OpenVPN on OpenVZ with Ubuntu 16.04

Helmut Schneider jumper99 at gmx.de
Sun Jul 29 19:53:18 UTC 2018 

Hi,

I set up OpenVPN on Ubuntu 16.04. From the shell I can conect to all
services behind the VPN server:

helmut at h2786452:~$ sudo tcpdump -n -i tun0 port 25
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
21:44:17.180104 IP 10.0.124.18.32836 > 192.168.124.249.25: Flags [S],
seq 239848268, win 14600, options [mss 1460,sackOK,TS val 2150393196
ecr 0,nop,wscale 7], length 0
21:44:17.205351 IP 192.168.124.249.25 > 10.0.124.18.32836: Flags [S.],
seq 2923799854, ack 239848269, win 8192, options [mss 1288,nop,wscale
8,sackOK,TS val 100173603 ecr 2150393196], length 0
21:44:17.205401 IP 10.0.124.18.32836 > 192.168.124.249.25: Flags [.],
ack 1, win 115, options [nop,nop,TS val 2150393222 ecr 100173603],
length 0
[...]
helmut at h2786452:~$

My VM is running on OpenVZ with a public IP. Postfix is bound to that
public IP. When it tries to forward mails to my Postfix server is seems
to use the public IP:

21:48:53.945114 IP 81.169.210.199.45236 > 192.168.124.249.25: Flags
[S], seq 4069537415, win 14600, options [mss 1460,sackOK,TS val
2150669961 ecr 0,nop,wscale 7], length 0
21:48:54.944247 IP 81.169.210.199.45236 > 192.168.124.249.25: Flags
[S], seq 4069537415, win 14600, options [mss 1460,sackOK,TS val
2150670961 ecr 0,nop,wscale 7], length 0
21:48:56.944277 IP 81.169.210.199.45236 > 192.168.124.249.25: Flags
[S], seq 4069537415, win 14600, options [mss 1460,sackOK,TS val
2150672961 ecr 0,nop,wscale 7], length 0
21:49:00.944260 IP 81.169.210.199.45236 > 192.168.124.249.25: Flags
[S], seq 4069537415, win 14600, options [mss 1460,sackOK,TS val
2150676961 ecr 0,nop,wscale 7], length 0
21:49:08.944250 IP 81.169.210.199.45236 > 192.168.124.249.25: Flags
[S], seq 4069537415, win 14600, options [mss 1460,sackOK,TS val
2150684961 ecr 0,nop,wscale 7], length 0

The packages never reach my OpenVPN server and I'm not sure if is
related to OpenVPN or a NAT rule. How would a NAT rule (iptables) look
like? Or other ideas?

Thank you!

More information about the ubuntu-users mailing list