Top-Themen

AppleEntwicklungHardwareInternetLinuxMicrosoftMultimediaNetzwerkeOff TopicSicherheitSonstige SystemeVirtualisierungWeiterbildungZusammenarbeit

Aktuelle Themen

Administrator.de FeedbackApache ServerAppleAssemblerAudioAusbildungAuslandBackupBasicBatch & ShellBenchmarksBibliotheken & ToolkitsBlogsCloud-DiensteClusterCMSCPU, RAM, MainboardsCSSC und C++DatenbankenDatenschutzDebianDigitiales FernsehenDNSDrucker und ScannerDSL, VDSLE-BooksE-BusinessE-MailEntwicklungErkennung und -AbwehrExchange ServerFestplatten, SSD, RaidFirewallFlatratesGoogle AndroidGrafikGrafikkarten & MonitoreGroupwareHardwareHosting & HousingHTMLHumor (lol)Hyper-VIconsIDE & EditorenInformationsdiensteInstallationInstant MessagingInternetInternet DomäneniOSISDN & AnaloganschlüsseiTunesJavaJavaScriptKiXtartKVMLAN, WAN, WirelessLinuxLinux DesktopLinux NetzwerkLinux ToolsLinux UserverwaltungLizenzierungMac OS XMicrosoftMicrosoft OfficeMikroTik RouterOSMonitoringMultimediaMultimedia & ZubehörNetzwerkeNetzwerkgrundlagenNetzwerkmanagementNetzwerkprotokolleNotebook & ZubehörNovell NetwareOff TopicOpenOffice, LibreOfficeOutlook & MailPapierkorbPascal und DelphiPeripheriegerätePerlPHPPythonRechtliche FragenRedHat, CentOS, FedoraRouter & RoutingSambaSAN, NAS, DASSchriftartenSchulung & TrainingSEOServerServer-HardwareSicherheitSicherheits-ToolsSicherheitsgrundlagenSolarisSonstige SystemeSoziale NetzwerkeSpeicherkartenStudentenjobs & PraktikumSuche ProjektpartnerSuseSwitche und HubsTipps & TricksTK-Netze & GeräteUbuntuUMTS, EDGE & GPRSUtilitiesVB for ApplicationsVerschlüsselung & ZertifikateVideo & StreamingViren und TrojanerVirtualisierungVisual StudioVmwareVoice over IPWebbrowserWebentwicklungWeiterbildungWindows 7Windows 8Windows 10Windows InstallationWindows MobileWindows NetzwerkWindows ServerWindows SystemdateienWindows ToolsWindows UpdateWindows UserverwaltungWindows VistaWindows XPXenserverXMLZusammenarbeit

Über Debian 32bit OpenVPN Server (KVM VPS) ins Internet

Frage Linux Linux Netzwerk

Mitglied: spellingbee

spellingbee (Level 1) - Jetzt verbinden

11.09.2012, aktualisiert 18:40 Uhr, 3576 Aufrufe, 1 Kommentar

Hallo,

wie der Titel schon sagt, möchte ich über einen KVM VPS auf dem Debian 6.0.5 32bit und OpenVPN läuft ins Internet. Die Verbindung zum OpenVPN Server steht aber ich bekomme keine Verbindung ins Internet.

Ich bin dieser Anleitung gefolgt: http://cloudlog.de/eigener-us-vpn-server-mit-openvpn-unter-debian-squee ...

In dieser Anleitung werden am Ende folgende Befehle genutzt:


iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to EURE_SERVERIP

Ich denke der Fehler liegt in der letzten Zeile, ich habe gelesen das iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to EURE_SERVERIP nur mit OpenVZ funktioniert. Ich habe aber einen KVM VPS...

Kann mir jemand weiterhelfen?

Wie gesagt die Verbindung zum VPN steht aber der VPN lässt mich nicht ins Internet.

Server Config

01.
################################################# 
02.
# Sample OpenVPN 2.0 config file for            # 
03.
# multi-client server.                          # 
04.
#                                               # 
05.
# This file is for the server side              # 
06.
# of a many-clients <-> one-server              # 
07.
# OpenVPN configuration.                        # 
08.
#                                               # 
09.
# OpenVPN also supports                         # 
10.
# single-machine <-> single-machine             # 
11.
# configurations (See the Examples page         # 
12.
# on the web site for more info).               # 
13.
#                                               # 
14.
# This config should work on Windows            # 
15.
# or Linux/BSD systems.  Remember on            # 
16.
# Windows to quote pathnames and use            # 
17.
# double backslashes, e.g.:                     # 
18.
# "C:\\Program Files\\OpenVPN\\config\\foo.key" # 
19.
#                                               # 
20.
# Comments are preceded with '#' or ';'         # 
21.
################################################# 
22.
 
23.
# Which local IP address should OpenVPN 
24.
# listen on? (optional) 
25.
;local a.b.c.d 
26.
 
27.
# Which TCP/UDP port should OpenVPN listen on? 
28.
# If you want to run multiple OpenVPN instances 
29.
# on the same machine, use a different port 
30.
# number for each one.  You will need to 
31.
# open up this port on your firewall. 
32.
port 1194 
33.
 
34.
# TCP or UDP server? 
35.
;proto tcp 
36.
proto udp 
37.
 
38.
# "dev tun" will create a routed IP tunnel, 
39.
# "dev tap" will create an ethernet tunnel. 
40.
# Use "dev tap0" if you are ethernet bridging 
41.
# and have precreated a tap0 virtual interface 
42.
# and bridged it with your ethernet interface. 
43.
# If you want to control access policies 
44.
# over the VPN, you must create firewall 
45.
# rules for the the TUN/TAP interface. 
46.
# On non-Windows systems, you can give 
47.
# an explicit unit number, such as tun0. 
48.
# On Windows, use "dev-node" for this. 
49.
# On most systems, the VPN will not function 
50.
# unless you partially or fully disable 
51.
# the firewall for the TUN/TAP interface. 
52.
;dev tap 
53.
dev tun 
54.
 
55.
# Windows needs the TAP-Win32 adapter name 
56.
# from the Network Connections panel if you 
57.
# have more than one.  On XP SP2 or higher, 
58.
# you may need to selectively disable the 
59.
# Windows firewall for the TAP adapter. 
60.
# Non-Windows systems usually don't need this. 
61.
;dev-node MyTap 
62.
 
63.
# SSL/TLS root certificate (ca), certificate 
64.
# (cert), and private key (key).  Each client 
65.
# and the server must have their own cert and 
66.
# key file.  The server and all clients will 
67.
# use the same ca file. 
68.
69.
# See the "easy-rsa" directory for a series 
70.
# of scripts for generating RSA certificates 
71.
# and private keys.  Remember to use 
72.
# a unique Common Name for the server 
73.
# and each of the client certificates. 
74.
75.
# Any X509 key management system can be used. 
76.
# OpenVPN can also use a PKCS #12 formatted key file 
77.
# (see "pkcs12" directive in man page). 
78.
ca ca.crt 
79.
cert server.crt 
80.
key server.key 
81.
 
82.
# Diffie hellman parameters. 
83.
# Generate your own with: 
84.
#   openssl dhparam -out dh1024.pem 1024 
85.
# Substitute 2048 for 1024 if you are using 
86.
# 2048 bit keys.  
87.
dh dh1024.pem 
88.
 
89.
# Configure server mode and supply a VPN subnet 
90.
# for OpenVPN to draw client addresses from. 
91.
# The server will take 10.8.0.1 for itself, 
92.
# the rest will be made available to clients. 
93.
# Each client will be able to reach the server 
94.
# on 10.8.0.1. Comment this line out if you are 
95.
# ethernet bridging. See the man page for more info. 
96.
server 10.8.0.0 255.255.255.0 
97.
 
