OpenVPN Access Server: Client cannot access Internet while on VPN

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Locked
jamesnb
OpenVPN User
Posts: 29
Joined: Tue Sep 22, 2015 3:01 am

OpenVPN Access Server: Client cannot access Internet while on VPN

Post by jamesnb » Wed May 24, 2017 6:25 am

Hello everyone,
This is my 1st time install and run OpenVPN Access Server.

OpenVPN Access Server: Ubuntu 16.04 LTS (32bit)
I have my server behind a router. The server is updated with Dyndns account via" ddconnect". All is good and I use the default settings of the OPVN-AS

Client: MacOS with OpenVPN connect for MAC installed.
I can access other devices on the VPN network, no problem here.
But when I try to access the Internet, say for example, go to http://www.apple.com --> The browser throws error, time out. Status shows that it was trying to "resolve host" but did not succeed I guess.

My question is, how can I enable Internet access for the clients?

Thank you very much for your support

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPN Access Server: Client cannot access Internet while on VPN

Post by novaflash » Wed May 24, 2017 6:36 am

I'm going to guess that somehow DNS settings aren't right while you're pushing all client internet traffic through the server. Go to VPN Settings in the Admin UI and set the DNS server manually to 8.8.8.8 and 8.8.4.4. Those are Google's public DNS servers. See if it works then.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

jamesnb
OpenVPN User
Posts: 29
Joined: Tue Sep 22, 2015 3:01 am

Re: OpenVPN Access Server: Client cannot access Internet while on VPN

Post by jamesnb » Wed May 24, 2017 7:48 am

Hello there,
I followed your advice and put the DNS server 8.8.8.8 and 8.8.4.4, then the following happened:

1/ I can get access to the Internet however, my IP address is still the same as my local client machine, NOT the IP address of the OVPN-AS server
2/ The VPN connection from client to server is automatically "timed-out" (and then disconnected as a result) in about every 15 seconds after the successful connections. I will then have to connect again to get to the VPN server... strange thing is that I have not made any changes other than putting DNS server address.

Do you have any ideas of what I may be missing?

Thank you very much

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPN Access Server: Client cannot access Internet while on VPN

Post by novaflash » Wed May 24, 2017 7:55 am

Could be lots of things, time to look at the client log file to see what it says. Try making a connection, and then after a minute, stop the Connect Client - just disconnect it. Then look up the log file and post results here. If you're worried about privacy and such, then take this to the support department for OpenVPN Access Server directly. To get there, go to www.openvpn.net and at the top of the page sign in (if you haven't already) and then click the 'support' link at the top of the page.

The OpenVPN Connect Client for Mac stores its log files here:
/Library/Application Support/OpenVPN/log/openvpn_(unique_name).log

Macintosh may not show you this folder directly in Finder, so to get there, use Finder and in the menu at the top choose 'Go' followed by 'Go to folder' and then enter the above path without the filename to open that folder location directly. Or you can go to /Library/ and then delve deeper from there. Please also note that the client for Mac will have permissions set on the log file so that you cannot normally open it. To bypass this, rightclick the log file and choose the 'Get info' option in the menu. Then at the bottom, under 'Sharing & Permissions', you will be able to use the yellow padlock icon to unlock the settings and to give 'everyone' read only access. Then you will be able to open the log file with a rightclick and selecting 'Open with' and then choosing something like 'Text editor'.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

