Sample Header Ad - 728x90

Help configuring firewall/routing for ocserv on ubunte

0 votes
0 answers
45 views
routing firewall openconnect
I can't set up internet access via OpenConnect. From the router where the openconnect client is running, i see only VPS with OCServ 
root@OpenWrt:~# traceroute  google.com
traceroute to google.com (74.125.131.113), 30 hops max, 46 byte packets
 1  192.168.2.1 (192.168.2.1)  44.188 ms  44.073 ms  43.962 ms
 2  192.168.0.1 (192.168.0.1)  46.479 ms  46.353 ms  70.473 ms
 3 * * *
But the ping looks good 
root@OpenWrt:~# ping google.com
PING google.com (74.125.131.100): 56 data bytes
64 bytes from 74.125.131.100: seq=0 ttl=60 time=75.226 ms
64 bytes from 74.125.131.100: seq=1 ttl=60 time=74.967 ms
On a VPS with OCServ I: * change /etc/ufw/before.rules 
-A ufw-before-forward -s 192.168.2.0/24 -j ACCEPT
-A ufw-before-forward -d 192.168.2.0/24 -j ACCEPT
-A ufw-before-forward -s 192.168.3.0/24 -j ACCEPT
-A ufw-before-forward -d 192.168.3.0/24 -j ACCEPT
...
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE
* change /etc/default/ufw 
DEFAULT_OUTPUT_POLICY="ACCEPT"
* change /etc/sysctl.conf 
net.ipv4.ip_forward = 1
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
* Next interfaces exists on VPS 
~# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
...
2: eth0:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 54:52:00:51:a6:2f brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    altname ens3
    inet 192.168.0.4/24 metric 100 brd 192.168.0.255 scope global dynamic eth0
       valid_lft 68037sec preferred_lft 68037sec
    inet6 fe80::5652:ff:fe51:a62f/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0:  mtu 1500 qdisc noqueue state DOWN group default 
...
5: vpns0:  mtu 1434 qdisc fq state UNKNOWN group default qlen 500
    link/none 
    inet 192.168.2.1 peer 192.168.2.91/32 scope global vpns0
       valid_lft forever preferred_lft forever
    inet6 fe80::937e:4e59:590c:5bc6/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
Typology of my network: * home (192.168.3.0/24) --- wifi/twisted_pair --- * OpenWRT (asus rt-ax53u) (192.168.3.0/24) OpenConnect Client (192.168.2.0/24) --- Russian ISP Blocking YouTube --- * OCServ 1.3.0 (192.168.2.0/24) VPS (192.168.0.4/24)
Asked by SkyN (109 rep)
Sep 29, 2024, 01:39 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "routing"
More questions tagged "firewall"
More questions tagged "openconnect"
Footer Ad - 728x90