98.
# Maintain a record of client <-> virtual IP address 
99.
# associations in this file.  If OpenVPN goes down or 
100.
# is restarted, reconnecting clients can be assigned 
101.
# the same virtual IP address from the pool that was 
102.
# previously assigned. 
103.
ifconfig-pool-persist ipp.txt 
104.
 
105.
# Configure server mode for ethernet bridging. 
106.
# You must first use your OS's bridging capability 
107.
# to bridge the TAP interface with the ethernet 
108.
# NIC interface.  Then you must manually set the 
109.
# IP/netmask on the bridge interface, here we 
110.
# assume 10.8.0.4/255.255.255.0.  Finally we 
111.
# must set aside an IP range in this subnet 
112.
# (start=10.8.0.50 end=10.8.0.100) to allocate 
113.
# to connecting clients.  Leave this line commented 
114.
# out unless you are ethernet bridging. 
115.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 
116.
 
117.
# Configure server mode for ethernet bridging 
118.
# using a DHCP-proxy, where clients talk 
119.
# to the OpenVPN server-side DHCP server 
120.
# to receive their IP address allocation 
121.
# and DNS server addresses.  You must first use 
122.
# your OS's bridging capability to bridge the TAP 
123.
# interface with the ethernet NIC interface. 
124.
# Note: this mode only works on clients (such as 
125.
# Windows), where the client-side TAP adapter is 
126.
# bound to a DHCP client. 
127.
;server-bridge 
128.
 
129.
# Push routes to the client to allow it 
130.
# to reach other private subnets behind 
131.
# the server.  Remember that these 
132.
# private subnets will also need 
133.
# to know to route the OpenVPN client 
134.
# address pool (10.8.0.0/255.255.255.0) 
135.
# back to the OpenVPN server. 
136.
;push "route 192.168.10.0 255.255.255.0" 
137.
;push "route 192.168.20.0 255.255.255.0" 
138.
;push "route 0.0.0.0 0.0.0.0" 
139.
 
140.
# To assign specific IP addresses to specific 
141.
# clients or if a connecting client has a private 
142.
# subnet behind it that should also have VPN access, 
143.
# use the subdirectory "ccd" for client-specific 
144.
# configuration files (see man page for more info). 
145.
 
146.
# EXAMPLE: Suppose the client 
147.
# having the certificate common name "Thelonious" 
148.
# also has a small subnet behind his connecting 
149.
# machine, such as 192.168.40.128/255.255.255.248. 
150.
# First, uncomment out these lines: 
151.
;client-config-dir ccd 
152.
;route 192.168.40.128 255.255.255.248 
153.
# Then create a file ccd/Thelonious with this line: 
154.
#   iroute 192.168.40.128 255.255.255.248 
155.
# This will allow Thelonious' private subnet to 
156.
# access the VPN.  This example will only work 
157.
# if you are routing, not bridging, i.e. you are 
158.
# using "dev tun" and "server" directives. 
159.
 
160.
# EXAMPLE: Suppose you want to give 
161.
# Thelonious a fixed VPN IP address of 10.9.0.1. 
162.
# First uncomment out these lines: 
163.
;client-config-dir ccd 
164.
;route 10.9.0.0 255.255.255.252 
165.
# Then add this line to ccd/Thelonious: 
166.
#   ifconfig-push 10.9.0.1 10.9.0.2 
167.
 
168.
# Suppose that you want to enable different 
169.
# firewall access policies for different groups 
170.
# of clients.  There are two methods: 
171.
# (1) Run multiple OpenVPN daemons, one for each 
172.
#     group, and firewall the TUN/TAP interface 
173.
#     for each group/daemon appropriately. 
174.
# (2) (Advanced) Create a script to dynamically 
175.
#     modify the firewall in response to access 
176.
#     from different clients.  See man 
177.
#     page for more info on learn-address script. 
178.
;learn-address ./script 
179.
 
