DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Question

VPN Trouble - Unable to connect to internet via VPN

  • Posted on July 8, 2014
  • mrkgggAsked by mrkggg

Hello:

I currently am running centos 6 and I followed the instructions found here (https://www.digitalocean.com/community/tutorials/how-to-setup-your-own-vpn-with-pptp ) To install a vpn on my droplet. I am able to connect to the vpn using PTPP however, when I am connected I am not able to connect to the outside internet?

If anyone knows of any quick fixes that would be wonderful or if you wouldn’t mind taking a look at my box that would also be helpful feel free to email me at markg@codebluehost.com to contact me.

Thanks again so much! Mark :)

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Sign up now

mrkgggJuly 31, 2014

Thanks so much that worked!

mrkgggJuly 26, 2014

Hmm, unfortunately I am still having no luck after inputting those commands. Here is my full iptables file:

# Generated by iptables-save v1.4.7 on Mon Jun 23 17:55:04 2014
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]

#Logging Network Traffic

:accept-n-log - [0:0]
:drop-n-log - [0:0]
-A accept-n-log -j LOG --log-prefix "accept-n-log:"
-A accept-n-log -j ACCEPT
-A drop-n-log -j LOG --log-prefix "drop-n-log:"
-A drop-n-log -j DROP

#SSH Logging and Brute Force Protection

-A INPUT -p tcp -m tcp --dport 1025 -m state --state NEW -m recent --set --name ssh --rsource
-A INPUT -p tcp -m tcp --dport 1025 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT

#Mumble Server

-A INPUT -p udp -m udp --dport 64738 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 64738 -j ACCEPT

#DOS protection on port 80

-A INPUT -p tcp -m tcp --dport 80 -m limit --limit 25/min --limit-burst 100 -j ACCEPT

# Port 80 Outgoing Connections - Yum and other services

-A OUTPUT -p tcp -m tcp -m state --state NEW --dport 80 -j ACCEPT

# SSH Port

-A INPUT -p tcp -m tcp --dport 1025 -j ACCEPT

# Web Port (http and https)
-A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

-A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT

#Internal -> External Allowed and all requests from server

-A OUTPUT -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

#Established and Related Connections

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#VPN Port
-I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT
-I INPUT -p gre -j ACCEPT
-I FORWARD -p tcp --tcp-flags SYN,RST SYN -s 10.0.1.0/24 -j TCPMSS  --clamp-mss-to-pmtu
COMMIT
# Completed on Mon Jun 23 17:55:04 2014

This is the log after I input the file as well as restarted iptables.

Thanks again for your help I really appreciate it so much!

Mark

mrkgggJuly 22, 2014

Sure:

Generated by iptables-save v1.4.7 on Tue Jul 22 17:35:06 2014

*filter :INPUT DROP [558:34182] :FORWARD DROP [381:22925] :OUTPUT DROP [0:0] :accept-n-log - [0:0] :drop-n-log - [0:0] -A INPUT -p gre -j ACCEPT -A INPUT -p tcp -m tcp --dport 1723 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 1025 -m state --state NEW -m recent --set --name ssh --rsource -A INPUT -p tcp -m tcp --dport 1025 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT -A INPUT -p udp -m udp --dport 64738 -j ACCEPT -A INPUT -p tcp -m tcp --dport 64738 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -m limit --limit 25/min --limit-burst 100 -j ACCEPT -A INPUT -p tcp -m tcp --dport 1025 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 10.0.1.0/24 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A accept-n-log -j LOG --log-prefix “accept-n-log:” -A accept-n-log -j ACCEPT -A drop-n-log -j LOG --log-prefix “drop-n-log:” -A drop-n-log -j DROP COMMIT

Completed on Tue Jul 22 17:35:06 2014

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up