I've set up openvpn using tun. I can ping both ways between client & server. But I can't ping from the client to 8.8.4.4 (as a test).
I've added nat with:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
But things don't appear to route from the tun0 interface to eth0.
tcpdump on tun0 shows that packets are coming in (in this case ping to 8.8.4.4 as a test):
12:21:55.956564 IP 10.8.0.10 > google-public-dns-b.google.com: ICMP echo request, id 512, seq 17153, length 40
But tcpdump on eth0 doesn't show anything other than my ssh traffic.
I have a ping looping from the vpn client, and I see that in my tcpdump on tun0, but I don't see anything "google" in my tcpdump on eth0.
Any thoughts? I can run this ping fine from the openvpn host. iptables are empty except for the MASQUERADE action, with defaults to accept.
Aha, it was step #1 in this guide on configuring linux as a router... turn on IP Forwarding.
http://www.cyberciti.biz/tips/linux-as-router-for-dsl-t1-line-etc.html
Iptables -A FORWARD -j ACCEPT?
Why
-j MASQUERADE@-o eth0if you're talking bout I've set up openvpn using tun?You need to verify you've got: routing (forwarding, actually) enabled (sysctl), routing is properly set-up (needed routes are installed), NAT is properly set-up if it's needed.