<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Tohle natuje vsechny odchozi pakety. Tzn i ty primo z VPS. Tim
nechci rict, ze je to spatne :-)<br>
Posli jeste vypis:<br>
iptables -L -v -n<br>
sysctl -a | grep net.ipv4.ip_forward<br>
<br>
</p>
<div class="moz-cite-prefix">On 21. 02. 19 16:44, Lukáš Němec wrote:<br>
</div>
<blockquote type="cite"
cite="mid:3C09765A-03B7-42E7-92F0-0010580D6E33@gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Ahoj,
<div class=""><br class="">
</div>
<div class="">už jsem našel ten iptables, a zdá se že to nějaké
pakety natuje, ale klient stále nepingá nikam :/</div>
<div class=""><br class="">
</div>
<div class="">
<div class="">Chain POSTROUTING (policy ACCEPT 0 packets, 0
bytes)</div>
<div class=""> pkts bytes target prot opt in out
source destination</div>
<div class="">13469 842K SNAT all -- * venet0
0.0.0.0/0 0.0.0.0/0 to:37.205.10.108</div>
<div class=""><br class="">
</div>
<div class="">Díky,</div>
<div class="">Lukáš</div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">On 21 Feb 2019, at 16:41, Lukáš Němec <<a
href="mailto:lu.nemec@gmail.com" class=""
moz-do-not-send="true">lu.nemec@gmail.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8" class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode:
space; line-break: after-white-space;" class="">Ahoj,
<div class=""><br class="">
</div>
<div class="">díky za odpovědi, zkusil jsem co jste
psali, a stále nefunguje. Připojím se OK, ale ping
8.8.8.8 píše no route to host, nebo timeoutuje.</div>
<div class="">IPv4 forwarding jsem zapl, a přidal nat
dle wiki, ale tahle část se mi nějak nezdá, když se
snažím vylistovat pravidla v POSTROUTING, píše mi
iptables že takový chain nezná. To nechápu.</div>
<div class=""><br class="">
</div>
<div class="">root@nemec /etc/openvpn # ip addr show dev
venet0:0 scope global
</div>
<div class="">2: venet0:
<BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu
1500 qdisc noqueue state UNKNOWN</div>
<div class=""> link/void</div>
<div class=""> inet 37.205.10.108/32 brd
37.205.10.108 scope global venet0:0</div>
<div class=""> inet6 2a01:430:17:1::ffff:71/128 scope
global</div>
<div class=""> valid_lft forever preferred_lft
forever</div>
<div class="">root@nemec /etc/openvpn # iptables -t nat
-A POSTROUTING -o venet0 -j SNAT --to 37.205.10.108
</div>
<div class="">root@nemec /etc/openvpn # iptables -L
POSTROUTING
</div>
<div class="">iptables: No chain/target/match by that
name. </div>
<div class=""><br class="">
</div>
<div class="">Můj server config:</div>
<div class="">
<div class="">mode server</div>
<div class="">tls-server</div>
<div class="">port 1194</div>
<div class="">proto tcp-server</div>
<div class="">dev tap1</div>
<div class="">client-config-dir ccd</div>
<div class="">tun-mtu 1500</div>
<div class=""><br class="">
</div>
<div class="">ca /etc/openvpn/easy-rsa/keys/ca.crt</div>
<div class="">cert
/etc/openvpn/easy-rsa/keys/nemec.crt</div>
<div class="">key /etc/openvpn/easy-rsa/keys/nemec.key</div>
<div class="">dh /etc/openvpn/easy-rsa/keys/dh2048.pem</div>
<div class=""><br class="">
</div>
<div class="">topology subnet</div>
<div class="">server 172.16.123.0 255.255.255.0</div>
<div class="">push "redirect-gateway def1 bypass-dhcp"</div>
<div class="">push "dhcp-option DNS 8.8.8.8"</div>
<div class=""><br class="">
</div>
<div class="">ifconfig-pool-persist ipp.txt</div>
<div class=""><br class="">
</div>
<div class="">keepalive 10 120</div>
<div class="">max-clients 10</div>
<div class="">cipher AES-256-CBC</div>
<div class="">user nobody</div>
<div class="">group nogroup</div>
<div class="">persist-key</div>