jamesnb
OpenVPN User
Posts: 29
Joined: Tue Sep 22, 2015 3:01 am

Re: OpenVPN Access Server: Client cannot access Internet while on VPN

Post by jamesnb » Wed May 24, 2017 8:08 am

Wed May 24 01:02:05 2017 OpenVPN Management Interface 1.0.0/3.1.1 mac x86_64 64-bit [PolarSSL] built on Sep 26 2016 13:21:47
Wed May 24 01:02:05 2017 OMI Connecting to /Library/Application Support/OpenVPN/sock/ovpn-zWavVoeHkuEM.sock [unix]
Wed May 24 01:02:05 2017 Frame=512/2048/512 mssfix-ctrl=1250
Wed May 24 01:02:05 2017 UNUSED OPTIONS
3 [nobind]
16 [sndbuf] [100000]
17 [rcvbuf] [100000]
19 [verb] [3]
29 [CLI_PREF_ALLOW_WEB_IMPORT] [True]
30 [CLI_PREF_ENABLE_CONNECT] [True]
31 [CLI_PREF_ENABLE_XD_PROXY] [True]
32 [WSHOST] [jnvpn.dyndns.org:443]
33 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- MIIDAjCCxxxxxxANBgkqhkiG...]
34 [IS_OPENVPN_WEB_CA] [1]
35 [ORGANIZATION] [OpenVPN Technologies, Inc.]

Wed May 24 01:02:05 2017 RESOLVE
Wed May 24 01:02:05 2017 Contacting xx.xx.xx.xx:1194 via UDP
Wed May 24 01:02:05 2017 WAIT
Wed May 24 01:02:05 2017 Connecting to [xxx.dyndns.org]:1194 (xx.xx.xx.xx) via UDPv4
Wed May 24 01:02:09 2017 Server poll timeout, trying next remote entry...
Wed May 24 01:02:09 2017 RECONNECTING
Wed May 24 01:02:09 2017 Contacting xx.xx.xx.xx:1194 via UDP
Wed May 24 01:02:09 2017 WAIT
Wed May 24 01:02:09 2017 Connecting to [xxx.dyndns.org]:1194 (xx.xx.xx.xx) via UDPv4
Wed May 24 01:02:13 2017 Server poll timeout, trying next remote entry...
Wed May 24 01:02:13 2017 RECONNECTING
Wed May 24 01:02:13 2017 Contacting xx.xx.xx.xx:443 via TCP
Wed May 24 01:02:13 2017 WAIT
Wed May 24 01:02:17 2017 Server poll timeout, trying next remote entry...
Wed May 24 01:02:17 2017 RECONNECTING
Wed May 24 01:02:17 2017 Contacting xx.xx.xx.xx:1194 via UDP
Wed May 24 01:02:17 2017 WAIT
Wed May 24 01:02:17 2017 Connecting to [xxx.dyndns.org]:1194 (xx.xx.xx.xx) via UDPv4
Wed May 24 01:02:21 2017 Server poll timeout, trying next remote entry...
Wed May 24 01:03:03 2017 Connecting to [xxx.dyndns.org]:1194 (xx.xx.xx.xx) via UDPv4
Wed May 24 01:03:05 2017 CONNECTION_TIMEOUT [FATAL-ERR]
Wed May 24 01:03:05 2017 DISCONNECTED
Wed May 24 01:03:05 2017 >FATAL:CONNECTION_TIMEOUT

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPN Access Server: Client cannot access Internet while on VPN

Post by novaflash » Wed May 24, 2017 8:21 am

Okay so unfortunately you replaced the IP address with xx.xx.xx.xx all the way through. I understand why. But can you please make sure that this IP address is actually the address where your Access Server can be reached? And that it is NOT a private IP address like 192.168.x.x or 172.16.*.* or 10.*.*.* or similar? Because if so, then you need to reconfigure something on your Access Server to make it possible to reach it from the Internet. Otherwise it'll only work while you're in the network that your Access Server is in.

So in any case, your server is unreachable. Could be that the wrong IP address is being configured.

Also, would recommend using a DNS name if you aren't already.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

jamesnb
OpenVPN User
Posts: 29
Joined: Tue Sep 22, 2015 3:01 am

Re: OpenVPN Access Server: Client cannot access Internet while on VPN

Post by jamesnb » Wed May 24, 2017 4:29 pm

The xx.xxx.xxx.xxx is my public IP address. I have an paid account with Dyndns and created a dyndns host only for this OVPN-AS. I run a little program as a service on Ubuntu called "ddclient" (from Dyndns) to update and map the public IP address to the OPVN-AS hence the xx.xx.xx.xxx is always reachable at the OVPN-AS.
However, no matter what I try, it still refuse to connect to the VPN. I however can access the Admin page/Client page from outside of my LAN via the host name though.

