PiVPN Not Setting Internet Traffic Forwarding (With Temporary Fix)

General Discussion
1

Just thought I’d report this here in case anyone else falls over it.

Been rebuilding my VPN box (Pi2 with DietPi, Wireguard, PiVPN [for OpenVPN] and a few bits like Fail2Ban and RPI Monitor) and came across the problem with the OpenVPN server. It sets up fine and devices can connect to it via profiles produced by it, but those devices cannot connect further (intranet or internet).

Turns out that by default PiVPN isn’t setting the traffic forwarding flag, and so nothing is getting out of the server.

There are two ways to fix this, neither being particularly complicated.

  1. At the command line enter:
pivpn -d

That will run PiVPN in diagnostic mode, where it will find the issue and offer a yes/no to fix it (obviously put “y”).

  1. You can also manually set the flag up by doing:
echo 1 > /proc/sys/net/ipv4/ip_forward

After doing either of those, it works fine. Just thought I’d share anyway - indeed it would be better if this was set automatically during install (or at least an option given to do so).

Edited to add - just had to reboot and it switched itself back off again? So this does need some fixing I think to work reliably out of the box and after rebooting…

2

To come back to this one for a moment, I looked into sysctl.conf and see the line

net.ipv4.ip_forward = 1

is correctly in there and uncommented, so in theory this should be set on reboot. However on my system the value is still resetting to zero at every reboot? So there’s something wrong here that’s flipping the setting back to the default 0 at reboot.

Currently I’ve set up script to set it back again, which is run at bootup via a systemd service. But it would be better I think if someone could look into why the sysctl.conf value is either not working or is getting overwritten again.