<div class="">persist-tun</div>
<div class="">status /tmp/openvpn.status 1</div>
<div class="">log-append /var/log/openvpn.log</div>
<div class="">status-version 3</div>
<div class="">verb 4</div>
<div class="">mute 20</div>
<div class="">reneg-sec 180</div>
<div class=""><br class="">
</div>
<div class="">Díky za jakékoliv rady,</div>
<div class="">Lukáš</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">On 21 Feb 2019, at 14:57, Miroslav
Misek <<a
href="mailto:miroslav.misek@netgarden.cz"
class="" moz-do-not-send="true">miroslav.misek@netgarden.cz</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type"
content="text/html; charset=UTF-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class="">
<p class="">Pokud ma OpenVPN fungovat jako
gateway (tzn klient pak bude posilat vsechny
data do internetu pres VPN), <br class="">
tak je potreba jeste nastavit bud na
klientovi:<br class="">
redirect-gateway<br class="">
nebo na serveru:<br class="">
push "redirect-gateway"</p>
<p class="">A navic v iptables (firewalld)
nastavit masquerade (aby data pochazejici z
vpn pri preposilani do internetu mela source
ip toho VPSka.<br class="">
A jak uz bylo napsano v predeslem emailu je
potreba povolit ip forwarding (echo 1 >
/proc/sys/net/ipv4/ip_forward) a taky
forwarding ve firewallu (iptables,
firewalld).</p>
<p class="">Miroslav Misek</p>
<div class="moz-cite-prefix">On 21. 02. 19
14:16, Jiri Drozd wrote:<br class="">
</div>
<blockquote type="cite"
cite="mid:1205030177.7379.1550755002419.JavaMail.zimbra@sde.cz"
class="">
<meta http-equiv="content-type"
content="text/html; charset=UTF-8"
class="">
<div style="font-family: arial, helvetica,
sans-serif; font-size: 12pt;" class="">
<div class="">Ahoj,<br class="">
</div>
<div class=""><br data-mce-bogus="1"
class="">
</div>
<div class="">uz nevim podle ceho sem to
nastavoval, tady je muj config ktery
funguje:<br data-mce-bogus="1" class="">
</div>
<div class=""><br data-mce-bogus="1"
class="">
</div>
<div class="">port 1111<br class="">
proto udp<br class="">
dev tun<br class="">
ca /etc/openvpn/full/keys/ca.crt<br
class="">
cert /etc/openvpn/full/keys/server.crt<br
class="">
key /etc/openvpn/full/keys/server.key <br
class="">
dh /etc/openvpn/full/keys/dh2048.pem<br
class="">
topology subnet<br class="">
server 172.16.123.0 255.255.255.0<br
class="">
ifconfig-pool-persist ipp-full.txt<br
class="">
push "redirect-gateway def1 bypass-dhcp"<br
class="">
push "dhcp-option DNS 8.8.8.8"<br
class="">
keepalive 10 30<br class="">
tls-auth
/etc/openvpn/easy-rsa-full/keys/ta.key 0<br
class="">
cipher AES-256-CBC <br class="">
comp-lzo<br class="">
max-clients 100<br class="">
user nobody<br class="">
group nogroup<br class="">
persist-key<br class="">
persist-tun<br class="">
status openvpn-full-status.log<br
class="">
verb 3<br class="">
mute 20<br class="">
reneg-sec 180<br class="">
</div>
<div class=""><br data-mce-bogus="1"
class="">
</div>
<div class="">treba mit jeste povoleny
forwarding <a
href="https://linuxconfig.org/how-to-turn-on-off-ip-forwarding-in-linux"
moz-do-not-send="true" class="">https://linuxconfig.org/how-to-turn-on-off-ip-forwarding-in-linux</a><br
data-mce-bogus="1" class="">
</div>
<div class="">a pokud mas zaple iptables
tak zkontroluj, ze ti tam ten traffic
nic neblokuje (asi nejlepsi nachvilku
vypnout firewall uplne)<br
data-mce-bogus="1" class="">
</div>
<div class=""><br data-mce-bogus="1"
class="">
</div>
<div class="">JDrozd / Buger<br
data-mce-bogus="1" class="">
</div>
<div class=""><br class="">
</div>
<hr id="zwchr" data-marker="__DIVIDER__"
class="">
<div data-marker="__HEADERS__" class=""><b
class="">From: </b>"Lukáš Němec" <a
