Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN + Squid (transparant) not working?

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wizardofzos
      last edited by

      Hello,

      After reading a lot of howto's, doc's and some messages on the forum I now have 'some sort of' VPN connection to my home-lan from anywhere.

      Basic setup (using the Alix board).

      WAN : This is where my ISP's connection enters my home.
      LAN  : (Local Address : 192.168.1.10) 192.168.1.0/24 Running DHCP in 192.168.1.100 - 192.168.1.254

      OpenVPN server config:

      writepid /var/run/openvpn_server0.pid
      #user nobody
      #group nobody
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      dev tun
      proto udp
      cipher BF-CBC
      up /etc/rc.filter_configure
      down /etc/rc.filter_configure
      server 192.168.200.0 255.255.255.0
      client-config-dir /var/etc/openvpn_csc
      push "route 192.168.1.0 255.255.255.0"
      lport 1194
      push "dhcp-option DOMAIN localdomain"
      push "dhcp-option DNS 192.168.1.10"
      push "dhcp-option WINS 192.168.1.10"
      push "redirect-gateway def1"
      ca /var/etc/openvpn_server0.ca
      cert /var/etc/openvpn_server0.cert
      key /var/etc/openvpn_server0.key
      dh /var/etc/openvpn_server0.dh
      comp-lzo
      persist-remote-ip
      float
      management 127.0.0.1 1194
      

      OpenVPN client config:

      remote my.dns.entry 1194 udp
      pull
      tls-client
      ns-cert-type server
      ca ca.crt
      ping 10
      redirect-gateway def1
      dev tun
      cert cert.crt
      comp-lzo yes
      nobind
      key key.key
      dhcp-option DNS 192.168.1.10
      --float
      verb 5
      

      Firewall config:

      • Opened up the 1194 port on the WAN device
      • Allow any proto from 192.168.200.0/24 to anywhere on LAN device
      • Allow any proto from anywhere to 192.168.200.0/24
      • Using AON, having the autogenerated rule for VPN net there (if=LAN, source=192.168.200.0/24 all * then NO for static)
      • Did NOT enable the "Disable all auto-added VPN rules"

      Squid + squidguard config:

      • Out of the box config (squid bound to LAN)
      • Added my own blocklists
      • Added 192.168.200.0/24 as allowed subnet
      • Added http_port 192.168.1.10:3129 transparent so squid will run on that instead of 127.0.0.0

      From within the LAN all is working as intended. HTTP goes nicely through squid, blocklists are honored.

      However outside the LAN starting up the OpenVPN connection works just fine.
      I can access my entire LAN.

      I do however want to use my LAN's internet from my VPN client side. This fails to work!! ;(

      I get no response, see some traffic in my state-tables like below : (obfuscated my wan ip for obvious reasons)

      192.168.200.6:54126 -> xx.xx.xxx.xx:14315 -> 74.125.77.125:443
      
      

      Any tips?

      1 Reply Last reply Reply Quote 0
      • W
        wizardofzos
        last edited by

        Well,

        After some more reading, and then some T&E activities it now works. However I changed a lot of the settings, so will try and figure out soon on what the fixing settings were…

        Will update here once I got that all sorted.

        1 Reply Last reply Reply Quote 0
        • N
          nutt318
          last edited by

          Wizardofzos,

          I am curious on what all of your settings are to tunnel over your OpenVPN connection. I have a very similar setup and cannot figure out how to get it working.

          1 Reply Last reply Reply Quote 0
          • W
            wizardofzos
            last edited by

            What eventually fixed it for me was swapping the openVPN protocol from UDP to TCP. Up to this day this still makes NO sense to me whatsoever as it all worked though UDP as long as I did't leave the LAN. Accessing remote websites as an openVPN client jsut didnt work using the UDP protocol.

            I made a small post on my blog explaining the steps I took to get it working. URL : http://henri.kuipersite.nl/2011/02/25/the-alix-project-part-2/

            I hope this will give you enough info to get it working for you too. If not (or if it does) let me know via a reply here and/or a little note at the blog :)

            Happy VPNing

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.