Espen Tjonneland
New Around Here
After having setup OpenVPN on the server end of the VPN setup, and verified that I am able to connect to it from another country via the OpenVPN client (both running on the AP with the same formware) I am not able to connect to the internet via the tunnel when enabling policy based routing.
Here are the basics:
VPN server with TUN
Subnet: 10.168.1.0/255.255.255.0
Client VPNsetting:
Firewall: Automatic
Redirect Internet traffic: Policy rules
Rules:
Source IP: 192.168.20.21
Destination IP: 0.0.0.0
When tracerouting, the traffic on the client with IP 192.168.20.21 (on the external network) routes the traffic through the tunnel to the VPNserver, but the server then blocks the traffic from accessing the internet.
Here is a log line from the server side:
As you see for this case DNS traffic to 8.8.8.8 (Google DNS) is dropped. Any other traffic is also dropped that goes to the internet.
Does anyone know what I need to do to get my server side to allow traffic through?
Here are the basics:
VPN server with TUN
Subnet: 10.168.1.0/255.255.255.0
Client VPNsetting:
Firewall: Automatic
Redirect Internet traffic: Policy rules
Rules:
Source IP: 192.168.20.21
Destination IP: 0.0.0.0
When tracerouting, the traffic on the client with IP 192.168.20.21 (on the external network) routes the traffic through the tunnel to the VPNserver, but the server then blocks the traffic from accessing the internet.
Here is a log line from the server side:
Code:
May 6 14:37:24 kernel: DROP <4>DROP IN=tun21 OUT=eth0 <1>SRC=10.168.1.6 DST=8.8.8.8 <1>LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP <1>SPT=16459 DPT=53 LEN=48
May 6 14:37:24 kernel: DROP <4>DROP IN=tun21 OUT=eth0 <1>SRC=10.168.1.6 DST=8.8.8.8 <1>LEN=71 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP <1>SPT=43666 DPT=53 LEN=51
May 6 14:37:24 kernel: DROP <4>DROP IN=tun21 OUT=eth0 <1>SRC=10.168.1.6 DST=8.8.8.8 <1>LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP <1>SPT=41440 DPT=53 LEN=48
May 6 14:37:24 kernel: DROP <4>DROP IN=tun21 OUT=eth0 <1>SRC=10.168.1.6 DST=8.8.8.8 <1>LEN=63 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP <1>SPT=65474 DPT=53 LEN=43
May 6 14:37:24 kernel: DROP <4>DROP IN=tun21 OUT=eth0 <1>SRC=10.168.1.6 DST=8.8.8.8 <1>LEN=74 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP <1>SPT=52979 DPT=53 LEN=54
May 6 14:37:24 kernel: DROP <4>DROP IN=tun21 OUT=eth0 <1>SRC=10.168.1.6 DST=8.8.8.8 <1>LEN=63 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP <1>SPT=4744 DPT=53 LEN=43
May 6 14:37:24 kernel: DROP <4>DROP IN=tun21 OUT=eth0 <1>SRC=10.168.1.6 DST=8.8.8.8 <1>LEN=96 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP <1>SPT=6973 DPT=53 LEN=76
As you see for this case DNS traffic to 8.8.8.8 (Google DNS) is dropped. Any other traffic is also dropped that goes to the internet.
Does anyone know what I need to do to get my server side to allow traffic through?