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPN Access Server: Client cannot access Internet while on VPN

Post by novaflash » Wed May 24, 2017 4:31 pm

Does it work from outside your network, but not from inside your network? Then it's possible NAT mirroring/hairpinning isn't working in your router.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

jamesnb
OpenVPN User
Posts: 29
Joined: Tue Sep 22, 2015 3:01 am

Re: OpenVPN Access Server: Client cannot access Internet while on VPN

Post by jamesnb » Wed May 24, 2017 4:53 pm

It does not work from outside of my LAN. I have not tried inside though. From the outside of my LAN, I can connect to the Admin webpage of the OVPN-AS (at the host name such as xxx.dyndns.org:943) to download the client connect or config file. But when I try to connect using the config file, it won't connect!

jamesnb
OpenVPN User
Posts: 29
Joined: Tue Sep 22, 2015 3:01 am

Re: OpenVPN Access Server: Client cannot access Internet while on VPN

Post by jamesnb » Wed May 24, 2017 10:42 pm

I have managed to connect to the OVPN-AS from outside of my LAN. But I still cannot connect to the Internet while I am on VPN. I have also set the DNS option on the OVPN-AS to 8.8.8.8 and 8.8.4.4

Please have a look at my log file below. Please let me know what I am missing? Thank you very much

----------------------------------------

Wed May 24 14:19:17 2017 OpenVPN Management Interface 1.0.0/3.1.1 mac x86_64 64-bit [PolarSSL] built on Sep 26 2016 13:21:47
Wed May 24 14:19:17 2017 OMI Connecting to /Library/Application Support/OpenVPN/sock/ovpn-zU0VOsxg8lCx.sock [unix]
Wed May 24 14:19:17 2017 Frame=512/2048/512 mssfix-ctrl=1250
Wed May 24 14:19:17 2017 UNUSED OPTIONS
3 [nobind]
16 [sndbuf] [100000]
17 [rcvbuf] [100000]
19 [verb] [3]
29 [CLI_PREF_ALLOW_WEB_IMPORT] [True]
30 [CLI_PREF_ENABLE_CONNECT] [True]
31 [CLI_PREF_ENABLE_XD_PROXY] [True]
32 [WSHOST] [jnvpn.dyndns.org:443]
33 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- MIIDAjCCAeqgAwIBAgIEWSMlIjANBgkqhkiG...]
34 [IS_OPENVPN_WEB_CA] [1]
35 [ORGANIZATION] [OpenVPN Technologies, Inc.]

Wed May 24 14:19:17 2017 RESOLVE
Wed May 24 14:19:18 2017 Contacting xx.xx.xx.xxx:1194 via UDP
Wed May 24 14:19:18 2017 WAIT
Wed May 24 14:19:18 2017 Connecting to [xxx.dyndns.org]:1194 (xx.xx.xx.xxx) via UDPv4
Wed May 24 14:19:18 2017 CONNECTING
Wed May 24 14:19:18 2017 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
Wed May 24 14:19:18 2017 Creds: Username/PasswordEmpty
Wed May 24 14:19:18 2017 Peer Info:
IV_GUI_VER=ovpnmi 1.0.0
IV_VER=3.1.1
IV_PLAT=mac
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
UV_ASCLI_VER=UV_ASCLI_VER
UV_PLAT_REL=UV_PLAT_REL
IV_HWADDR=38:xx:xx:xx:4e:fc
IV_BS64DL=1

Wed May 24 14:19:18 2017 VERIFY OK: depth=1
cert. version : 3
serial number : 59:23:25:19
issuer name : CN=OpenVPN CA
subject name : CN=OpenVPN CA
issued on : 2017-05-15 17:51:21
expires on : 2027-05-20 17:51:21
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true

