[vpsFree.cz: community-list] jak nastavit openvpn server na debianu

Ahoj, snazim se nastavit openvpn server tak, abych pres nej mohl pristupovat dal do inernetu, ale nedari se mi to. Sel jsem podle tohoto navodu: https://blog.sslmarket.cz/ssl/nastaveni-openvpn-na-serveru-s-debian-8-jessi… a podari se mi pres vpn dostat na server, ale dal uz ne (ani nepingnu). Predpokladam, ze je nejaky problem v nastaveni iptables, zkousel jsem i |iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -j MASQUERADE| i podle navodu z https://kb.vpsfree.cz/navody/server/openvpn iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to x.x.x.x |Diky za jakekoliv nakopnuti nebo upravu vpsfree navodu. Pavel Švojgr --- vypisy nastaveni ---- | # iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 10.8.0.0/24 anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination # tail /var/log/syslog Jan 6 16:35:09 svojgr ovpn-server[10656]: 188.122.208.66:37508 [swed] Peer Connection Initiated with [AF_INET]188.122.208.66:37508 Jan 6 16:35:09 svojgr ovpn-server[10656]: swed/188.122.208.66:37508 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled) Jan 6 16:35:09 svojgr ovpn-server[10656]: swed/188.122.208.66:37508 MULTI: Learn: 10.8.0.6 -> swed/188.122.208.66:37508 Jan 6 16:35:09 svojgr ovpn-server[10656]: swed/188.122.208.66:37508 MULTI: primary virtual IP for swed/188.122.208.66:37508: 10.8.0.6 Jan 6 16:35:11 svojgr ovpn-server[10656]: swed/188.122.208.66:37508 PUSH: Received control message: 'PUSH_REQUEST' Jan 6 16:35:11 svojgr ovpn-server[10656]: swed/188.122.208.66:37508 send_push_reply(): safe_cap=940 Jan 6 16:35:11 svojgr ovpn-server[10656]: swed/188.122.208.66:37508 SENT CONTROL [swed]: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1) # cat server.conf mode server port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key # privátní klíč serveru, nikam nepřenášet! dh dh2048.pem server 10.8.0.0 255.255.255.0 #push "redirect-gateway autolocal" #přesměrování všeho provozu do tunelu push "redirect-gateway def1" #push "dhcp-option DNS 217.31.204.130" #budete používat otevřené resolvery CZ.NICu #push "dhcp-option DNS 193.29.206.206" #tls-server #tls-auth ta.key 0 ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun user nobody group users status openvpn-status.log verb 3 # cat /etc/sysctl.conf |grep ip_forward net.ipv4.ip_forward=1 # cat openvpn-status.log OpenVPN CLIENT LIST Updated,Fri Jan 6 16:42:17 2017 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since swed,188.122.208.66:58268,75127,4993,Fri Jan 6 16:41:55 2017 ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref 10.8.0.6,swed,188.122.208.66:58268,Fri Jan 6 16:42:16 2017 GLOBAL STATS Max bcast/mcast queue length,0 END # iptables-save # Generated by iptables-save v1.4.21 on Fri Jan 6 16:57:14 2017 *raw :PREROUTING ACCEPT [198913:44347927] :OUTPUT ACCEPT [177047:151548665] COMMIT # Completed on Fri Jan 6 16:57:14 2017 # Generated by iptables-save v1.4.21 on Fri Jan 6 16:57:14 2017 *nat :PREROUTING ACCEPT [2998:172636] :POSTROUTING ACCEPT [1398:83622] :OUTPUT ACCEPT [1398:83622] -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE COMMIT # Completed on Fri Jan 6 16:57:14 2017 # Generated by iptables-save v1.4.21 on Fri Jan 6 16:57:14 2017 *mangle :PREROUTING ACCEPT [178768:43049496] :INPUT ACCEPT [178768:43049496] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [177047:151548665] :POSTROUTING ACCEPT [177047:151548665] -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,PSH,URG -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP -A PREROUTING -s 224.0.0.0/3 -j DROP -A PREROUTING -s 169.254.0.0/16 -j DROP -A PREROUTING -s 172.16.0.0/12 -j DROP -A PREROUTING -s 192.0.2.0/24 -j DROP -A PREROUTING -s 192.168.0.0/16 -j DROP -A PREROUTING -s 10.0.0.0/8 -j DROP -A PREROUTING -s 0.0.0.0/8 -j DROP -A PREROUTING -s 240.0.0.0/5 -j DROP -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP -A PREROUTING -p icmp -j DROP -A PREROUTING -f -j DROP COMMIT # Completed on Fri Jan 6 16:57:14 2017 # Generated by iptables-save v1.4.21 on Fri Jan 6 16:57:14 2017 *filter :INPUT ACCEPT [8741:3756481] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [7936:4515300] COMMIT # Completed on Fri Jan 6 16:57:14 2017