VPNGate Can't reach the internet through the VPN

This forum is for general conversation and user-user networking.
BrotherOther
OpenVpn Newbie
Posts: 2
Joined: Wed Mar 15, 2017 8:58 am

VPNGate Can't reach the internet through the VPN

Postby BrotherOther » Wed Mar 15, 2017 9:41 am

Hello Everyone! I would love some help solving this issue. Yesterday the auto-update window opened in Linux mint 18.1. I upgraded all the listed packages except for the kernel. It also upgraded some of my installed software. I am not sure how to tell if OpenVPN was upgraded during that process.

I use http://www.vpngate.net/en/ to find free vpns from all over the world. I connect to vpn's using the terminal and I see that it says initialization sequence complete.

Code: Select all

daniel@Bubbles ~/vpnHoneyPot $ sudo openvpn $HOME/vpnHoneyPot/vpngate_182.169.188.49_udp_1970.conf
Mon Mar 13 21:38:38 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb  2 2016
Mon Mar 13 21:38:38 2017 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Mon Mar 13 21:38:38 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Mar 13 21:38:38 2017 WARNING: file '/home/daniel/vpntest/ovpndownloader/Honey/.vpngate_182.169.188.49_udp_1970/client.key' is group or others accessible
Mon Mar 13 21:38:38 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Mar 13 21:38:38 2017 UDPv4 link local: [undef]
Mon Mar 13 21:38:38 2017 UDPv4 link remote: [AF_INET]182.169.188.49:1970
Mon Mar 13 21:38:38 2017 TLS: Initial packet from [AF_INET]182.169.188.49:1970, sid=f911b0f3 eb742b51
Mon Mar 13 21:38:38 2017 VERIFY OK: depth=0, CN=sozzv2331tgr.org, O=y7juxb70w 2x40e, C=US
Mon Mar 13 21:38:39 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Mon Mar 13 21:38:39 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 13 21:38:39 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Mon Mar 13 21:38:39 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 13 21:38:39 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Mar 13 21:38:39 2017 [sozzv2331tgr.org] Peer Connection Initiated with [AF_INET]182.169.188.49:1970
Mon Mar 13 21:38:41 2017 SENT CONTROL [sozzv2331tgr.org]: 'PUSH_REQUEST' (status=1)
Mon Mar 13 21:38:41 2017 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.5 10.211.1.6,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.6,redirect-gateway def1'
Mon Mar 13 21:38:41 2017 OPTIONS IMPORT: timers and/or timeouts modified
Mon Mar 13 21:38:41 2017 OPTIONS IMPORT: --ifconfig/up options modified
Mon Mar 13 21:38:41 2017 OPTIONS IMPORT: route options modified
Mon Mar 13 21:38:41 2017 OPTIONS IMPORT: route-related options modified
Mon Mar 13 21:38:41 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Mar 13 21:38:41 2017 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp2s0 HWADDR=64:5a:04:8a:4c:f4
Mon Mar 13 21:38:41 2017 TUN/TAP device tun0 opened
Mon Mar 13 21:38:41 2017 TUN/TAP TX queue length set to 100
Mon Mar 13 21:38:41 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Mar 13 21:38:41 2017 /sbin/ip link set dev tun0 up mtu 1500
Mon Mar 13 21:38:41 2017 /sbin/ip addr add dev tun0 local 10.211.1.5 peer 10.211.1.6
Mon Mar 13 21:38:41 2017 /sbin/ip route add 182.169.188.49/32 via 192.168.0.1
Mon Mar 13 21:38:41 2017 /sbin/ip route add 0.0.0.0/1 via 10.211.1.6
Mon Mar 13 21:38:41 2017 /sbin/ip route add 128.0.0.0/1 via 10.211.1.6
Mon Mar 13 21:38:41 2017 Initialization Sequence Completed

The .conf file contains:
[oconf=]daniel@Bubbles ~/vpnHoneyPot $ cat vpngate_182.169.188.49_udp_1970.confdev tun
proto udp
remote 182.169.188.49 1970
;http-proxy-retry
;http-proxy [proxy server] [proxy port]
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
keepalive 10 60
ca /home/daniel/vpntest/ovpndownloader/Honey/.vpngate_182.169.188.49_udp_1970/ca.crt
cert /home/daniel/vpntest/ovpndownloader/Honey/.vpngate_182.169.188.49_udp_1970/client.crt
key /home/daniel/vpntest/ovpndownloader/Honey/.vpngate_182.169.188.49_udp_1970/client.key[/oconf]

Before I connect to a VPN, This is what my routing tables look like:

Code: Select all

daniel@Bubbles ~ $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.0.1     0.0.0.0         UG    600    0        0 wlp2s0
link-local      *               255.255.0.0     U     1000   0        0 wlp2s0
192.168.0.0     *               255.255.255.0   U     600    0        0 wlp2s0

