I can't access some websites from the VPN!!!

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
ducarpit
OpenVpn Newbie
Posts: 17
Joined: Tue Jun 06, 2017 10:39 am

I can't access some websites from the VPN!!!

Post by ducarpit » Thu Jul 06, 2017 7:18 am

Hi,
i configured a VPN server on my raspberry.
My company blocks social websites such as Facebook, Instagram ecc ecc
With the VPN i can access these sites very well without problem but i can't access the others websites (i can access only the websites that my company blocks...the others no).
It's very strange and i dont' knwo why.
I want acess all the web sites....
I can add others informations: i have another VPN (it's a PPTP type) and ALL web sites works very well!!!
This is my theory: the OpenVPN connection probably doesn't resolve all the addresses, maybe it only resolve the link blocked by my company: instead, i think the PPTP connection resolves ALL the addresses and all sites works.
Can someone help me?
Thanks

PS: if you want, i can post the server configuration or the client file, or the informations that you need.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: I can't access some websites from the VPN!!!

Post by TinCanTech » Thu Jul 06, 2017 12:02 pm


ducarpit
OpenVpn Newbie
Posts: 17
Joined: Tue Jun 06, 2017 10:39 am

Re: I can't access some websites from the VPN!!!

Post by ducarpit » Thu Jul 06, 2017 2:01 pm

TinCanTech wrote:Please see:
HOWTO: Request Help !
Hi,
the server SO is Raspbian Lite (latest version) and the client SO is Windows 10 PRO.

ducarpit
OpenVpn Newbie
Posts: 17
Joined: Tue Jun 06, 2017 10:39 am

Re: I can't access some websites from the VPN!!!

Post by ducarpit » Fri Jul 07, 2017 9:39 am

Any ideas? Thanks

ducarpit
OpenVpn Newbie
Posts: 17
Joined: Tue Jun 06, 2017 10:39 am

Problem with DNS!!! Help!!!

Post by ducarpit » Wed Jul 19, 2017 8:57 am

Hi,
i configured a VPN server on my raspberry.
My company blocks social websites such as Facebook, Instagram ecc ecc
With the VPN i can access these sites very well without problem but i can't access the others websites (i can access only the websites that my company blocks...the others no).
It's very strange and i dont' knwo why.
I want acess all the web sites....
I can add others informations: i have another VPN (it's a PPTP type) and ALL web sites works very well!!!
This is my theory: the OpenVPN connection probably doesn't resolve all the addresses, maybe it only resolve the link blocked by my company: instead, i think the PPTP connection resolves ALL the addresses and all sites works.
Can someone help me?
I tried also to add block-outside-dns in my client configuration file but it still doesn't work.

This is my server configuration:
Server configuration
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh1024.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.1.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 4
This is my client configuration:

Client configuration
client
dev tun
proto udp
remote ******
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
<ca>
-----BEGIN CERTIFICATE-----
************************************************************************************************************
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
************************************************************************************************************
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
************************************************************************************************************
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
************************************************************************************************************
</tls-auth>
Server: Raspbian Lite
OpenVPN server version:
OpenVPN server version
OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 27 2017
library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_maintainer_mode=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_ifconfig_path=/sbin/ifconfig with_iproute_path=/sbin/ip with_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_route_path=/sbin/route with_sysroot=no
Client: Windows 10 Pro
OpenVPN client version: OpenVPN GUI 11.6.0.0

Thanks a lot

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: I can't access some websites from the VPN!!!

Post by TinCanTech » Wed Jul 19, 2017 11:04 am

Wow .. you still have not read :
HOWTO: Request Help !

Which is why you continue to post in the Access Server Forum and not OpenVPN Forum
and now a moderator has had to merge and move your posts.

ducarpit
OpenVpn Newbie
Posts: 17
Joined: Tue Jun 06, 2017 10:39 am

Re: I can't access some websites from the VPN!!!

Post by ducarpit » Sat Jul 22, 2017 10:06 am

TinCanTech wrote:Wow .. you still have not read :
HOWTO: Request Help !

Which is why you continue to post in the Access Server Forum and not OpenVPN Forum
and now a moderator has had to merge and move your posts.
Simple: because i don't understand the HOWTO link. Why didn't you write "you have to post it in this [something] instead of "you still not read......"? I think it would be better!!!

ducarpit
OpenVpn Newbie
Posts: 17
Joined: Tue Jun 06, 2017 10:39 am

Problem with DNS!!! Web sites block!!!

Post by ducarpit » Mon Jul 24, 2017 7:32 am

Hi,
i configured a VPN server on my raspberry.
My company blocks social websites such as Facebook, Instagram ecc ecc
With the VPN i can access these sites very well without problem but i can't access the others websites (i can access only the websites that my company blocks...the others no).
It's very strange and i dont' knwo why.
I want acess all the web sites....
I can add others informations: i have another VPN (it's a PPTP type) and ALL web sites works very well!!!
This is my theory: the OpenVPN connection probably doesn't resolve all the addresses, maybe it only resolve the link blocked by my company: instead, i think the PPTP connection resolves ALL the addresses and all sites works.
Can someone help me?
I tried also to add block-outside-dns in my client configuration file but it still doesn't work.

This is my server configuration:
Server configuration
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh1024.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.1.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 4
This is my client configuration:
Client configuration
client
dev tun
proto udp
remote iu6djr.ddns.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
redirect-gateway def1
plugin fix-dns-leak-64.dll
block-outside-dns
<ca>
***********************************************************
</ca>
<cert>
***********************************************************
</cert>
<key>
***********************************************************
</key>
<tls-auth>
************************************************************
</tls-auth>

Server: Raspbian Lite
Server version
OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 27 2017
library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_maintainer_mode=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_ifconfig_path=/sbin/ifconfig with_iproute_path=/sbin/ip with_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_route_path=/sbin/route with_sysroot=no

Client: Windows 10 Pro
OpenVPN client version: OpenVPN GUI 11.6.0.0

Thanks a lot

Post Reply