Can Connect to VPN but No internet

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
PiNewb
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 16, 2015 6:17 am

Can Connect to VPN but No internet

Post by PiNewb » Sun Aug 16, 2015 11:30 am

I have an openvpn server set up on my raspberry pi. I am able to connect to the server, ssh into my pi, and view my router in any of the three scenarios. I cannot access websites while connected to the server unless the raspberry pi is connected to both wifi and a wired connection. I have the raspberry pi set up as a print server, so I want it next to my printer that is away from the router. I cannot move the router either, so I am hoping I can get this working completely over wifi.

Unfortunately the guide I used was set up for a wired connection, and seemed to have a few flaws. I'm hoping someone here can spot my errors.

Thanks

(connected to wifi only-no internet)

Code: Select all

name@raspberrypi$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 wlan0
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 wlan0
10.8.0.0        10.8.0.2        255.255.255.0   UG        0 0          0 tun0
10.8.0.2        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 wlan0
(connected to ethernet & wifi-yes internet)

Code: Select all

name@raspberrypi$ netstat-nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 wlan0
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 eth0
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 wlan0
10.8.0.0        10.8.0.2        255.255.255.0   UG        0 0          0 tun0
10.8.0.2        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 wlan0
(connected to ethernet only-no internet)

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 eth0
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 eth0
10.8.0.0        10.8.0.2        255.255.255.0   UG        0 0          0 tun0
10.8.0.2        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
(nano etc/network/interfaces)

Code: Select all

iface lo inet loopback
iface eth0 inet static
address 192.168.2.145
netmask 255.255.255.0
network 192.168.2.2
broadcast 192.168.2.201
gateway 192.168.2.1
        pre-up /etc/firewall-openvpn-rules.sh
auto wlan0
iface wlan0 inet static
address 192.168.2.145
netmask 255.255.255.0
network 192.168.2.2
broadcast 192.168.2.201
gateway 192.168.2.1

wpa-ssid “router”
wpa-psk “password”

dns-nameservers 8.8.8.8 8.8.4.4
(nano /etc/firewall-openvpn-rules.sh)

Code: Select all

#!/bin/sh

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j SNAT --to-source 192.168.2.145
(nano /etc/openvpn.server.conf)

Code: Select all

local 192.168.2.145 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # If you changed to 2048, change that here!
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.2.145 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option 8.8.8.8” # This should already match your router address and not need to be changed.
push “dhcp-option 8.8.4.4”
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 3

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Can Connect to VPN but No internet

Post by Traffic » Mon Aug 17, 2015 10:40 am

PiNewb wrote:(nano etc/network/interfaces)
Code:
iface eth0 inet static
address 192.168.2.145
netmask 255.255.255.0
network 192.168.2.2
broadcast 192.168.2.201
gateway 192.168.2.1
iface wlan0 inet static
address 192.168.2.145
netmask 255.255.255.0
network 192.168.2.2
broadcast 192.168.2.201
gateway 192.168.2.1
Where did you get these settings ?

Please see docs for networking
https://help.ubuntu.com/lts/serverguide ... ation.html

PiNewb
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 16, 2015 6:17 am

Re: Can Connect to VPN but No internet

Post by PiNewb » Wed Aug 19, 2015 2:12 am

145 is the static address of the raspberry pi.

2 is the lowest available address on the range.

201 is the highest available address on the network.

I cobbled this together from comments on the tutorial I used that seemed to have similar problems. They helped me get Internet back on the pi while still having the pre-up command.

PiNewb
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 16, 2015 6:17 am

Re: Can Connect to VPN but No internet

Post by PiNewb » Wed Aug 19, 2015 5:04 am

I cobbled together those settings from looking at the broadcast range of my router and other users' comments in the guide I followed.

After looking at the resource you gave me, I have made the following changes:

Address stayed the same. It is my pi static ip address.