After connecting to a VPN, my routing tables change to:

Code: Select all

daniel@Bubbles ~ $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.211.1.6      128.0.0.0       UG    0      0        0 tun0
default         192.168.0.1     0.0.0.0         UG    600    0        0 wlp2s0
10.211.1.6      *               255.255.255.255 UH    0      0        0 tun0
128.0.0.0       10.211.1.6      128.0.0.0       UG    0      0        0 tun0
link-local      *               255.255.0.0     U     1000   0        0 wlp2s0
182.169.188.49  192.168.0.1     255.255.255.255 UGH   0      0        0 wlp2s0
192.168.0.0     *               255.255.255.0   U     600    0        0 wlp2s0

My wireless dev:

Code: Select all

daniel@Bubbles ~ $ iwconfig
tun0      no wireless extensions.

lo        no wireless extensions.

enp1s0    no wireless extensions.

wlp2s0    IEEE 802.11bgn  ESSID:"Brother Other" 
          Mode:Managed  Frequency:2.462 GHz  Access Point: 94:87:7C:AF:BD:F0   
          Bit Rate=65 Mb/s   Tx-Power=18 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=56/70  Signal level=-54 dBm 
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:5  Invalid misc:309   Missed beacon:0



Summary:
I can surf web pages and download through my terminal window just fine. However after establishing a VPN Connection through OpenVPN, I cannot access the internet, surf web pages, or ping, or anything...

This is a new observation for me. Everything was working fine yesterday before the upgrades. Now it's not working....I wonder if the two are related.

Today I took a fresh hard-drive and installed Ubuntu 16.04.2 I updated and upgraded the install. I installed OpenVPN and have the exact same problem!!!! Firefox will not see any webpages. it stalls on "looking up <web-url>" I installed the SetupVPN plugin in firefox and that works just fine.

Here is the pertinent info for the Ubuntu version of this problem:

openvpn version:

Code: Select all

daniel@OoogaBooga:~/vpnHoneyPot$ apt-cache policy openvpn
openvpn:
  Installed: 2.3.10-1ubuntu2
  Candidate: 2.3.10-1ubuntu2
  Version table:
 *** 2.3.10-1ubuntu2 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        100 /var/lib/dpkg/status


linux Kernel info:

Code: Select all

daniel@OoogaBooga:~/vpnHoneyPot$ uname -a
Linux OoogaBooga 4.8.0-41-generic #44~16.04.1-Ubuntu SMP Fri Mar 3 17:11:16 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux


Before openvpn connection, internet works just great.
Here is my routing table:

Code: Select all

daniel@OoogaBooga:~/vpnHoneyPot$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.0.1     0.0.0.0         UG    600    0        0 wlp2s0
link-local      *               255.255.0.0     U     1000   0        0 wlp2s0
192.168.0.0     *               255.255.255.0   U     600    0        0 wlp2s0


Output from Openvpn successfull connection:

Code: Select all

daniel@OoogaBooga:~/vpnHoneyPot$ sudo openvpn $HOME/vpnHoneyPot/vpngate_60.68.252.158_udp_1344.conf
Wed Mar 15 02:24:25 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb  2 2016
Wed Mar 15 02:24:25 2017 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Wed Mar 15 02:24:25 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Mar 15 02:24:25 2017 WARNING: file '/home/daniel/vpntest/ovpndownloader/Honey/.vpngate_60.68.252.158_udp_1344/client.key' is group or others accessible
Wed Mar 15 02:24:25 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Mar 15 02:24:25 2017 UDPv4 link local: [undef]
Wed Mar 15 02:24:25 2017 UDPv4 link remote: [AF_INET]60.68.252.158:1344
Wed Mar 15 02:24:25 2017 TLS: Initial packet from [AF_INET]60.68.252.158:1344, sid=366cf6bf 91ce02da
Wed Mar 15 02:24:25 2017 VERIFY OK: depth=0, CN=jz8nbgz139cqz2ls4h.jp, O=wljmg2by 4d6mfts7, C=US
Wed Mar 15 02:24:25 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Mar 15 02:24:25 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 15 02:24:25 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Mar 15 02:24:25 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 15 02:24:25 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Mar 15 02:24:25 2017 [jz8nbgz139cqz2ls4h.jp] Peer Connection Initiated with [AF_INET]60.68.252.158:1344
Wed Mar 15 02:24:28 2017 SENT CONTROL [jz8nbgz139cqz2ls4h.jp]: 'PUSH_REQUEST' (status=1)
Wed Mar 15 02:24:28 2017 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.73 10.211.1.74,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.74,redirect-gateway def1'
Wed Mar 15 02:24:28 2017 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar 15 02:24:28 2017 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar 15 02:24:28 2017 OPTIONS IMPORT: route options modified
Wed Mar 15 02:24:28 2017 OPTIONS IMPORT: route-related options modified
Wed Mar 15 02:24:28 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Mar 15 02:24:28 2017 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp2s0 HWADDR=64:5a:04:8a:4c:f4
Wed Mar 15 02:24:28 2017 TUN/TAP device tun0 opened
Wed Mar 15 02:24:28 2017 TUN/TAP TX queue length set to 100
Wed Mar 15 02:24:28 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Mar 15 02:24:28 2017 /sbin/ip link set dev tun0 up mtu 1500
Wed Mar 15 02:24:28 2017 /sbin/ip addr add dev tun0 local 10.211.1.73 peer 10.211.1.74
Wed Mar 15 02:24:28 2017 /sbin/ip route add 60.68.252.158/32 via 192.168.0.1
Wed Mar 15 02:24:28 2017 /sbin/ip route add 0.0.0.0/1 via 10.211.1.74
Wed Mar 15 02:24:28 2017 /sbin/ip route add 128.0.0.0/1 via 10.211.1.74
Wed Mar 15 02:24:28 2017 Initialization Sequence Completed


