Hi,
I need to use VPN to access to samba network drives. The server openVPN and Samba are on the same machin (ubuntu 14.04). For my tests, I use a client with Win10.
The VPN connection is OK (mode tun - proto upd - port 1194 - NAT rules on modem and on my router RV042), I access to the server, ping the server, Samba drives, but as soon as the client is connected with VPN he loses internet. I try to configure the wifi connection of the client the DNS of Google before to connect to the VPN ( I read that it could come from a routing problem ) the same thing on the DNS of the virtual card of VPN (TAP-Windows Adapter V9).
I also entered these DNS into my OpenVPN configuration :
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
I have add to /etc/rc.local
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
As the configuration of the client's network (my Home) is similar of the server (my company) I try to use the shar connection of my phone, it's the same result (chrome give me a ERR_CONNECTION_TIMED_OUT).
I don't know where is the problem, maybe it's a problem with hardware (router ou modem) ou with the configuration ?
Thank's for yours replies and sorry for my bad english.
Manu.
OpenVPN : client can't access to internet
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Nov 14, 2016 11:40 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Nov 14, 2016 11:40 am
Re: OpenVPN : client can't access to internet
ok thank's I do it.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Nov 14, 2016 11:40 am
Re: OpenVPN : client can't access to internet
So, i send you all informations about my VPN (server and client)
My OpenVPN version is : 2.3.13
server.conf :
log server :
just lines that i think it's important....
for client's conf
and logs file
I hope that it's ok
Thank's.
Manu
My OpenVPN version is : 2.3.13
server.conf :
SERVER
server 10.8.0.0 255.255.255.0
port 1194
proto udp
dev tun
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
user nobody
group nogroup
persist-key
persist-tun
verb 4
port 1194
proto udp
dev tun
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
user nobody
group nogroup
persist-key
persist-tun
verb 4
just lines that i think it's important....
Code: Select all
...
Mon Nov 14 16:54:16 2016 us=333722 route_script = '[UNDEF]'
Mon Nov 14 16:54:16 2016 us=333729 route_default_gateway = '[UNDEF]'
Mon Nov 14 16:54:16 2016 us=333736 route_default_metric = 0
Mon Nov 14 16:54:16 2016 us=333743 route_noexec = DISABLED
Mon Nov 14 16:54:16 2016 us=333750 route_delay = 0
Mon Nov 14 16:54:16 2016 us=333757 route_delay_window = 30
Mon Nov 14 16:54:16 2016 us=333764 route_delay_defined = DISABLED
Mon Nov 14 16:54:16 2016 us=333771 route_nopull = DISABLED
Mon Nov 14 16:54:16 2016 us=333778 route_gateway_via_dhcp = DISABLED
Mon Nov 14 16:54:16 2016 us=333785 max_routes = 100
....
Mon Nov 14 16:54:16 2016 us=334658 server_network = 10.8.0.0
Mon Nov 14 16:54:16 2016 us=334666 server_netmask = 255.255.255.0
Mon Nov 14 16:54:16 2016 us=334677 server_network_ipv6 = ::
Mon Nov 14 16:54:16 2016 us=334684 server_netbits_ipv6 = 0
Mon Nov 14 16:54:16 2016 us=334692 server_bridge_ip = 0.0.0.0
Mon Nov 14 16:54:16 2016 us=334699 server_bridge_netmask = 0.0.0.0
Mon Nov 14 16:54:16 2016 us=334707 server_bridge_pool_start = 0.0.0.0
Mon Nov 14 16:54:16 2016 us=334715 server_bridge_pool_end = 0.0.0.0
Mon Nov 14 16:54:16 2016 us=334722 push_entry = 'redirect-gateway def1'
Mon Nov 14 16:54:16 2016 us=334729 push_entry = 'dhcp-option DNS 10.8.0.1'
Mon Nov 14 16:54:16 2016 us=334736 push_entry = 'route 10.8.0.1'
Mon Nov 14 16:54:16 2016 us=334742 push_entry = 'topology net30'
Mon Nov 14 16:54:16 2016 us=334749 push_entry = 'ping 10'
Mon Nov 14 16:54:16 2016 us=334756 push_entry = 'ping-restart 120'
....