180.
# If enabled, this directive will configure 
181.
# all clients to redirect their default 
182.
# network gateway through the VPN, causing 
183.
# all IP traffic such as web browsing and 
184.
# and DNS lookups to go through the VPN 
185.
# (The OpenVPN server machine may need to NAT 
186.
# or bridge the TUN/TAP interface to the internet 
187.
# in order for this to work properly). 
188.
;push "redirect-gateway def1 bypass-dhcp" 
189.
push "redirect-gateway" 
190.
 
191.
# Certain Windows-specific network settings 
192.
# can be pushed to clients, such as DNS 
193.
# or WINS server addresses.  CAVEAT: 
194.
# http://openvpn.net/faq.html#dhcpcaveats 
195.
# The addresses below refer to the public 
196.
# DNS servers provided by opendns.com. 
197.
;push "dhcp-option DNS 208.67.222.222" 
198.
;push "dhcp-option DNS 208.67.220.220" 
199.
push "dhcp-option DNS 8.8.8.8" 
200.
push "dhcp-option DNS 8.8.4.4" 
201.
 
202.
# Uncomment this directive to allow different 
203.
# clients to be able to "see" each other. 
204.
# By default, clients will only see the server. 
205.
# To force clients to only see the server, you 
206.
# will also need to appropriately firewall the 
207.
# server's TUN/TAP interface. 
208.
;client-to-client 
209.
 
210.
# Uncomment this directive if multiple clients 
211.
# might connect with the same certificate/key 
212.
# files or common names.  This is recommended 
213.
# only for testing purposes.  For production use, 
214.
# each client should have its own certificate/key 
215.
# pair. 
216.
217.
# IF YOU HAVE NOT GENERATED INDIVIDUAL 
218.
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT, 
219.
# EACH HAVING ITS OWN UNIQUE "COMMON NAME", 
220.
# UNCOMMENT THIS LINE OUT. 
221.
;duplicate-cn 
222.
 
223.
# The keepalive directive causes ping-like 
224.
# messages to be sent back and forth over 
225.
# the link so that each side knows when 
226.
# the other side has gone down. 
227.
# Ping every 10 seconds, assume that remote 
228.
# peer is down if no ping received during 
229.
# a 120 second time period. 
230.
keepalive 10 120 
231.
 
232.
# For extra security beyond that provided 
233.
# by SSL/TLS, create an "HMAC firewall" 
234.
# to help block DoS attacks and UDP port flooding. 
235.
236.
# Generate with: 
237.
#   openvpn --genkey --secret ta.key 
238.
239.
# The server and each client must have 
240.
# a copy of this key. 
241.
# The second parameter should be '0' 
242.
# on the server and '1' on the clients. 
243.
;tls-auth ta.key 0 # This file is secret 
244.
 
245.
# Select a cryptographic cipher. 
246.
# This config item must be copied to 
247.
# the client config file as well. 
248.
;cipher BF-CBC        # Blowfish (default) 
249.
;cipher AES-128-CBC   # AES 
250.
;cipher DES-EDE3-CBC  # Triple-DES 
251.
 
252.
# Enable compression on the VPN link. 
253.
# If you enable it here, you must also 
254.
# enable it in the client config file. 
255.
comp-lzo 
256.
 
257.
# The maximum number of concurrently connected 
258.
# clients we want to allow. 
259.
;max-clients 100 
260.
 
261.
# It's a good idea to reduce the OpenVPN 
262.
# daemon's privileges after initialization. 
263.
264.
# You can uncomment this out on 
265.
# non-Windows systems. 
266.
;user nobody 
267.
;group nogroup 
268.
 
269.
# The persist options will try to avoid 
270.
# accessing certain resources on restart 
271.
# that may no longer be accessible because 
272.
# of the privilege downgrade. 
273.
persist-key 
274.
persist-tun 
275.
 
276.
# Output a short status file showing 
277.
# current connections, truncated 
278.
# and rewritten every minute. 
279.
status openvpn-status.log 
280.
 
