Can't access internal ports after OpenVPN connect

[joggerjoel]

I've tried to read everywhere online but don't know what to fix this

After I connect to my secure VPN service, any applications listening on this machine can't route back via local network to the server which has VPN connection.

Here's my current setup after connection

# ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default

# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.111.134.193 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 172.17.42.1 0.0.0.0 UG 0 0 0 eth0
128.0.0.0 172.111.134.193 128.0.0.0 UG 0 0 0 tun0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.111.134.3 172.17.42.1 255.255.255.255 UGH 0 0 0 eth0
172.111.134.192 0.0.0.0 255.255.255.192 U 0 0 0 tun0

based on this internet example:
http://www.linuxquestions.org/questions ... 175511172/

I do the following:
1. PRIOR TO CONNECT
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.42.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0

2. test browser with vpn credentials point to 172.17.0.7:3128

3. connect to VPN
openvpn --config USA-FLORIDA-TCP.ovpn --auth-user-pass login.conf --ca ../ca.crt --tls-auth ../Wdc.key &

4. connected
# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:07
inet addr:172.17.0.7 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:97229 errors:0 dropped:0 overruns:0 frame:0
TX packets:73572 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:60980121 (60.9 MB) TX bytes:12391861 (12.3 MB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:367 errors:0 dropped:0 overruns:0 frame:0
TX packets:367 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:157548 (157.5 KB) TX bytes:157548 (157.5 KB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.111.134.197 P-t-P:172.111.134.197 Mask:255.255.255.192
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:648 (648.0 B) TX bytes:0 (0.0 B)

5. based on the localip of 172.17.0.7 and tunnelip of 172.111.134.197, I created a file:
# Generated by iptables-save v1.4.21 on Fri Nov 27 10:06:42 2015
*mangle
REROUTING ACCEPT [186:28568]
:INPUT ACCEPT [120:18920]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [418:39031]
OSTROUTING ACCEPT [418:39031]
COMMIT
# Completed on Fri Nov 27 10:06:42 2015
# Generated by iptables-save v1.4.21 on Fri Nov 27 10:06:42 2015
*nat
REROUTING ACCEPT [56:2874]
:INPUT ACCEPT [2:138]
:OUTPUT ACCEPT [1:54]
OSTROUTING ACCEPT [1:54]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -i tun+ -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.17.0.7:3128
-A POSTROUTING -s 172.111.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 172.17.0.0/24 -j MASQUERADE
-A POSTROUTING -o tun+ -j MASQUERADE
COMMIT
# Completed on Fri Nov 27 10:06:42 2015
# Generated by iptables-save v1.4.21 on Fri Nov 27 10:06:42 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT

6. iptables-restore < iptables.squid

7. Still proxy server is not able to connect in this vpn mode

netstat -a -n

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 172.17.0.7:35204 172.111.134.3:80 ESTABLISHED
tcp6 0 0 :::3128 :::* LISTEN
udp 0 0 0.0.0.0:34156 0.0.0.0:*
udp6 0 0 ::1:58023 ::1:52601 ESTABLISHED
udp6 0 0 ::1:52601 ::1:58023 ESTABLISHED
udp6 0 0 :::48847 :::*
raw 0 0 0.0.0.0:1 0.0.0.0:* 7
raw6 0 0 :::58 :::* 7

This is what I get when I turn of openvpn:

netstat -a -n
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 172.17.0.7:55844 54.230.72.26:443 ESTABLISHED
tcp 0 0 172.17.0.7:38310 94.31.29.154:443 ESTABLISHED
tcp 0 0 172.17.0.7:52229 216.58.221.238:443 TIME_WAIT
tcp 0 0 172.17.0.7:45005 216.58.197.110:443 ESTABLISHED
tcp 0 0 172.17.0.7:38311 94.31.29.154:443 ESTABLISHED
tcp 0 0 172.17.0.7:55846 54.230.72.26:443 ESTABLISHED
tcp 0 0 172.17.0.7:55845 54.230.72.26:443 ESTABLISHED
tcp 0 0 172.17.0.7:60771 216.58.197.99:443 ESTABLISHED
tcp 0 0 172.17.0.7:35204 172.111.134.3:80 TIME_WAIT
tcp 0 0 172.17.0.7:32924 108.174.10.10:443 ESTABLISHED
tcp 0 0 172.17.0.7:55843 54.230.72.26:443 ESTABLISHED
tcp 0 0 172.17.0.7:36122 74.125.204.95:443 ESTABLISHED
tcp 0 0 172.17.0.7:45020 216.58.197.110:443 ESTABLISHED
tcp 0 0 172.17.0.7:52863 216.58.221.74:443 ESTABLISHED
tcp 0 477 172.17.0.7:49628 54.243.43.15:443 ESTABLISHED
tcp 0 0 172.17.0.7:55847 54.230.72.26:443 ESTABLISHED
tcp 0 0 172.17.0.7:34035 216.58.221.237:443 TIME_WAIT
tcp 0 0 172.17.0.7:45006 216.58.197.110:443 ESTABLISHED
tcp6 0 0 :::3128 :::* LISTEN
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61426 ESTABLISHED
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61419 ESTABLISHED
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61423 ESTABLISHED
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61431 ESTABLISHED
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61428 ESTABLISHED
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61435 ESTABLISHED
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61433 ESTABLISHED
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61429 ESTABLISHED
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61420 ESTABLISHED
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61432 ESTABLISHED
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61424 ESTABLISHED
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61430 ESTABLISHED
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61427 ESTABLISHED
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61425 ESTABLISHED
tcp6 0 0 172.17.0.7:3128 192.168.1.119:61434 ESTABLISHED
udp 0 0 0.0.0.0:34156 0.0.0.0:*
udp6 0 0 ::1:58023 ::1:52601 ESTABLISHED
udp6 0 0 ::1:52601 ::1:58023 ESTABLISHED
udp6 0 0 :::48847 :::*
raw 0 0 0.0.0.0:1 0.0.0.0:* 7
raw6 0 0 :::58 :::* 7


using tcpdump:

no vpn
07:49:48.706456 IP 192.168.1.119.61585 > 0b3335d3f23e.3128: Flags [S], seq 795786212, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
07:49:48.706473 IP 0b3335d3f23e.3128 > 192.168.1.119.61585: Flags [S.], seq 1172464970, ack 795786213, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
07:49:48.707625 IP 192.168.1.119.61585 > 0b3335d3f23e.3128: Flags [.], ack 1, win 53248, length 0
07:49:48.708113 IP 192.168.1.119.61585 > 0b3335d3f23e.3128: Flags [P.], seq 1:119, ack 1, win 53248, length 118
07:49:48.708121 IP 0b3335d3f23e.3128 > 192.168.1.119.61585: Flags [.], ack 119, win 229, length 0
07:49:48.708184 IP 0b3335d3f23e.34156 > google-public-dns-a.google.com.domain: 15710+ A? api.ipify.org. (31)


vpn
07:51:23.401306 IP 192.168.1.119.61590 > 0b3335d3f23e.3128: Flags [S], seq 3368920263, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
07:51:26.401325 IP 192.168.1.119.61590 > 0b3335d3f23e.3128: Flags [S], seq 3368920263, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0

[Traffic]

3. connect to VPN
openvpn --config USA-FLORIDA-TCP.ovpn --auth-user-pass login.conf --ca ../ca.crt --tls-auth ../Wdc.key &

Does this VPN redirect your default gateway ?