CLIENT
client
dev tun
proto udp
remote x.x.x.x
resolv-retry infinite
nobind
ns-cert-type server
comp-lzo
route-method exe
route-delay 2
ca xx.xxx
cert xxxx.xxx
key xxxx.xxx
dev tun
proto udp
remote x.x.x.x
resolv-retry infinite
nobind
ns-cert-type server
comp-lzo
route-method exe
route-delay 2
ca xx.xxx
cert xxxx.xxx
key xxxx.xxx
Code: Select all
Mon Nov 14 16:56:17 2016 SIGUSR1[soft,ping-restart] received, process restarting
Mon Nov 14 16:56:17 2016 MANAGEMENT: >STATE:1479138977,RECONNECTING,ping-restart,,
Mon Nov 14 16:56:17 2016 Restart pause, 2 second(s)
Mon Nov 14 16:56:19 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Nov 14 16:56:19 2016 UDPv4 link local: [undef]
Mon Nov 14 16:56:19 2016 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Mon Nov 14 16:56:19 2016 MANAGEMENT: >STATE:1479138979,WAIT,,,
Mon Nov 14 16:56:19 2016 MANAGEMENT: >STATE:1479138979,AUTH,,,
Mon Nov 14 16:56:19 2016 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=9e9537e0 7981aaca
Mon Nov 14 16:56:21 2016 VERIFY OK: depth=1, C=XX, ST=XXX, L=Xxxxxx, O=XXXX XXX, OU=XX Xxxxx, CN=Xxxxx Xxxx XX, name=EasyRSA, emailAddress=xxxxx@xxxxx.xxx
Mon Nov 14 16:56:21 2016 VERIFY OK: nsCertType=SERVER
Mon Nov 14 16:56:21 2016 VERIFY OK: depth=0, C=XX, ST=XXX, L=Xxxxxx, O=XXXX XXX, OU=XX Xxxxx, CN=Xxxxx Xxxx XX, name=EasyRSA, emailAddress=xxxxx@xxxxx.xxx
Mon Nov 14 16:56:28 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 14 16:56:28 2016 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Mon Nov 14 16:56:28 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 14 16:56:28 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 14 16:56:28 2016 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Mon Nov 14 16:56:28 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 14 16:56:28 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Nov 14 16:56:28 2016 [AWSave] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Mon Nov 14 16:56:29 2016 MANAGEMENT: >STATE:1479138989,GET_CONFIG,,,
Mon Nov 14 16:56:30 2016 SENT CONTROL [AWSave]: 'PUSH_REQUEST' (status=1)
Mon Nov 14 16:56:30 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Mon Nov 14 16:56:30 2016 OPTIONS IMPORT: timers and/or timeouts modified
Mon Nov 14 16:56:30 2016 OPTIONS IMPORT: --ifconfig/up options modified
Mon Nov 14 16:56:30 2016 OPTIONS IMPORT: route options modified
Mon Nov 14 16:56:30 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Nov 14 16:56:30 2016 Preserving previous TUN/TAP instance: Ethernet 2
Mon Nov 14 16:56:30 2016 Initialization Sequence Completed
Mon Nov 14 16:56:30 2016 MANAGEMENT: >STATE:1479138990,CONNECTED,SUCCESS,10.8.0.6,x.x.x.x
Thank's.
Manu
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Nov 14, 2016 11:40 am
Re: OpenVPN : client can't access to internet
Thank's for your help. Finally, I don't use topology subnet, but I have found a solution while I searching information about topology subnet
I add :
# My network is in 192.168.0.x
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
and remove all push about redirect-gateway
Webtrafic don't go through the internet of my openVPN server but it's better in my case, I don't want that illegals downloads of my employee use my internet connection.
many thank's for all
I add :
# My network is in 192.168.0.x
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
and remove all push about redirect-gateway
Webtrafic don't go through the internet of my openVPN server but it's better in my case, I don't want that illegals downloads of my employee use my internet connection.
many thank's for all