281.
# By default, log messages will go to the syslog (or 
282.
# on Windows, if running as a service, they will go to 
283.
# the "\Program Files\OpenVPN\log" directory). 
284.
# Use log or log-append to override this default. 
285.
# "log" will truncate the log file on OpenVPN startup, 
286.
# while "log-append" will append to it.  Use one 
287.
# or the other (but not both). 
288.
;log         openvpn.log 
289.
;log-append  openvpn.log 
290.
 
291.
# Set the appropriate level of log 
292.
# file verbosity. 
293.
294.
# 0 is silent, except for fatal errors 
295.
# 4 is reasonable for general usage 
296.
# 5 and 6 can help to debug connection problems 
297.
# 9 is extremely verbose 
298.
verb 3 
299.
 
300.
# Silence repeating messages.  At most 20 
301.
# sequential messages of the same message 
302.
# category will be output to the log. 
303.
;mute 20
Client Config

01.
############################################## 
02.
# Sample client-side OpenVPN 2.0 config file # 
03.
# for connecting to multi-client server.     # 
04.
#                                            # 
05.
# This configuration can be used by multiple # 
06.
# clients, however each client should have   # 
07.
# its own cert and key files.                # 
08.
#                                            # 
09.
# On Windows, you might want to rename this  # 
10.
# file so it has a .ovpn extension           # 
11.
############################################## 
12.
 
13.
# Specify that we are a client and that we 
14.
# will be pulling certain config file directives 
15.
# from the server. 
16.
client 
17.
 
18.
# Use the same setting as you are using on 
19.
# the server. 
20.
# On most systems, the VPN will not function 
21.
# unless you partially or fully disable 
22.
# the firewall for the TUN/TAP interface. 
23.
;dev tap 
24.
dev tun 
25.
 
26.
# Windows needs the TAP-Win32 adapter name 
27.
# from the Network Connections panel 
28.
# if you have more than one.  On XP SP2, 
29.
# you may need to disable the firewall 
30.
# for the TAP adapter. 
31.
;dev-node MyTap 
32.
 
33.
# Are we connecting to a TCP or 
34.
# UDP server?  Use the same setting as 
35.
# on the server. 
36.
;proto tcp 
37.
proto udp 
38.
 
39.
# The hostname/IP and port of the server. 
40.
# You can have multiple remote entries 
41.
# to load balance between the servers. 
42.
remote ---IP-VPS--- 1194 
43.
 
44.
# Choose a random host from the remote 
45.
# list for load-balancing.  Otherwise 
46.
# try hosts in the order specified. 
47.
;remote-random 
48.
 
49.
# Keep trying indefinitely to resolve the 
50.
# host name of the OpenVPN server.  Very useful 
51.
# on machines which are not permanently connected 
52.
# to the internet such as laptops. 
53.
resolv-retry infinite 
54.
 
55.
# Most clients don't need to bind to 
56.
# a specific local port number. 
57.
nobind 
58.
 
59.
# Downgrade privileges after initialization (non-Windows only) 
60.
;user nobody 
61.
;group nogroup 
62.
 
63.
# Try to preserve some state across restarts. 
64.
persist-key 
65.
persist-tun 
66.
 
67.
# If you are connecting through an 
68.
# HTTP proxy to reach the actual OpenVPN 
69.
# server, put the proxy server/IP and 
70.
# port number here.  See the man page 
71.
# if your proxy server requires 
72.
# authentication. 
73.
;http-proxy-retry # retry on connection failures 
74.
;http-proxy [proxy server] [proxy port #] 
75.
 
76.
# Wireless networks often produce a lot 
77.
# of duplicate packets.  Set this flag 
78.
# to silence duplicate packet warnings. 
79.
;mute-replay-warnings 
80.
 