The routing table after successful connection:

Code: Select all

daniel@OoogaBooga:~/vpnHoneyPot$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.211.1.122    128.0.0.0       UG    0      0        0 tun0
default         192.168.0.1     0.0.0.0         UG    600    0        0 wlp2s0
10.211.1.122    *               255.255.255.255 UH    0      0        0 tun0
60.68.252.158   192.168.0.1     255.255.255.255 UGH   0      0        0 wlp2s0
128.0.0.0       10.211.1.122    128.0.0.0       UG    0      0        0 tun0
link-local      *               255.255.0.0     U     1000   0        0 wlp2s0
192.168.0.0     *               255.255.255.0   U     600    0        0 wlp2s0


The contents of that conf file:
[oconf=]daniel@OoogaBooga:~/vpnHoneyPot$ cat vpngate_60.68.252.158_udp_1344.conf
dev tun
proto udp
remote 60.68.252.158 1344
;http-proxy-retry
;http-proxy [proxy server] [proxy port]
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
keepalive 10 60
ca /home/daniel/vpntest/ovpndownloader/Honey/.vpngate_60.68.252.158_udp_1344/ca.crt
cert /home/daniel/vpntest/ovpndownloader/Honey/.vpngate_60.68.252.158_udp_1344/client.crt
key /home/daniel/vpntest/ovpndownloader/Honey/.vpngate_60.68.252.158_udp_1344/client.key[/oconf]

The ubuntu 16.4 version of iwconfig:

Code: Select all

daniel@OoogaBooga:~/vpnHoneyPot$ iwconfig
wlp2s0    IEEE 802.11  ESSID:"Brother Other" 
          Mode:Managed  Frequency:2.437 GHz  Access Point: 94:87:7C:AF:BD:F0   
          Bit Rate=72.2 Mb/s   Tx-Power=18 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=62/70  Signal level=-48 dBm 
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:1  Invalid misc:60   Missed beacon:0

lo        no wireless extensions.

enp1s0    no wireless extensions.


As soon as I terminate the openvpn connection, all internet functionality returns.


Any light in this matter is greatly appreciated!!

Dani

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2720
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPNGate Can't reach the internet through the VPN

Postby TinCanTech » Wed Mar 15, 2017 5:37 pm

When you connect to a VPN Service provider you will want the connection to redirect your gateway to use the VPN. Otherwise why would you connect to the VPN provider ?

BrotherOther
OpenVpn Newbie
Posts: 2
Joined: Wed Mar 15, 2017 8:58 am

Re: VPNGate Can't reach the internet through the VPN

Postby BrotherOther » Wed Mar 15, 2017 7:50 pm

Thanks for replying TinCanTech!

I am new to adjusting the routing tables. While I understand your comment in a general sense, it's outside of my ability to translate your comment into a terminal command which untangles this issue. I feel like you have spotted something in my post that explains the symptoms I am having. How do I verify that my gateway is redirected through the VPN? Can you provide the syntax for a routing command that fixes this please?

Thank you for your time!!

Dani

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2720
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPNGate Can't reach the internet through the VPN

Postby TinCanTech » Thu Mar 16, 2017 12:11 am

BrotherOther wrote: am new to
Please read the HOWTO:
HOWTO: For OpenVPN Community Edition

BrotherOther wrote: While I understand your comment in a general sense, it's outside of my ability to translate your comment into a terminal command which untangles this issue.
Welcome to the matrix ..

BrotherOther wrote: Can you provide the syntax for a routing command that fixes this please?
No .. there is no one single command.


Can you put your question into a more succinct form ?

Maybe just ask one question at a time ..


Return to “Off Topic, Related”

Who is online

Users browsing this forum: No registered users and 2 guests