No internet connection when connecting to VPN

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
ohadb2
OpenVpn Newbie
Posts: 6
Joined: Thu Feb 16, 2017 1:31 pm

No internet connection when connecting to VPN

Post by ohadb2 » Tue Apr 18, 2017 9:40 am

Hi,

I installed VPN Server on my Windows computer.
When I tried to connect from my MAC computer I got this error:
Image

So I tried to add this line to the server config file:
push "redirect-gateway local def1"
(I set local because the windows connect via Wi-Fi, I tried to remove it but I still got the same issue).

But not when I connecting to the VPN I got this error:
Image

I tried to add google dns manually but still had the same problem.

My server config file:

Code: Select all

port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway local def1"
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
My client config file:

Code: Select all

client
dev tun
proto udp
remote 184.*.*.* 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "/Users/user/OpenVPN Client Config/ca.crt"
cert "/Users/user/OpenVPN Client Config/user.crt"
key "/Users/user/OpenVPN Client Config/user.key"
remote-cert-tls server
cipher AES-256-CBC
verb 3
Server log:

Code: Select all

Tue Apr 18 05:32:15 2017 5.28.155.* TLS: Initial packet from [AF_INET6]::ffff:5.28.155.*:52274, sid=cc3b2845 0b0c634c
Tue Apr 18 05:32:15 2017 5.28.155.* VERIFY OK: depth=1, C=US, ST=NY, L=NewYork, O=ALLN, OU=ICT, CN=ca, name=ca, emailAddress=user@gmail.com
Tue Apr 18 05:32:15 2017 5.28.155.* VERIFY OK: depth=0, C=US, ST=NY, L=NewYork, O=ALLN, OU=ICT, CN=user, name=user, emailAddress=user@gmail.com
Tue Apr 18 05:32:15 2017 5.28.155.* peer info: IV_VER=2.3.14
Tue Apr 18 05:32:15 2017 5.28.155.* peer info: IV_PLAT=mac
Tue Apr 18 05:32:15 2017 5.28.155.* peer info: IV_PROTO=2
Tue Apr 18 05:32:15 2017 5.28.155.* Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Apr 18 05:32:15 2017 5.28.155.* Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 18 05:32:15 2017 5.28.155.* Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Apr 18 05:32:15 2017 5.28.155.* Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 18 05:32:15 2017 5.28.155.* Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Apr 18 05:32:15 2017 5.28.155.* [user] Peer Connection Initiated with [AF_INET6]::ffff:5.28.155.*:52274
Tue Apr 18 05:32:15 2017 user/5.28.155.* MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Tue Apr 18 05:32:15 2017 user/5.28.155.* MULTI: Learn: 10.8.0.6 -> user/5.28.155.*
Tue Apr 18 05:32:15 2017 user/5.28.155.* MULTI: primary virtual IP for user/5.28.155.*: 10.8.0.6
Tue Apr 18 05:32:18 2017 user/5.28.155.* PUSH: Received control message: 'PUSH_REQUEST'
Tue Apr 18 05:32:18 2017 user/5.28.155.* SENT CONTROL [user]: 'PUSH_REPLY,redirect-gateway local def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0' (status=1)
Tue Apr 18 05:33:34 2017 read UDPv6: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 18 05:33:35 2017 read UDPv6: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 18 05:33:38 2017 read UDPv6: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 18 05:33:42 2017 read UDPv6: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 18 05:33:42 2017 read UDPv6: Connection reset by peer (WSAECONNRESET) (code=10054)
Client log:

Code: Select all

*Tunnelblick: OS X 10.12.4; Tunnelblick 3.7.0 (build 4790)
2017-04-18 12:36:55 *Tunnelblick: Attempting connection with client using shadow copy; Set nameserver = 769; monitoring connection
2017-04-18 12:36:55 *Tunnelblick: openvpnstart start client.tblk 1337 769 0 1 0 1098544 -ptADGNWradsgnw 2.3.14-openssl-1.0.2k
2017-04-18 12:36:55 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
     
