/24 -j ACCEPT
-A FORWARD -s 192.168.0.0/24 -d 192.168.1.0/24 -j ACCEPT
-A FORWARD -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
-A FORWARD -s 10.10.1.0/24 -d 10.10.1.0/24 -j ACCEPT
-A FORWARD -s 10.10.1.0/24 -d 192.168.1.0/24 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -d 10.10.1.0/24 -j ACCEPT
-A FORWARD -s 10.10.1.0/24 -d 192.168.0.0/24 -j ACCEPT
-A FORWARD -s 192.168.0.0/24 -d 10.10.1.0/24 -j ACCEPT
What can I have bad, please help.