Hi,
i configured a VPN server on my raspberry.
My company blocks social websites such as Facebook, Instagram ecc ecc
With the VPN i can access these sites very well without problem but i can't access the others websites (i can access only the websites that my company blocks...the others no).
It's very strange and i dont' knwo why.
I want acess all the web sites....
I can add others informations: i have another VPN (it's a PPTP type) and ALL web sites works very well!!!
This is my theory: the OpenVPN connection probably doesn't resolve all the addresses, maybe it only resolve the link blocked by my company: instead, i think the PPTP connection resolves ALL the addresses and all sites works.
Can someone help me?
Thanks
PS: if you want, i can post the server configuration or the client file, or the informations that you need.
Hi,
the server SO is Raspbian Lite (latest version) and the client SO is Windows 10 PRO.
Re: I can't access some websites from the VPN!!!
Posted: Fri Jul 07, 2017 9:39 am
by ducarpit
Any ideas? Thanks
Problem with DNS!!! Help!!!
Posted: Wed Jul 19, 2017 8:57 am
by ducarpit
Hi,
i configured a VPN server on my raspberry.
My company blocks social websites such as Facebook, Instagram ecc ecc
With the VPN i can access these sites very well without problem but i can't access the others websites (i can access only the websites that my company blocks...the others no).
It's very strange and i dont' knwo why.
I want acess all the web sites....
I can add others informations: i have another VPN (it's a PPTP type) and ALL web sites works very well!!!
This is my theory: the OpenVPN connection probably doesn't resolve all the addresses, maybe it only resolve the link blocked by my company: instead, i think the PPTP connection resolves ALL the addresses and all sites works.
Can someone help me?
I tried also to add block-outside-dns in my client configuration file but it still doesn't work.
This is my server configuration:
Server configuration
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh1024.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.1.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 4
This is my client configuration:
Client configuration
client
dev tun
proto udp
remote ******
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
<ca>
-----BEGIN CERTIFICATE-----
************************************************************************************************************
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
************************************************************************************************************
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
************************************************************************************************************
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
************************************************************************************************************
</tls-auth>
Server: Raspbian Lite
OpenVPN server version:
OpenVPN server version
OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 27 2017
library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_maintainer_mode=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_ifconfig_path=/sbin/ifconfig with_iproute_path=/sbin/ip with_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_route_path=/sbin/route with_sysroot=no
Client: Windows 10 Pro
OpenVPN client version: OpenVPN GUI 11.6.0.0
Which is why you continue to post in the Access Server Forum and not OpenVPN Forum
and now a moderator has had to merge and move your posts.
Simple: because i don't understand the HOWTO link. Why didn't you write "you have to post it in this [something] instead of "you still not read......"? I think it would be better!!!
Problem with DNS!!! Web sites block!!!
Posted: Mon Jul 24, 2017 7:32 am
by ducarpit
Hi,
i configured a VPN server on my raspberry.
My company blocks social websites such as Facebook, Instagram ecc ecc
With the VPN i can access these sites very well without problem but i can't access the others websites (i can access only the websites that my company blocks...the others no).
It's very strange and i dont' knwo why.
I want acess all the web sites....
I can add others informations: i have another VPN (it's a PPTP type) and ALL web sites works very well!!!
This is my theory: the OpenVPN connection probably doesn't resolve all the addresses, maybe it only resolve the link blocked by my company: instead, i think the PPTP connection resolves ALL the addresses and all sites works.
Can someone help me?
I tried also to add block-outside-dns in my client configuration file but it still doesn't work.
This is my server configuration:
Server configuration
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh1024.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.1.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 4
This is my client configuration:
Client configuration
client
dev tun
proto udp
remote iu6djr.ddns.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
redirect-gateway def1
plugin fix-dns-leak-64.dll
block-outside-dns
<ca>
***********************************************************
</ca>
<cert>
***********************************************************
</cert>
<key>
***********************************************************
</key>
<tls-auth>
************************************************************
</tls-auth>
Server: Raspbian Lite
Server version
OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 27 2017
library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_maintainer_mode=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_ifconfig_path=/sbin/ifconfig with_iproute_path=/sbin/ip with_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_route_path=/sbin/route with_sysroot=no
Client: Windows 10 Pro
OpenVPN client version: OpenVPN GUI 11.6.0.0