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2k/openvpn
          --daemon
          --log
          /Library/Application Support/Tunnelblick/Logs/-SUsers-Suser-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sclient.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1098544.1337.openvpn.log
          --cd
          /Library/Application Support/Tunnelblick/Users/user/client.tblk/Contents/Resources
          --verb
          3
          --config
          /Library/Application Support/Tunnelblick/Users/user/client.tblk/Contents/Resources/config.ovpn
          --verb
          3
          --cd
          /Library/Application Support/Tunnelblick/Users/user/client.tblk/Contents/Resources
          --management
          127.0.0.1
          1337
          --management-query-passwords
          --management-hold
          --redirect-gateway
          def1
          --script-security
          2
          --route-up
          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
          --down
          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2017-04-18 12:36:55 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 28 2017
2017-04-18 12:36:55 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
2017-04-18 12:36:55 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-04-18 12:36:55 Need hold release from management interface, waiting...
2017-04-18 12:36:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-04-18 12:36:55 *Tunnelblick: openvpnstart starting OpenVPN
2017-04-18 12:36:56 *Tunnelblick: Established communication with OpenVPN
2017-04-18 12:36:56 MANAGEMENT: CMD 'pid'
2017-04-18 12:36:56 MANAGEMENT: CMD 'state on'
2017-04-18 12:36:56 MANAGEMENT: CMD 'state'
2017-04-18 12:36:56 MANAGEMENT: CMD 'bytecount 1'
2017-04-18 12:36:56 MANAGEMENT: CMD 'hold release'
2017-04-18 12:36:56 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-04-18 12:36:56 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-04-18 12:36:56 UDPv4 link local: [undef]
2017-04-18 12:36:56 UDPv4 link remote: [AF_INET]184.152.*.*:1194
2017-04-18 12:36:56 MANAGEMENT: >STATE:1492508216,WAIT,,,
2017-04-18 12:36:56 MANAGEMENT: >STATE:1492508216,AUTH,,,
2017-04-18 12:36:56 TLS: Initial packet from [AF_INET]184.152.*.*:1194, sid=928ac69f 855ae518
2017-04-18 12:36:56 VERIFY OK: depth=1, C=US, ST=NY, L=NewYork, O=ALLN, OU=ICT, CN=ca, name=ca, emailAddress=user@gmail.com
2017-04-18 12:36:56 Validating certificate key usage
2017-04-18 12:36:56 ++ Certificate has key usage  00a0, expects 00a0
2017-04-18 12:36:56 VERIFY KU OK
2017-04-18 12:36:56 Validating certificate extended key usage
2017-04-18 12:36:56 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2017-04-18 12:36:56 VERIFY EKU OK
2017-04-18 12:36:56 VERIFY OK: depth=0, C=US, ST=NY, L=NewYork, O=ALLN, OU=ICT, CN=ca, name=ca, emailAddress=user@gmail.com
2017-04-18 12:36:56 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2017-04-18 12:36:56 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-04-18 12:36:56 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2017-04-18 12:36:56 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-04-18 12:36:56 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2017-04-18 12:36:56 [ca] Peer Connection Initiated with [AF_INET]184.152.*.*:1194
2017-04-18 12:36:58 MANAGEMENT: >STATE:1492508218,GET_CONFIG,,,
2017-04-18 12:36:59 SENT CONTROL [ca]: 'PUSH_REQUEST' (status=1)
2017-04-18 12:37:00 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway local def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0'
2017-04-18 12:37:00 OPTIONS IMPORT: timers and/or timeouts modified
2017-04-18 12:37:00 OPTIONS IMPORT: --ifconfig/up options modified
2017-04-18 12:37:00 OPTIONS IMPORT: route options modified
2017-04-18 12:37:00 OPTIONS IMPORT: peer-id set
2017-04-18 12:37:00 OPTIONS IMPORT: adjusting link_mtu to 1560
2017-04-18 12:37:00 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-04-18 12:37:00 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-04-18 12:37:00 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-04-18 12:37:00 Opened utun device utun3
2017-04-18 12:37:00 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2017-04-18 12:37:00 MANAGEMENT: >STATE:1492508220,ASSIGN_IP,,10.8.0.6,
2017-04-18 12:37:00 /sbin/ifconfig utun3 delete
                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2017-04-18 12:37:00 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-04-18 12:37:00 /sbin/ifconfig utun3 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2017-04-18 12:37:00 /sbin/route add -net 0.0.0.0 10.8.0.5 128.0.0.0
                                        add net 0.0.0.0: gateway 10.8.0.5
2017-04-18 12:37:00 /sbin/route add -net 128.0.0.0 10.8.0.5 128.0.0.0
                                        add net 128.0.0.0: gateway 10.8.0.5