Wed May 24 14:19:18 2017 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : CN=OpenVPN CA
subject name : CN=OpenVPN Server
issued on : 2017-05-15 17:51:21
expires on : 2027-05-20 17:51:21
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
cert. type : SSL Server

Wed May 24 14:19:18 2017 SSL Handshake: TLSv1.0/TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
Wed May 24 14:19:18 2017 Session is ACTIVE
Wed May 24 14:19:18 2017 GET_CONFIG
Wed May 24 14:19:18 2017 Sending PUSH_REQUEST to server...
Wed May 24 14:19:19 2017 Sending PUSH_REQUEST to server...
Wed May 24 14:19:21 2017 Sending PUSH_REQUEST to server...
Wed May 24 14:19:21 2017 OPTIONS:
0 [explicit-exit-notify]
1 [topology] [subnet]
2 [route-delay] [5] [30]
3 [dhcp-pre-release]
4 [dhcp-renew]
5 [dhcp-release]
6 [route-metric] [101]
7 [ping] [12]
8 [ping-restart] [50]
9 [comp-lzo] [yes]
10 [redirect-gateway] [def1]
11 [redirect-gateway] [bypass-dhcp]
12 [redirect-gateway] [autolocal]
13 [route-gateway] [172.27.232.1]
14 [dhcp-option] [DNS] [127.0.1.1]
15 [register-dns]
16 [block-ipv6]
17 [ifconfig] [172.27.232.6] [255.255.252.0]

Wed May 24 14:19:21 2017 PROTOCOL OPTIONS:
cipher: BF-CBC
digest: SHA1
compress: LZO
peer ID: -1
Wed May 24 14:19:21 2017 TunPersist: long-term session scope
Wed May 24 14:19:21 2017 TunPersist: new tun context
Wed May 24 14:19:21 2017 ASSIGN_IP
Wed May 24 14:19:21 2017 CAPTURED OPTIONS:
Session Name: jnvpn.dyndns.org
Layer: OSI_LAYER_3
MTU: 1500
Remote Address: xx.xx.xx.xx
Tunnel Addresses:
172.27.232.6/22 -> 172.27.232.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW AUTO_LOCAL DEF1 BYPASS_DHCP IPv4 ]
Block IPv6: yes
Route Metric Default: 101
Add Routes:
Exclude Routes:
DNS Servers:
127.0.1.1
Search Domains:

