Openvpn connects but with no internet connection

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
tonyantony
OpenVpn Newbie
Posts: 4
Joined: Sun Dec 21, 2014 9:26 pm

Openvpn connects but with no internet connection

Post by tonyantony » Sun Dec 21, 2014 9:32 pm

Hello, I am trying to install an openvpn server on Centos6.6. I tried various installation and configuration guides but with no luck. When I am connected to vpn I have no internet connection.

For testing purposes before try it on my vps, I am working on vmware workstation with bridge mode networking and I am trying to connect to vpn using windows 7+openvpn client.

Centos IP Address: 10.10.10.59
OpenVPN IP range (default): 10.8.0.0/24
Network Gateway: 10.10.10.245

The problem is in routing.

Please I really need your help. I am trying to figure out what is the problem 3 days now.

The steps I followed:
> I added epel repository to install openvpn and easy-rsa
> I copied server.conf file from samples
> I have enabled push "redirect-gateway def1 bypass-dhcp" in /etc/openvpn/server.conf
> I have changed dhcp options push "dhcp-option DNS 8.8.8.8" and push "dhcp-option DNS 8.8.4.4" in /etc/openvpn/server.conf
>I generated keys and certificates
> I configured vars etc
> I generated diffie hellman keys
> I have edited /etc/openvpn/server.conf file to fix paths for dh key, ca.crt, server.crt and server.key
> I have built keys for client (./build-key client)
> I have enabled ip forwarding nano –w /etc/sysctl.conf to change net.ipv4.ip_forward = 1 and then sysctl -p
> I have also executed echo 1 > /proc/sys/net/ipv4/ip_forward
> I have added openvpn as a service 1) chkconfig --add openvpn 2) chkconfig openvpn on 3) service openvpn start

iptables (I tried various rules). The last rules I used:
>>iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
>>iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
>>iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
>>iptables -A INPUT -p udp --dport 1194 -j ACCEPT
>>iptables -A INPUT -i tun+ -j ACCEPT
>>iptables -A FORWARD -i tun+ -j ACCEPT
>>iptables -A OUTPUT -m state --state NEW -o eth0 -j ACCEPT
>>iptables -A FORWARD -m state --state NEW -o eth0 -j ACCEPT
>>iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>>iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT
>>iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
>>iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
>>iptables -A OUTPUT -o tun+ -j ACCEPT
>>service iptables save
>>service iptables restart

I don't know how and if I should edit routing table.
Current routing table values:

Code: Select all

10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
0.0.0.0         10.10.10.245    0.0.0.0         UG    0      0        0 eth0
server.conf

Code: Select all

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key  # This file should be kept secret
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
verb 3
client.ovpn

Code: Select all

client
dev tun
proto udp
remote 10.10.10.59 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
comp-lzo
verb 3
[hr]
I use device tun.

Code: Select all

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
      inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
      UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
      RX packets:349 errors:0 dropped:0 overruns:0 frame:0
      TX packets:164 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100 
      RX bytes:20751 (20.2 KiB)  TX bytes:14236 (13.9 KiB)
Last edited by maikcat on Mon Dec 22, 2014 11:46 am, edited 1 time in total.
Reason: removed comments from configs

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Openvpn connects but with no internet connection

Post by maikcat » Mon Dec 22, 2014 11:48 am

some things to check:

post the output of sestatus on your linux server,
disable ALL firewall rules and leave only the NAT one,
post your client logs,
post the output of tracert 8.8.8.8 on your client.

Michael.

tonyantony
OpenVpn Newbie
Posts: 4
Joined: Sun Dec 21, 2014 9:26 pm

Re: Openvpn connects but with no internet connection

Post by tonyantony » Tue Dec 23, 2014 10:56 am

sestatus -v output

Code: Select all

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Process contexts:
Current context:                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Init context:                   system_u:system_r:init_t:s0
/sbin/mingetty                  system_u:system_r:getty_t:s0
/usr/sbin/sshd                  system_u:system_r:sshd_t:s0-s0:c0.c1023

File contexts:
Controlling term:               unconfined_u:object_r:user_devpts_t:s0
/etc/passwd                     system_u:object_r:etc_t:s0
/etc/shadow                     system_u:object_r:shadow_t:s0
/bin/bash                       system_u:object_r:shell_exec_t:s0
/bin/login                      system_u:object_r:login_exec_t:s0
/bin/sh                         system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0
/sbin/agetty                    system_u:object_r:getty_exec_t:s0
/sbin/init                      system_u:object_r:init_exec_t:s0
/sbin/mingetty                  system_u:object_r:getty_exec_t:s0
/usr/sbin/sshd                  system_u:object_r:sshd_exec_t:s0
I removed all iptables rules with the following script:

Code: Select all

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
and I added these rules (to allow all inbound connection, outbound connections and nat):

Code: Select all

iptables -I INPUT -j ACCEPT
iptables -I OUTPUT -o eth0 -d 0.0.0.0/0 -j ACCEPT
iptables -I INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
I'll come back with client logs and tracert output

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Openvpn connects but with no internet connection

Post by maikcat » Tue Dec 23, 2014 11:42 am

are you from greece?

ive noticed you are using as a nickname the lates tony antony actors name...

please set selinux to permissive while testing.

Michael.

tonyantony
OpenVpn Newbie
Posts: 4
Joined: Sun Dec 21, 2014 9:26 pm

Re: Openvpn connects but with no internet connection

Post by tonyantony » Wed Dec 24, 2014 7:49 am

yes from Greece! iptables did the trick. It is working! Thank you!

Post Reply