Thanks - I will swap those around for the moment and try some things.
For reference, in case there are any obvious problems, my ifconfig,
route, iptbales, and openvpn.coinf are here:
[B]IFCONFIG:[/B]
[root@vps8259 ~]# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:319 errors:0 dropped:0 overruns:0 frame:0
TX packets:319 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:39513 (38.5 KiB) TX bytes:39513 (38.5 KiB)
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.0.1 P-t-P:172.16.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1460 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
tun1 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
venet0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0
Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:147594 errors:0 dropped:0 overruns:0 frame:0
TX packets:148686 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:89417786 (85.2 MiB) TX bytes:82468044 (78.6 MiB)
venet0:0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.xxx.xx.xx P-t-P:192.xxx.xx.xx
Bcast:192.xxx.xx.xx Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
[B]OPENVPN.CONF[/B] (I have a udp service also but one thing at a time)
port 1194
proto tcp
dev tun
;crl-verify /etc/openvpn/easy-rsa/crl.pem
client-config-dir /etc/openvpn/ccd
ca /etc/openvpn/easy-rsa/ca.crt
cert /etc/openvpn/easy-rsa/ovpnsrv1.crt
key /etc/openvpn/easy-rsa/ovpnsrv1.key
dh /etc/openvpn/easy-rsa/dh1024.pem
server 172.16.0.0 255.255.255.0
push "redirect-gateway"
push "dhcp-option DNS 213.171.192.249"
push "dhcp-option DNS 213.171.192.245"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group users
tun-mtu 1460
persist-key
persist-tun
status openvpn-status.log
verb 3
;duplicate-cn # (this means several users can use the same key)
log /var/log/openvpn.log
[B]IPTABLES[/B]
# Generated by iptables-save v1.3.5 on Fri Sep 16 04:59:49 2011
*mangle
:PREROUTING ACCEPT [19588:10233482]
:INPUT ACCEPT [19588:10233482]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [18858:10334564]
#-A POSTROUTING -s 10.8.0.0/255.255.255.0 -o venet0 -j SNAT --to-source
192.xxx.xx.xx
#-A POSTROUTING -s 172.16.0.0/255.255.255.0 -o venet0 -j SNAT
--to-source 192.xxx.xx.xx
:POSTROUTING ACCEPT [18858:10334564]
COMMIT
# Completed on Fri Sep 16 04:59:49 2011
# Generated by iptables-save v1.3.5 on Fri Sep 16 04:59:49 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [18851:10333352]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 20 -m state --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -m state --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -m state --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 123 -m state --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8002 -m state --state NEW
-j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 9001 -m state --state NEW
-j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8080 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1935 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Sep 16 04:59:49 2011
# Generated by iptables-save v1.3.5 on Fri Sep 16 04:59:49 2011
*nat
:PREROUTING ACCEPT [1234:59200]
:POSTROUTING ACCEPT [338:21268]
:OUTPUT ACCEPT [338:21268]
COMMIT
# Completed on Fri Sep 16 04:59:49 2011
[B]ROUTE[/B]
[root@vps8259 openvpn]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
172.16.0.2 * 255.255.255.255 UH 0 0 0 tun0
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun1
172.16.0.0 172.16.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun1
192.0.2.0 * 255.255.255.0 U 0 0 0
venet0
169.254.0.0 * 255.255.0.0 U 0 0 0
venet0
default 192.0.2.1 0.0.0.0 UG 0 0 0
venet0
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