Code: Select all

address 192.168.2.145
Network was changed to

Code: Select all

network 192.168.2.0
Broadcast was changed to

Code: Select all

broadcast 192.168.2.255
My symptoms are still exactly the same. I can connect to the Internet via the pi. I can connect to the openvpn network on the pi. At that point I can ssh into the pi and ping websites. I cannot use the VPN to access websites unless the pi is connected via wifi and ethernet.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Can Connect to VPN but No internet

Post by Traffic » Sat Aug 22, 2015 11:47 am

Try disabling the server wifi completely.

magarto
OpenVpn Newbie
Posts: 10
Joined: Wed Aug 05, 2015 6:59 pm

Re: Can Connect to VPN but No internet

Post by magarto » Sat Aug 22, 2015 11:52 am

I don't have WiFi, only ethernet.

PiNewb
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 16, 2015 6:17 am

Re: Can Connect to VPN but No internet

Post by PiNewb » Sat Aug 22, 2015 3:37 pm

Traffic wrote:Try disabling the server wifi completely.
I'm trying to set this up completely over wifi. I want the pi not to have a physical connection because it needs to be run in a different room than the router.

Thanks

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Can Connect to VPN but No internet

Post by Traffic » Sun Aug 23, 2015 2:32 pm

Reconfigure your Pi so that it has unique IP addresses:
  • Ethernet 192.168.2.145
  • Wireless 192.168.2.165 (example)
Then disable the ethernet and start openvpn server with the following update:

Code: Select all

local 192.168.2.165 # Note: IP address of wifi

PiNewb
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 16, 2015 6:17 am

Re: Can Connect to VPN but No internet

Post by PiNewb » Tue Aug 25, 2015 1:58 pm

I changed the ethernet to 192.168.5.15 and the wifi to 192.168.5.14 and tried:

Code: Select all

sudo /etc/init.d /openvpn start local 192.168.5.14
I got the following message:

Code: Select all

[FAIL] Starting virtual network daemon: [....] No such VPN: local ... failed!
[FAIL] No such VPN: 192.168.5.14 ... failed!
failed!
Starting the vpn normally still gives the same symptoms.

I did notice that when i changed the address, I had to update my dhcpcd settings because they were telling my pi to use an older address. Getting rid of that setting removed the Phantom ip, but did not remove my connection woes.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Can Connect to VPN but No internet

Post by Traffic » Tue Aug 25, 2015 4:05 pm

Add: "local ip-address" to the server config file not the init.d script ..

Please see the HOWTO:
https://openvpn.net/index.php/open-sour ... howto.html

PiNewb
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 16, 2015 6:17 am

Re: Can Connect to VPN but No internet

Post by PiNewb » Wed Aug 26, 2015 1:27 am

I see why there was confusion. I updated my config file immediately after I changed the IP address, so that was already done. I have my VPN set to launch on boot, so I did a "sudo reboot" after making the change.

I will also add that after further research I changed the line

Code: Select all

push "route 192.168.2.145 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
to
push "route 192.168.5.0 255.255.255.0"
I don't know how a guide became the first hit on google with so many mistakes.

Final question: Is it even possible to run a vpn server with just one wifi dongle acting as the internet gateway to the device? I keep thinking that may be my problem. If that is not the problem, then I need to keep looking.

PiNewb
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 16, 2015 6:17 am

Re: Can Connect to VPN but No internet

Post by PiNewb » Wed Aug 26, 2015 5:07 am

After changing all the variables to point at eth0 and the ethernet static IP, I have come to the conclusion that it is a hardware issue. I am able to get the vpn running through just a wired connection, but a single wireless dongle cannot be used for this purpose.

Please correct me if this is wrong.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Can Connect to VPN but No internet

Post by Traffic » Wed Aug 26, 2015 1:59 pm

PiNewb wrote:but a single wireless dongle cannot be used for this purpose
What type of wireless dongle is it .. Does it connect to your local WiFi LAN ?


I am currently running an OpenVPN Server over WiFi only.

Try disabling your ethernet completely and then rebooting.
Your ethernet must not be enabled during boot only your WiFi.
You must only have an IP address for your wireless adapter.
You may need to login to console (have a screen & keyboard attached)
to complete the setup successfully.

PiNewb
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 16, 2015 6:17 am

Re: Can Connect to VPN but No internet

Post by PiNewb » Wed Aug 26, 2015 3:30 pm

I am using a d-link wifi dongle that I had to compile a kernel to get to work.