Wed May 24 14:19:21 2017 MacDNS: updated Setup:/Network/Service/C110437F-7794-418E-A057-F4CE3B74E2E1/DNS
Wed May 24 14:19:21 2017 MacDNS: updated State:/Network/Service/OpenVPNConnect/Info
Wed May 24 14:19:21 2017 MacDNS: SETDNS 16.6.0
*** DSDict State:/Network/Global/IPv4
ORIG <CFBasicHash 0x7fb83dc06c30 [0x7fffb6454da0]>{type = immutable dict, count = 3,
entries =>
0 : <CFString 0x7fb83dc06b80 [0x7fffb6454da0]>{contents = "PrimaryInterface"} = <CFString 0x7fb83dc06c10 [0x7fffb6454da0]>{contents = "en4"}
1 : <CFString 0x7fb83dc065d0 [0x7fffb6454da0]>{contents = "PrimaryService"} = <CFString 0x7fb83dc06bb0 [0x7fffb6454da0]>{contents = "C110437F-7794-418E-A057-F4CE3B74E2E1"}
2 : <CFString 0x7fb83dc065f0 [0x7fffb6454da0]>{contents = "Router"} = <CFString 0x7fb83dc06bf0 [0x7fffb6454da0]>{contents = "192.168.1.1"}
}
*** DSDict State:/Network/Service/OpenVPNConnect/Info
ORIG <CFBasicHash 0x7fb83df04240 [0x7fffb6454da0]>{type = immutable dict, count = 0,
entries =>
}
MODIFIED <CFBasicHash 0x7fb83dd0a2b0 [0x7fffb6454da0]>{type = mutable dict, count = 1,
entries =>
1 : <CFString 0x7fb83dd0a290 [0x7fffb6454da0]>{contents = "PrimaryService"} = <CFString 0x7fb83dc06bb0 [0x7fffb6454da0]>{contents = "C110437F-7794-418E-A057-F4CE3B74E2E1"}
}
*** DSDict State:/Network/Service/OpenVPNConnect/DNS
ORIG <CFBasicHash 0x7fb83df06470 [0x7fffb6454da0]>{type = immutable dict, count = 0,
entries =>
}
*** DSDict Setup:/Network/Service/C110437F-7794-418E-A057-F4CE3B74E2E1/DNS
ORIG <CFBasicHash 0x7fb83df06750 [0x7fffb6454da0]>{type = immutable dict, count = 0,
entries =>
}
MODIFIED <CFBasicHash 0x7fb83df06630 [0x7fffb6454da0]>{type = mutable dict, count = 5,
entries =>
0 : <CFString 0x7fb83df06720 [0x7fffb6454da0]>{contents = "OpenVPNConnectOrigSearchOrder"} = <CFString 0x7fb83df066f0 [0x7fffb6454da0]>{contents = "OpenVPNConnectDeleteValue"}
1 : <CFString 0x7fb83df065c0 [0x7fffb6454da0]>{contents = "ServerAddresses"} = (
"127.0.1.1"
)
2 : <CFString 0x7fb83df06670 [0x7fffb6454da0]>{contents = "OpenVPNConnectOrigServerAddresses"} = <CFString 0x7fb83df064f0 [0x7fffb6454da0]>{contents = "OpenVPNConnectDeleteValue"}
3 : <CFString 0x7fb83df062e0 [0x7fffb6454da0]>{contents = "SearchOrder"} = <CFNumber 0x138827 [0x7fffb6454da0]>{value = +5000, type = kCFNumberSInt32Type}
5 : <CFString 0x7fb83df066b0 [0x7fffb6454da0]>{contents = "OpenVPNConnectOrigSearchDomains"} = <CFString 0x7fb83df06520 [0x7fffb6454da0]>{contents = "OpenVPNConnectDeleteValue"}
}

Wed May 24 14:19:21 2017 /usr/bin/dscacheutil -flushcache
Wed May 24 14:19:21 2017 /usr/bin/killall -HUP mDNSResponder
Wed May 24 14:19:21 2017 MacDNS: SCDynamicStoreNotifyValue Setup:/Network/Global/IPv4
Wed May 24 14:19:21 2017 /sbin/ifconfig utun1 down
/sbin/ifconfig utun1 172.27.232.6 172.27.232.6 netmask 255.255.252.0 mtu 1500 up
/sbin/route add -net 172.27.232.0 -netmask 255.255.252.0 172.27.232.6
add net 172.27.232.0: gateway 172.27.232.6
/sbin/route add -net 50.98.16.150 -netmask 255.255.255.255 192.168.1.1
add net 50.98.16.150: gateway 192.168.1.1
/sbin/route add -net 0.0.0.0 -netmask 128.0.0.0 172.27.232.1
add net 0.0.0.0: gateway 172.27.232.1
/sbin/route add -net 128.0.0.0 -netmask 128.0.0.0 172.27.232.1
add net 128.0.0.0: gateway 172.27.232.1
/sbin/route add -net -inet6 2000:: -prefixlen 4 -reject ::1%lo0
add net 2000::: gateway ::1%lo0
/sbin/route add -net -inet6 3000:: -prefixlen 4 -reject ::1%lo0
add net 3000::: gateway ::1%lo0
/sbin/route add -net -inet6 fc00:: -prefixlen 7 -reject ::1%lo0
add net fc00::: gateway ::1%lo0
MacDNSAction: FLAGS=F RD=1 SO=5000 DNS=127.0.1.1 DOM=
open utun1 SUCCEEDED
Wed May 24 14:19:21 2017 TunPersist: saving tun context:
Session Name: xxx.dyndns.org
Layer: OSI_LAYER_3
Remote Address: xx.xx.xx.xxx
Tunnel Addresses:
172.27.232.6/22 -> 172.27.232.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW AUTO_LOCAL DEF1 BYPASS_DHCP IPv4 ]
Block IPv6: yes
Route Metric Default: 101
Add Routes:
Exclude Routes:
DNS Servers:
127.0.1.1
Search Domains:

