OpenVPN + Squid (transparant) not working?



  • Hello,

    After reading a lot of howto's, doc's and some messages on the forum I now have 'some sort of' VPN connection to my home-lan from anywhere.

    Basic setup (using the Alix board).

    WAN : This is where my ISP's connection enters my home.
    LAN  : (Local Address : 192.168.1.10) 192.168.1.0/24 Running DHCP in 192.168.1.100 - 192.168.1.254

    OpenVPN server config:

    writepid /var/run/openvpn_server0.pid
    #user nobody
    #group nobody
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    dev tun
    proto udp
    cipher BF-CBC
    up /etc/rc.filter_configure
    down /etc/rc.filter_configure
    server 192.168.200.0 255.255.255.0
    client-config-dir /var/etc/openvpn_csc
    push "route 192.168.1.0 255.255.255.0"
    lport 1194
    push "dhcp-option DOMAIN localdomain"
    push "dhcp-option DNS 192.168.1.10"
    push "dhcp-option WINS 192.168.1.10"
    push "redirect-gateway def1"
    ca /var/etc/openvpn_server0.ca
    cert /var/etc/openvpn_server0.cert
    key /var/etc/openvpn_server0.key
    dh /var/etc/openvpn_server0.dh
    comp-lzo
    persist-remote-ip
    float
    management 127.0.0.1 1194
    

    OpenVPN client config:

    remote my.dns.entry 1194 udp
    pull
    tls-client
    ns-cert-type server
    ca ca.crt
    ping 10
    redirect-gateway def1
    dev tun
    cert cert.crt
    comp-lzo yes
    nobind
    key key.key
    dhcp-option DNS 192.168.1.10
    --float
    verb 5
    

    Firewall config:

    • Opened up the 1194 port on the WAN device
    • Allow any proto from 192.168.200.0/24 to anywhere on LAN device
    • Allow any proto from anywhere to 192.168.200.0/24
    • Using AON, having the autogenerated rule for VPN net there (if=LAN, source=192.168.200.0/24 all * then NO for static)
    • Did NOT enable the "Disable all auto-added VPN rules"

    Squid + squidguard config:

    • Out of the box config (squid bound to LAN)
    • Added my own blocklists
    • Added 192.168.200.0/24 as allowed subnet
    • Added http_port 192.168.1.10:3129 transparent so squid will run on that instead of 127.0.0.0

    From within the LAN all is working as intended. HTTP goes nicely through squid, blocklists are honored.

    However outside the LAN starting up the OpenVPN connection works just fine.
    I can access my entire LAN.

    I do however want to use my LAN's internet from my VPN client side. This fails to work!! ;(

    I get no response, see some traffic in my state-tables like below : (obfuscated my wan ip for obvious reasons)

    192.168.200.6:54126 -> xx.xx.xxx.xx:14315 -> 74.125.77.125:443
    
    

    Any tips?



  • Well,

    After some more reading, and then some T&E activities it now works. However I changed a lot of the settings, so will try and figure out soon on what the fixing settings were…

    Will update here once I got that all sorted.



  • Wizardofzos,

    I am curious on what all of your settings are to tunnel over your OpenVPN connection. I have a very similar setup and cannot figure out how to get it working.



  • What eventually fixed it for me was swapping the openVPN protocol from UDP to TCP. Up to this day this still makes NO sense to me whatsoever as it all worked though UDP as long as I did't leave the LAN. Accessing remote websites as an openVPN client jsut didnt work using the UDP protocol.

    I made a small post on my blog explaining the steps I took to get it working. URL : http://henri.kuipersite.nl/2011/02/25/the-alix-project-part-2/

    I hope this will give you enough info to get it working for you too. If not (or if it does) let me know via a reply here and/or a little note at the blog :)

    Happy VPNing


Log in to reply