VPN Zeroshell with Linux machine with Amazon EC2

Forums Network Management VPN VPN Zeroshell with Linux machine with Amazon EC2

  • This topic is empty.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • #44004

    Hi guys,
    I’m trying to configure a VPN with Zeroshell as server and a virtual machine EC2 as client.

    This is the basic schema with the IP:

    I choose to use the certification authentication and this is the server config:

    And this is the client config file:

    user nobody
    group nobody
    remote 1195
    proto tcp
    ifconfig #
    ca /etc/openvpn/cert/zs1_ca.pem
    cert /etc/openvpn/cert/zs1.pem
    key /etc/openvpn/cert/zs1.pem
    verb 3
    mute 20
    resolv-retry infinite
    dev tap
    keepalive 1 3
    status /etc/openvpn/status/zs1-status.log
    log-append /var/log/openvpn.log

    The authentication works,i’m able to ping from amazon EC2 and either VPN server can ping each other and I can ping my local machines from VPN EC2 instance but I cannot reach amazons machine from my zeroshell and I cannot ping my local machines from other amazon machine, seems that only the VPN client works.

    I’m sure is a basic routing/forwarding problems and even if I enabled forwarding on LInux machine as follow do not works:

    I set net.ipv4.ip_forward=1 on /etc/sysctl.conf and /proc/sys/net/ipv4/ip_forward to 1

    I set up all route to access my local class to VPN client and I set up the same route for the other amazon internal machine with gateway the IP of amazon VPN instance.

    For my test all firewall are off.

    This is the process line on zeroshell server:

    What I miss?
    Many thanks for your help


    I initially posted on Italian forum here (http://www.zeroshell.net/forum/viewtopic.php?p=18921#18921) where REDFIVE posted this answer:

    Mmm … this is the italian forum… anyway, if Zs 1 is the default gateway for the network , and aws ec2 is the the default gateway for the network , add, , on ZS1 a static route , via (but be aware, this is actually a pubblic ip address used as inner ip address of the tunnel) and on aws ec2 , via…. should work, ….if I haven’t missed something…


    I did it, this is the routing table of Zeroshell

    Destination Netmask Type Metric Gateway Interface Flags State Source
    DEFAULT GATEWAY Net 0 ETH02 UG Up Auto Net 0 VPN00 UG Up Static Net 0 none ETH03 U Up Auto Net 0 none ETH00 U Up Auto Net 0 none ETH02 U Up Auto Net 0 none ETH01 U Up Auto Net 0 none VPN00 U Up Auto

    And this is the Linux machine

    Destination Gateway Genmask Flags Metric Ref Use Iface UG 0 0 0 eth0 U 0 0 0 eth0 UH 0 0 0 eth0 UG 0 0 0 tap0 U 0 0 0 tap0

    Any ideas?


    Isn’t so clear, at least for me, btw…in the first drawing there isn’t any public ip address declared, but looking at the second one, seems that the Zs is connected to the remote machine, on the public ip address, for the vpn….and , based on the ZS’s routing table, seems that its def-gw is , on ETH02 ( but isn’t this the ip address of the VPN00 interface ?) , while on the second machine, I can’t see any default gw…
    So , ..could you explain, how exactly is the network topology ?
    Remove the lines –route-gateway xxx and –push-route xxx in Parameters , if you have declared the routes as static routes in the routing table, you don’t need these lines.


    Hi redfive,

    yes sorry I forgot to mention the public ip addresses but I only mentioned the private ip, of course there are public ip as well so you can consider that the tunnel work.

    Anyway I manage to solve it and I describe the process on my website, this is the post:


    How can I set the title as SOLVED ?


Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.