Wed May 24 14:19:21 2017 Connected via utun1
Wed May 24 14:19:21 2017 Per-Key Data Limit: 48000000/48000000
Wed May 24 14:19:21 2017 LZO-ASYM init swap=0 asym=0
Wed May 24 14:19:21 2017 CONNECTED : xxx@xxx.dyndns.org:1194 (xx.xx.xx.xxx) via /UDPv4 on utun1/172.27.232.6/ gw=[172.27.232.1/]
Wed May 24 14:19:42 2017 MacDNS: updated Setup:/Network/Service/C110437F-7794-418E-A057-F4CE3B74E2E1/DNS
Wed May 24 14:19:42 2017 MacDNS: removed State:/Network/Service/OpenVPNConnect/Info
Wed May 24 14:19:42 2017 MacDNS: RESETDNS 16.6.0
*** DSDict State:/Network/Global/IPv4
ORIG <CFBasicHash 0x7fb83df04670 [0x7fffb6454da0]>{type = immutable dict, count = 3,
entries =>
0 : <CFString 0x7fb83df02110 [0x7fffb6454da0]>{contents = "PrimaryInterface"} = <CFString 0x7fb83df04650 [0x7fffb6454da0]>{contents = "en4"}
1 : <CFString 0x7fb83df04b10 [0x7fffb6454da0]>{contents = "PrimaryService"} = <CFString 0x7fb83df04610 [0x7fffb6454da0]>{contents = "C110437F-7794-418E-A057-F4CE3B74E2E1"}
2 : <CFString 0x7fb83df04900 [0x7fffb6454da0]>{contents = "Router"} = <CFString 0x7fb83df04bd0 [0x7fffb6454da0]>{contents = "192.168.1.1"}
}
*** DSDict State:/Network/Service/OpenVPNConnect/Info
ORIG <CFBasicHash 0x7fb83dd0bd20 [0x7fffb6454da0]>{type = immutable dict, count = 1,
entries =>
1 : <CFString 0x7fb83dd0bc90 [0x7fffb6454da0]>{contents = "PrimaryService"} = <CFString 0x7fb83dd0bce0 [0x7fffb6454da0]>{contents = "C110437F-7794-418E-A057-F4CE3B74E2E1"}
}
*** DSDict State:/Network/Service/OpenVPNConnect/DNS
ORIG <CFBasicHash 0x7fb83df045a0 [0x7fffb6454da0]>{type = immutable dict, count = 0,
entries =>
}
*** DSDict Setup:/Network/Service/C110437F-7794-418E-A057-F4CE3B74E2E1/DNS
ORIG <CFBasicHash 0x7fb83dd0d6b0 [0x7fffb6454da0]>{type = immutable dict, count = 5,
entries =>
0 : <CFString 0x7fb83dd0cdc0 [0x7fffb6454da0]>{contents = "OpenVPNConnectOrigSearchOrder"} = <CFString 0x7fb83dd0c1a0 [0x7fffb6454da0]>{contents = "OpenVPNConnectDeleteValue"}
1 : <CFString 0x7fb83dd0c170 [0x7fffb6454da0]>{contents = "ServerAddresses"} = <CFArray 0x7fb83dd0d610 [0x7fffb6454da0]>{type = immutable, count = 1, values = (
0 : <CFString 0x7fb83dd0d5f0 [0x7fffb6454da0]>{contents = "127.0.1.1"}
)}
2 : <CFString 0x7fb83dd0d570 [0x7fffb6454da0]>{contents = "OpenVPNConnectOrigServerAddresses"} = <CFString 0x7fb83dd0d650 [0x7fffb6454da0]>{contents = "OpenVPNConnectDeleteValue"}
3 : <CFString 0x7fb83dd0cc30 [0x7fffb6454da0]>{contents = "SearchOrder"} = <CFNumber 0x138837 [0x7fffb6454da0]>{value = +5000, type = kCFNumberSInt64Type}
5 : <CFString 0x7fb83dd0d5b0 [0x7fffb6454da0]>{contents = "OpenVPNConnectOrigSearchDomains"} = <CFString 0x7fb83dd0d680 [0x7fffb6454da0]>{contents = "OpenVPNConnectDeleteValue"}
}
MODIFIED <CFBasicHash 0x7fb83dd0be40 [0x7fffb6454da0]>{type = mutable dict, count = 0,
entries =>
}

