OpenVPN + Squid (transparant) not working?
-
Hello,
After reading a lot of howto's, doc's and some messages on the forum I now have 'some sort of' VPN connection to my home-lan from anywhere.
Basic setup (using the Alix board).
WAN : This is where my ISP's connection enters my home.
LAN : (Local Address : 192.168.1.10) 192.168.1.0/24 Running DHCP in 192.168.1.100 - 192.168.1.254OpenVPN server config:
writepid /var/run/openvpn_server0.pid #user nobody #group nobody daemon keepalive 10 60 ping-timer-rem persist-tun persist-key dev tun proto udp cipher BF-CBC up /etc/rc.filter_configure down /etc/rc.filter_configure server 192.168.200.0 255.255.255.0 client-config-dir /var/etc/openvpn_csc push "route 192.168.1.0 255.255.255.0" lport 1194 push "dhcp-option DOMAIN localdomain" push "dhcp-option DNS 192.168.1.10" push "dhcp-option WINS 192.168.1.10" push "redirect-gateway def1" ca /var/etc/openvpn_server0.ca cert /var/etc/openvpn_server0.cert key /var/etc/openvpn_server0.key dh /var/etc/openvpn_server0.dh comp-lzo persist-remote-ip float management 127.0.0.1 1194
OpenVPN client config:
remote my.dns.entry 1194 udp pull tls-client ns-cert-type server ca ca.crt ping 10 redirect-gateway def1 dev tun cert cert.crt comp-lzo yes nobind key key.key dhcp-option DNS 192.168.1.10 --float verb 5
Firewall config:
- Opened up the 1194 port on the WAN device
- Allow any proto from 192.168.200.0/24 to anywhere on LAN device
- Allow any proto from anywhere to 192.168.200.0/24
- Using AON, having the autogenerated rule for VPN net there (if=LAN, source=192.168.200.0/24 all * then NO for static)
- Did NOT enable the "Disable all auto-added VPN rules"
Squid + squidguard config:
- Out of the box config (squid bound to LAN)
- Added my own blocklists
- Added 192.168.200.0/24 as allowed subnet
- Added http_port 192.168.1.10:3129 transparent so squid will run on that instead of 127.0.0.0
From within the LAN all is working as intended. HTTP goes nicely through squid, blocklists are honored.
However outside the LAN starting up the OpenVPN connection works just fine.
I can access my entire LAN.I do however want to use my LAN's internet from my VPN client side. This fails to work!! ;(
I get no response, see some traffic in my state-tables like below : (obfuscated my wan ip for obvious reasons)
192.168.200.6:54126 -> xx.xx.xxx.xx:14315 -> 74.125.77.125:443
Any tips?
-
Well,
After some more reading, and then some T&E activities it now works. However I changed a lot of the settings, so will try and figure out soon on what the fixing settings were…
Will update here once I got that all sorted.
-
Wizardofzos,
I am curious on what all of your settings are to tunnel over your OpenVPN connection. I have a very similar setup and cannot figure out how to get it working.
-
What eventually fixed it for me was swapping the openVPN protocol from UDP to TCP. Up to this day this still makes NO sense to me whatsoever as it all worked though UDP as long as I did't leave the LAN. Accessing remote websites as an openVPN client jsut didnt work using the UDP protocol.
I made a small post on my blog explaining the steps I took to get it working. URL : http://henri.kuipersite.nl/2011/02/25/the-alix-project-part-2/
I hope this will give you enough info to get it working for you too. If not (or if it does) let me know via a reply here and/or a little note at the blog :)
Happy VPNing