I've had VPN setup on my OS X Server forever, but I've only used it for remote access to manage the server itself, never as a pass through to the internet at large. It occurred to me that when I travel it might be useful to have my communications routed through my server, so I've tried setting it up to do so and I'm not able to get it to work.
-
I've switched on "route all communications through VPN" in the client
settings. -
I don't have any routes defined in the VPN settings of Server.
-
My server acts as a DNS server already so my VPN settings point to it
as the first DNS server. -
I have a public DNS server listed as the second.
When I connect to the VPN and try to get to a web page, no luck– Safari just times out.
I can "host google.com" successfully from the terminal and if I use an IP address in the Safari location bar, I still can't connect. So I don't think the problem is DNS.
I can get to the web when logged in locally to the server, so I think the port is open.
I had experimented with IceFloor a few years ago, but have since removed it– I'm not entirely sure where to look for remnants of it but I don't see any files for it floating around and I don't see pf in the process list.
Any other ideas?
Best Answer
I think we could use some more detail about your VPN, I'm guessing it's openvpn?
From memory you should allow 'route all comms' in the server settings and create a default route from your vpn-client subnet to the server's gateway or exit nic. You'll also want to make sure firewall settings allow traffic between the IPs & ports you want.
Finally, check what can ping what else to determine the point of the problem. Check if your client can ping the server's internal VPN IP address, its external interface while traffic is routed through the VPN, then its default gateway. If that doesn't highlight the problem and you can ping the external gateway while traffic is routed through the vpn (use traceroute to confirm the path) check if the server can actually reach the external hosts you're attempting to connect to.