OpenVPN + Squid (transparant) not working?

wizardofzos

Hello,

After reading a lot of howto's, doc's and some messages on the forum I now have 'some sort of' VPN connection to my home-lan from anywhere.

Basic setup (using the Alix board).

WAN : This is where my ISP's connection enters my home.
LAN  : (Local Address : 192.168.1.10) 192.168.1.0/24 Running DHCP in 192.168.1.100 - 192.168.1.254

OpenVPN server config:

writepid /var/run/openvpn_server0.pid
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto udp
cipher BF-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
server 192.168.200.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
push "route 192.168.1.0 255.255.255.0"
lport 1194
push "dhcp-option DOMAIN localdomain"
push "dhcp-option DNS 192.168.1.10"
push "dhcp-option WINS 192.168.1.10"
push "redirect-gateway def1"
ca /var/etc/openvpn_server0.ca
cert /var/etc/openvpn_server0.cert
key /var/etc/openvpn_server0.key
dh /var/etc/openvpn_server0.dh
comp-lzo
persist-remote-ip
float
management 127.0.0.1 1194

OpenVPN client config:

remote my.dns.entry 1194 udp
pull
tls-client
ns-cert-type server
ca ca.crt
ping 10
redirect-gateway def1
dev tun
cert cert.crt
comp-lzo yes
nobind
key key.key
dhcp-option DNS 192.168.1.10
--float
verb 5

Firewall config:

• Opened up the 1194 port on the WAN device
• Allow any proto from 192.168.200.0/24 to anywhere on LAN device
• Allow any proto from anywhere to 192.168.200.0/24
• Using AON, having the autogenerated rule for VPN net there (if=LAN, source=192.168.200.0/24 all * then NO for static)
• Did NOT enable the "Disable all auto-added VPN rules"

Squid + squidguard config:

• Out of the box config (squid bound to LAN)
• Added my own blocklists
• Added 192.168.200.0/24 as allowed subnet
• Added http_port 192.168.1.10:3129 transparent so squid will run on that instead of 127.0.0.0

From within the LAN all is working as intended. HTTP goes nicely through squid, blocklists are honored.

However outside the LAN starting up the OpenVPN connection works just fine.
I can access my entire LAN.

I do however want to use my LAN's internet from my VPN client side. This fails to work!! ;(

I get no response, see some traffic in my state-tables like below : (obfuscated my wan ip for obvious reasons)

192.168.200.6:54126 -> xx.xx.xxx.xx:14315 -> 74.125.77.125:443

Any tips?

wizardofzos

Well,

After some more reading, and then some T&E activities it now works. However I changed a lot of the settings, so will try and figure out soon on what the fixing settings were…

Will update here once I got that all sorted.

nutt318

Wizardofzos,

I am curious on what all of your settings are to tunnel over your OpenVPN connection. I have a very similar setup and cannot figure out how to get it working.

wizardofzos

What eventually fixed it for me was swapping the openVPN protocol from UDP to TCP. Up to this day this still makes NO sense to me whatsoever as it all worked though UDP as long as I did't leave the LAN. Accessing remote websites as an openVPN client jsut didnt work using the UDP protocol.

I made a small post on my blog explaining the steps I took to get it working. URL : http://henri.kuipersite.nl/2011/02/25/the-alix-project-part-2/

I hope this will give you enough info to get it working for you too. If not (or if it does) let me know via a reply here and/or a little note at the blog :)

Happy VPNing