Amazon EC2 Ubuntu 12.04 - unable to route all traffic through OpenVPN [closed]

https://stackoverflow.com/questions/19161279

30-06-2022
|

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

We don’t allow questions about general computing hardware and software on Stack Overflow. You can edit the question so it’s on-topic for Stack Overflow.

Closed 5 years ago.

Improve this question

I'm trying to use OpenVPN on my remote Ubuntu 12.04 web server, but as soon as OpenVPN is running, I can't connect to the internet.

Befor starting OpenVPN, route says:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         ip-172-31-16-1. 0.0.0.0         UG    100    0        0 eth0
172.31.16.0     *               255.255.240.0   U     0      0        0 eth0

and after:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.200.4.1      128.0.0.0       UG    0      0        0 tun0
default         172.31.16.1     0.0.0.0         UG    100    0        0 eth0
10.200.4.0      *               255.255.252.0   U     0      0        0 tun0
128.0.0.0       10.200.4.1      128.0.0.0       UG    0      0        0 tun0
172.31.16.0     *               255.255.240.0   U     0      0        0 eth0
184.170.137.2   172.31.16.1     255.255.255.255 UGH   0      0        0 eth0

184.170.137.2 is the VPN. The OpenVPN HOWTO suggests to use

iptables -t nat -A POSTROUTING -s 10.200.4.0/22 -o eth0 -j MASQUERADE

which throws

sudo: unable to resolve host ip-172-31-26-178

(172.31.26.178 is the internal IP).

If I do the following, I can use the VPN for a single website:

route add -net {website ip} netmask 255.255.255.255 gw 10.200.4.1 dev tun0
route del -net 0.0.0.0 netmask 128.0.0.0 dev tun0
route del -net 128.0.0.0 netmask 128.0.0.0 dev tun0

How can I change this to work for the whole web? Help is greatly appreciated.

Solution

Here is what the problem was. Connection to hidemyass is done by hma-vpn.sh script, you have to change

#!/bin/sh
cat <<EOEO >> /tmp/hma-ipcheck.txt
 *******************************************
* *
* You are now connected to HMA Pro! VPN *
* *
 *******************************************

Checking new IP address...
EOEO
nohup /tmp/hma-ipcheck.sh >/dev/null 2>&1 >
rm /tmp/hma-routeup.sh
EOF

#!/bin/sh
cat <<EOEO >> /tmp/hma-ipcheck.txt
 *******************************************
* *
* You are now connected to HMA Pro! VPN *
* *
 *******************************************

Checking new IP address...
EOEO
vpn_gw=\$(ip route | grep tun0 | grep 0.0.0.0 | cut -d" " -f3)
route del -net 0.0.0.0 gw {your-original-default-gateway}
route del -net 0.0.0.0 gw \$vpn_gw
route del -net 0.0.0.0 netmask 128.0.0.0 gw \$vpn_gw
route del -net 128.0.0.0 netmask 128.0.0.0 gw \$vpn_gw
route add default gw \$vpn_gw
echo "nameserver 208.67.222.222">/etc/resolv.conf
nohup /tmp/hma-ipcheck.sh >/dev/null 2>&1 >
rm /tmp/hma-routeup.sh
EOF`enter code here`

This will change your default gateway to be the vpn server. You can skip echo "nameserver 208.67.222.222">/etc/resolv.conf if your dns are accessible through the vpn

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow