Nicholas Dean's picture

Some extra steps are needed to complete this setup, so it seems

1. Increase cert validity length 

(https://www.turnkeylinux.org/forum/support/sun-20190106-0448/cannot-conn...)

2. Change route table to include internet and not just lan

(https://forums.openvpn.net/viewtopic.php?t=23685)

(https://serverfault.com/questions/307059/openvpn-server-running-on-openv...)

3. Then add clients

(https://github.com/turnkeylinux-apps/openvpn/blob/master/docs/gateway.rst)

My main question is, in this excerpt (step 2)

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING  -s 10.8.0.0/24 -o venet0 -j SNAT --to-source 1.2.3.4

venth0 should be tun0? or eth0? And also obviously update the ips to reflect the respected ones. Am I on the right track here or am I looking to far into connectivity issues?

Forum: 
Nicholas Dean's picture

Lucky me right? so as the title suggests AT&T and T-Mobile both block standard Turnkey OpenVPN OOTB. Does anyone have any luck setting up SSL along side with this turnkey setup? Curious becuase two tech giants in the US block this and it would be very helpful to learn how to get around this. It seems i need to set it up with AWS first then do the Turnkey setup but the way things are at the moment that doesnt seem possible. Please help!

Jeremy Davis's picture

Thanks heaps for posting that info and the additional links too. When I get a chance, I will spend a bit more time on this and see if I can improve the user experience. My suspicion is that there is some "curse of knowledge" going on here... (i.e. something that I have done, which I take for granted and haven't mentioned and isn't explicitly documented).

As I have noted elsewhere, my testing has been done mostly on the "gateway" mode and always from an Android device (using the "official" OpenVPN app), although I have also done some occasional testing via the desktop app as well. TBH, I have never had any issues and it's always "just worked" for me OOTB. But perhaps my ISP is a bit more lenient with regards to which ports are allowed by default?

Another issue which I recall other users have hit (but I've never been able to reproduce) WRT accessing internet via OpenVPN is DNS issues. I recall some time ago, there were a few users who found that if they reconfigured their DNS settings then magically internet via OpenVPN starting working. The easy way to test that is to browse to a site that supports access via IP address as well as via domain name. If the IP address works, but not the domain name, then it's a DNS issue.

Add new comment