class="moz-txt-link-rfc2396E"
href="mailto:lu.nemec@gmail.com"
moz-do-not-send="true"><lu.nemec@gmail.com></a><br
class="">
<b class="">To: </b>"<a
href="http://vpsfree.cz/" class=""
moz-do-not-send="true">vpsFree.cz</a>
Community list" <a
class="moz-txt-link-rfc2396E"
href="mailto:community-list@lists.vpsfree.cz"
moz-do-not-send="true"><community-list@lists.vpsfree.cz></a><br
class="">
<b class="">Sent: </b>Friday, February
15, 2019 5:29:57 PM<br class="">
<b class="">Subject: </b>[<a
href="http://vpsfree.cz/" class=""
moz-do-not-send="true">vpsFree.cz</a>:
community-list] OpenVPN config<br
class="">
</div>
<div class=""><br class="">
</div>
<div data-marker="__QUOTED_TEXT__"
class="">Ahoj,
<div class="">Snažím se rozjet openvpn
jako internet gateway na vpsce. Jel
jsem podle návodu na wiki vpsfree ale
zdá se zastaralý. Už jsem ve stavu kdy
se v pohodě připojím na vps vpn, ale
net nefunguje-asi bude špatně ip
adresa pro nat v návodu wiki? (<span
style="font-size: 12pt; font-family:
Helvetica;" class=""><a
href="https://kb.vpsfree.cz/navody/server/openvpn"
target="_blank"
moz-do-not-send="true" class="">https://kb.vpsfree.cz/navody/server/openvpn</a>)</span></div>
<div class=""><span style="font-size:
12pt; font-family: Helvetica;"
class=""><br class="">
</span></div>
<div class=""><span style="font-size:
12pt; font-family: Helvetica;"
class="">Našel jsem ještě maily z
2017 z tohoto listu ale nevím jestli
ta konfigurace bude platit.</span></div>
<div class=""><span style="font-size:
12pt; font-family: Helvetica;"
class=""><br class="">
</span></div>
<div class=""><span style="font-size:
12pt; font-family: Helvetica;"
class="">Poradíte? Btw configy mám
stejné jako v návodu-jel jsem krok
za krokem.</span></div>
<div class=""><span style="font-size:
12pt; font-family: Helvetica;"
class=""><br class="">
</span></div>
<div class=""><span style="font-size:
12pt; font-family: Helvetica;"
class="">Díky,</span></div>
<div class=""><span style="font-size:
12pt; font-family: Helvetica;"
class="">Lukáš</span></div>
<br class="">
_______________________________________________<br class="">
Community-list mailing list<br class="">
<a class="moz-txt-link-abbreviated"
href="mailto:Community-list@lists.vpsfree.cz"
moz-do-not-send="true">Community-list@lists.vpsfree.cz</a><br
class="">
<a class="moz-txt-link-freetext"
href="http://lists.vpsfree.cz/listinfo/community-list"
moz-do-not-send="true">http://lists.vpsfree.cz/listinfo/community-list</a><br
class="">
</div>
</div>
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Community-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Community-list@lists.vpsfree.cz" moz-do-not-send="true">Community-list@lists.vpsfree.cz</a>
<a class="moz-txt-link-freetext" href="http://lists.vpsfree.cz/listinfo/community-list" moz-do-not-send="true">http://lists.vpsfree.cz/listinfo/community-list</a>
</pre>
</blockquote>
</div>
_______________________________________________<br
class="">
Community-list mailing list<br class="">
<a href="mailto:Community-list@lists.vpsfree.cz"
class="" moz-do-not-send="true">Community-list@lists.vpsfree.cz</a><br
class="">
<a
href="http://lists.vpsfree.cz/listinfo/community-list"
class="" moz-do-not-send="true">http://lists.vpsfree.cz/listinfo/community-list</a><br
class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Community-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Community-list@lists.vpsfree.cz">Community-list@lists.vpsfree.cz</a>
<a class="moz-txt-link-freetext" href="http://lists.vpsfree.cz/listinfo/community-list">http://lists.vpsfree.cz/listinfo/community-list</a>
</pre>
</blockquote>
</body>
</html>