81.
# SSL/TLS parms. 
82.
# See the server config file for more 
83.
# description.  It's best to use 
84.
# a separate .crt/.key file pair 
85.
# for each client.  A single ca 
86.
# file can be used for all clients. 
87.
ca ca.crt 
88.
cert rechner1.crt 
89.
key rechner1.key 
90.
 
91.
# Verify server certificate by checking 
92.
# that the certicate has the nsCertType 
93.
# field set to "server".  This is an 
94.
# important precaution to protect against 
95.
# a potential attack discussed here: 
96.
#  http://openvpn.net/howto.html#mitm 
97.
98.
# To use this feature, you will need to generate 
99.
# your server certificates with the nsCertType 
100.
# field set to "server".  The build-key-server 
101.
# script in the easy-rsa folder will do this. 
102.
ns-cert-type server 
103.
 
104.
# If a tls-auth key is used on the server 
105.
# then every client must also have the key. 
106.
;tls-auth ta.key 1 
107.
 
108.
# Select a cryptographic cipher. 
109.
# If the cipher option is used on the server 
110.
# then you must also specify it here. 
111.
;cipher x 
112.
 
113.
# Enable compression on the VPN link. 
114.
# Don't enable this unless it is also 
115.
# enabled in the server config file. 
116.
comp-lzo 
117.
 
118.
# Set log file verbosity. 
119.
verb 3 
120.
 
121.
# Silence repeating messages 
122.
;mute 20 
123.
 
Mitglied: aqui
13.09.2012, aktualisiert um 12:57 Uhr
Erstmal sollte der Server natürlich selber eine Internet Verbindung haben. Bedenke das der VPN Client mit einer 10.8.0er RFC 1918 IP Adresse ankommt, du musst also irgendwo noch NAT machen, denn die 10er IP darfast du so nicht ins Internet routen (private IP).
Leider schreibst du nichst zur Anbindung des Servers selber... NAT ist also essentiell hier !
Ferner musst du dem VPN Server sagen das er sich bzw. den Tunnel beim Aufbau als Default Gateway propagieren soll, denn du willst ja über deinen VPN Server Internet Zugriff haben so wie das in der Beschreibung klingt. Folgllich darf also nicht mehr der lokale LAN Anschluss das Gateway haben sondern der VPN Tunnel.
Ein push "redirect-gateway def1" fehlt aber in deiner Server Konfig !!
Siehe auch hier bzw. OVPN Doku:
http://controlc.de/2010/12/15/debian-openvpn-server-als-standard-gatewa ...
Genau DAS hast du aber in der Konfig nicht gemacht !
2 Unbekannte also die du prüfen solltest !!
Ggf. hilft das hier noch als allgemeine Richtschnur:
http://www.administrator.de/contentid/123285
Bitte warten ..
Neuester Wissensbeitrag
Internet

Unbemerkt - Telekom Netzumschaltung! - BNG - Broadband Network Gateway

(3)

Erfahrungsbericht von ashnod zum Thema Internet ...

Ähnliche Inhalte
Router & Routing
gelöst OpenVPN Server - Kein Zugriff auf Server LAN (2)

Frage von PeterH96 zum Thema Router & Routing ...

Netzwerkgrundlagen
OpenVPN-Server über br0 ins Netzwerk routen klappt nicht (7)

Frage von Aileron zum Thema Netzwerkgrundlagen ...

Router & Routing
Routing Windows OpenVPN Server mit Teltonika RUT500 als Client (1)

Frage von ahenngee zum Thema Router & Routing ...

Heiß diskutierte Inhalte
Windows Server
Outlook Verbindungsversuch mit Exchange (15)

Frage von xbast1x zum Thema Windows Server ...

Grafikkarten & Monitore
Tonprobleme bei Fernseher mit angeschlossenem Laptop über HDMI (11)

Frage von Y3shix zum Thema Grafikkarten & Monitore ...

Microsoft Office
Keine Updates für Office 2016 (11)

Frage von Motte990 zum Thema Microsoft Office ...