2017-04-18 12:37:00 MANAGEMENT: >STATE:1492508220,ADD_ROUTES,,,
2017-04-18 12:37:00 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255
                                        add net 10.8.0.1: gateway 10.8.0.5
                                        **********************************************
                                        Start of output from client.up.tunnelblick.sh
                                        NOTE: No network configuration changes need to be made.
                                        WARNING: Will NOT monitor for other network configuration changes.
                                        WARNING: Will NOT disable IPv6 settings.
                                        DNS servers '10.0.0.138' will be used for DNS queries when the VPN is active
                                        NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
                                        Flushed the DNS cache via dscacheutil
                                        /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                                        Notified mDNSResponder that the DNS cache was flushed
                                        End of output from client.up.tunnelblick.sh
                                        **********************************************
2017-04-18 12:37:02 *Tunnelblick: No 'connected.sh' script to execute
2017-04-18 12:37:02 Initialization Sequence Completed
2017-04-18 12:37:02 MANAGEMENT: >STATE:1492508222,CONNECTED,SUCCESS,10.8.0.6,184.152.*.*
2017-04-18 12:37:42 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's name after connecting.
2017-04-18 12:37:47 *Tunnelblick: Disconnecting; 'Disconnect' (toggle) menu command invoked
2017-04-18 12:37:47 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2017-04-18 12:37:47 *Tunnelblick: Disconnecting using 'kill'
2017-04-18 12:37:47 event_wait : Interrupted system call (code=4)
2017-04-18 12:37:47 /sbin/route delete -net 10.8.0.1 10.8.0.5 255.255.255.255
                                        delete net 10.8.0.1: gateway 10.8.0.5
2017-04-18 12:37:47 /sbin/route delete -net 0.0.0.0 10.8.0.5 128.0.0.0
                                        delete net 0.0.0.0: gateway 10.8.0.5
2017-04-18 12:37:47 /sbin/route delete -net 128.0.0.0 10.8.0.5 128.0.0.0
                                        delete net 128.0.0.0: gateway 10.8.0.5
2017-04-18 12:37:47 Closing TUN/TAP interface
2017-04-18 12:37:47 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun3 1500 1560 10.8.0.6 10.8.0.5 init
                                        **********************************************
                                        Start of output from client.down.tunnelblick.sh
                                        WARNING: Not restoring DNS settings because no saved Tunnelblick DNS information was found.
                                        Flushed the DNS cache via dscacheutil
                                        /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                                        Notified mDNSResponder that the DNS cache was flushed
                                        End of output from client.down.tunnelblick.sh
                                        **********************************************
2017-04-18 12:37:48 SIGTERM[hard,] received, process exiting
2017-04-18 12:37:48 MANAGEMENT: >STATE:1492508268,EXITING,SIGTERM,,
2017-04-18 12:37:49 *Tunnelblick: No 'post-disconnect.sh' script to execute
2017-04-18 12:37:49 *Tunnelblick: Expected disconnection occurred.
When I connect to the VPN, I try to make a ping to google:

Code: Select all

User-MacBook-Pro:~ user$ ping google.co.il
PING google.co.il (172.217.22.3): 56 data bytes
ping: sendto: No buffer space available
ping: sendto: No buffer space available
Request timeout for icmp_seq 0
ping: sendto: No buffer space available
Request timeout for icmp_seq 1
ping: sendto: No buffer space available
Request timeout for icmp_seq 2
ping: sendto: No buffer space available
Request timeout for icmp_seq 3
^C
--- google.co.il ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss


Thank you !

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: No internet connection when connecting to VPN

Post by TinCanTech » Tue Apr 18, 2017 12:56 pm

Googling "ping: sendto: No buffer space available"
suggests there is something wrong with your network.

I can not see any specific Openvpn problems in your client log file.

ronaldinho
OpenVpn Newbie
Posts: 15
Joined: Mon Apr 03, 2017 8:44 am

Re: No internet connection when connecting to VPN

Post by ronaldinho » Tue Apr 18, 2017 1:06 pm

Hmm, that's an interesting issue, I also can't see any specific OpenVpn issues. I will take another look later today.

Post Reply