Other than commenting out the eth0 stuff in /etc/network/interfaces is there a way to shut the ethernet completely off? The only commands I found via Google also claim to shut down the usb ports.

With eth0 commands commented out in /etc/network/interfaces I get the original symptoms.

PiNewb
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 16, 2015 6:17 am

Re: Can Connect to VPN but No internet

Post by PiNewb » Wed Aug 26, 2015 3:40 pm

Ignore that last comment. I'd like to say that I finally have this working over wifi. I had to comment out the eth0 commands and again edit my /etc/dhcpcd.conf file to match my wifi address to finally get it working. I also moved my preup firewall rules to after my gateway information in /etc/network/interfaces.

Full Internet over vpn using only a wifi dongle is now a go. Thanks for all the suggestions.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Can Connect to VPN but No internet

Post by Traffic » Wed Aug 26, 2015 3:53 pm

PiNewb wrote:I had to <etc...>
You could also unplug eth0 and rebooot ...
PiNewb wrote:Thanks for all the suggestions
:mrgreen:

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Can Connect to VPN but No internet

Post by Traffic » Wed Aug 26, 2015 9:38 pm

Traffic wrote:PiNewb wrote:
I had to <etc...>
You could also unplug eth0 and rebooot ...
In fact, you do need to de-configure your ethernet .. unplugging the cable is not enough.

PiNewb
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 16, 2015 6:17 am

Re: Can Connect to VPN but No internet

Post by PiNewb » Thu Aug 27, 2015 3:35 am

I'm just going to post my final working config files here in case anyone ended up in the same boat as me.

(nano etc/network/interfaces)

Code: Select all

iface lo inet loopback
#iface eth0 inet static
#address 192.168.5.15
#netmask 255.255.255.0
#network 192.168.5.0
#broadcast 192.168.5.255
#gateway 192.168.5.1
#        pre-up /etc/firewall-openvpn-rules.sh
auto wlan0
iface wlan0 inet static
address 192.168.5.14
netmask 255.255.255.0
network 192.168.5.0
broadcast 192.168.5.255
gateway 192.168.5.1
        pre-up /etc/firewall-openvpn-rules.sh
wpa-ssid “router”
wpa-psk “password”

dns-nameservers 8.8.8.8 8.8.4.4
(nano /etc/firewall-openvpn-rules.sh)

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j MASQUERADE
(nano /etc/openvpn.server.conf) *Note that I changed line 17. This was wrong in the guide I used.

Code: Select all

local 192.168.5.14 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # If you changed to 2048, change that here!
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.5.0 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR LOCAL NETWORK ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option 8.8.8.8” # This should already match your router address and not need to be changed.
push “dhcp-option 8.8.4.4”
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 3
(/etc/dhcpcd.conf)
I updated the last 3 lines in that file to match the setup in /etc/network/interfaces. It probably isn't necessary for most people, but for some reason this was assigning me a phantom IP address. On boot I'd see 3 IP addresses for my pi. I'd see 192.168.5.14(pi IP), 10.8.0.x(vpn IP), and 192.168.5.x(phantom IP) at the end of the boot message. I realized this was the last step that was messing up my route.

Good luck to anyone else attempting this. Patience is a virtue, especially the first week when you have to wait 2-3 days for your posts to be approved.

Also special thanks to Traffic. You seem to be the most active guy on this board. Your knowledge was much appreciated.

harryit
OpenVpn Newbie
Posts: 11
Joined: Fri Oct 24, 2014 11:37 am

Re: Can Connect to VPN but No internet

Post by harryit » Tue Dec 08, 2015 12:55 pm

Hello. I've had the same problem. I think there has been a Pi update after get update/upgrade which causes you to get another DHCP address as well as your PI static IP.

I've also left my etc/network/interfaces as per the BBC documentation: http://www.bbc.co.uk/news/technology-33548728 and this forum setup but for ethernet only (not wi-fi).

I believe you do have to copy some details from etc/network/interfaces to /etc/dhcpcd.conf but do you have your working settings for this? Or can someone explain what lines should be removed from the /etc/dhcpcd.conf file?

Thanks.

Post Reply