Openvpn file check Linux packet capture command

D: Enable forwarding on the server
Make a NAT, but note that eth0 must be an interface that can be used to access the Internet. Otherwise, data cannot be sent out. If the bot is a single interface, you don't have to worry about it.
[Root @ rh9 root] # iptables-T Nat-A postrouting-s 10.8.0.0/24-O eth0-J Masquerade
Check whether the forwarding is enabled.
[Root @ rh9 root] # sysctl-A | grep net. ipv4.ip _ forward
Net. ipv4.ip _ forward = 0
We open him.
[Root @ rh9 root] # sysctl-W net. ipv4.ip _ forward = 1

5. Diagnosis
Generally, a VPN has only three problems: whether the client's firewall, server's firewall, and forwarding switch are enabled. Therefore, we can find the problem by capturing packets on the server. This error can be found for both IPSec PPTP and PPTP.

A: capture all the packets at tun0 of the server to check whether the client> server is connected. If it is nonsense, it must be connected. Otherwise, how can the icon be green ....
[Root @ rh9 root] # tcpdump-n-I tun0
Tcpdump: listening on tun0


B: capture the target address package at the eth0 port of the server to check whether there is any forwarding problem.
[Root @ rh9 root] # tcpdump-n-I eth0 DST host baoz.net
Tcpdump: listening on eth0

C:
In this case, Telnet baoz.net.
C: \> Telnet baoz.net

We can see packages on both sides. If one side does not see the package, you can try it on your own. Check whether there are any mistakes along the way.
So far, we have been able to access the Internet through an encrypted proxy.

D: I hope you do not have 10 routes in your intranet. Some friends have encountered similar problems. If your intranet is 10, it is best to change 10.8.0.1 and 10.8.0.2 to 192.168.0.1 and 192.168.0.2 to avoid routing problems.