Wed May 24 14:19:42 2017 /usr/bin/dscacheutil -flushcache
Wed May 24 14:19:42 2017 MacLifeCycle NET_IFACE en4
Wed May 24 14:19:42 2017 /usr/bin/killall -HUP mDNSResponder
Wed May 24 14:19:42 2017 MacDNS: SCDynamicStoreNotifyValue Setup:/Network/Global/IPv4
Wed May 24 14:19:42 2017 /sbin/route delete -net 172.27.232.0 -netmask 255.255.252.0 172.27.232.6
delete net 172.27.232.0: gateway 172.27.232.6
/sbin/route delete -net xx.xx.xx.xxx -netmask 255.255.255.255 192.168.1.1
delete net xx.xx.xx.xxx: gateway 192.168.1.1
/sbin/route delete -net 0.0.0.0 -netmask 128.0.0.0 172.27.232.1
delete net 0.0.0.0: gateway 172.27.232.1
/sbin/route delete -net 128.0.0.0 -netmask 128.0.0.0 172.27.232.1
delete net 128.0.0.0: gateway 172.27.232.1
/sbin/route delete -net -inet6 2000:: -prefixlen 4 -reject ::1%lo0
delete net 2000::: gateway ::1%lo0
/sbin/route delete -net -inet6 3000:: -prefixlen 4 -reject ::1%lo0
delete net 3000::: gateway ::1%lo0
/sbin/route delete -net -inet6 fc00:: -prefixlen 7 -reject ::1%lo0
delete net fc00::: gateway ::1%lo0
/sbin/ifconfig utun1 down
MacDNSAction: FLAGS=F
Wed May 24 14:19:42 2017 DISCONNECTED

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPN Access Server: Client cannot access Internet while on VPN

Post by novaflash » Thu May 25, 2017 12:47 pm

At least it looks like the VPN tunnel established this time around. So do tests like pinging 8.8.8.8 and pinging www.google.com and using nslookup to see which DNS server it's trying to use and try manually switching to server 8.8.8.8 and doing a DNS resolve then. Basic troubleshooting. Let's see what results you can get.

Also, if you're using some sort of firewall program or antivirus program with firewall capability it may be useful to eliminate that as the cause.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

jamesnb
OpenVPN User
Posts: 29
Joined: Tue Sep 22, 2015 3:01 am

Re: OpenVPN Access Server: Client cannot access Internet while on VPN

Post by jamesnb » Thu May 25, 2017 8:15 pm

Thank you for all of your helps. I have managed to get it up and running. It was some corrupted installation and also, missing some config points. But thank to your all helps/pointers I have gathering enough helps to get it done! Thank you again

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPN Access Server: Client cannot access Internet while on VPN

Post by novaflash » Thu May 25, 2017 8:18 pm

Glad to hear it. Have a nice day.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

Locked