OpenVPN howto forgets to mention net.ipv4.ip_forward = 1
Bug #1354657 reported by
brjhaverkamp
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu Server Guide |
Fix Released
|
Undecided
|
Ian Nicholson | ||
Bug Description
I followed the official ubuntu howto to install an openvpn
https:/
The guide is very good and helped me to set everything up correctly.
However after finishing, I was not able to ping to other servers in my LAN or to connect to the internet.
After long searching in other manuals I found that I needed to
sysctl -w net.ipv4.ip_forward = 1
After that all worked like a charm.
This small step seems to be missing from the official ubuntu howto.
Kind regards,
Bert
Related branches
lp:~imnichol/serverguide/openvpn
- Doug Smythies: Approve
-
Diff: 23 lines (+13/-0)1 file modifiedserverguide/C/vpn.xml (+13/-0)
Revision history for this message
| xtsbdu3reyrbrmroezob (xtsbdu3reyrbrmroezob) wrote | #1 |
Revision history for this message
| xtsbdu3reyrbrmroezob (xtsbdu3reyrbrmroezob) wrote | #2 |
| Changed in serverguide: | |
| status: | New → Confirmed |
| Changed in serverguide: | |
| assignee: | nobody → Ian Nicholson (imnichol) |
| Changed in serverguide: | |
| status: | Confirmed → Fix Committed |
Revision history for this message
| xtsbdu3reyrbrmroezob (xtsbdu3reyrbrmroezob) wrote Re: [Bug 1354657] Re: OpenVPN howto forgets to mention net.ipv4.ip_forward = 1 | #3 |
| Changed in serverguide: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
This is also something I noticed that failed to be mentioned. The documentation should be updated to include that bit of information. Some detailed info that could be included into the next release of the server guide should be per below:
http://
"""
By default any modern Linux distributions will have IP Forwarding disabled. This is normally a good idea, as most peoples will not need IP Forwarding, but if we are setting up a Linux router/gateway or maybe a VPN server (pptp or ipsec) or just a plain dial-in server then we will need to enable forwarding. This can be done in several ways that I will present bellow.
Check if IP Forwarding is enabled
We have to query the sysctl kernel value net.ipv4.ip_forward to see if forwarding is enabled or not: Using sysctl:
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
or just checking out the value in the /proc system:
cat /proc/sys/
0
As we can see in both the above examples this was disabled (as show by the value 0).
Enable IP Forwarding on the fly
As with any sysctl kernel parameters we can change the value of net.ipv4.ip_forward on the fly (without rebooting the system):
sysctl -w net.ipv4.
or
echo 1 > /proc/sys/
the setting is changed instantly; the result will not be preserved after rebooting the system.
Permanent setting using /etc/sysctl.conf
If we want to make this configuration permanent the best way to do it is using the file /etc/sysctl.conf where we can add a line containing net.ipv4.ip_forward = 1
/etc/sysctl.conf:
net.ipv4.ip_forward = 1
if you already have an entry net.ipv4.ip_forward with the value 0 you can change that 1.
To enable the changes made in sysctl.conf you will need to run the command:
sysctl -p /etc/sysctl.conf
On RedHat based systems this is also enabled when restarting the network service:
service network restart
and on Debian/Ubuntu systems this can be also done restarting the procps service:
/etc/init.
"""