Internet connection lost when client logged in

Use this forum to share your network setup and what's been working for you.
Post Reply
chepalitos
OpenVpn Newbie
Posts: 3
Joined: Fri Dec 03, 2021 3:31 pm

Internet connection lost when client logged in

Post by chepalitos » Mon Dec 06, 2021 2:43 pm

Hi all,

When I make a vpn connection to an openvpn server, I loose the internet connection. The VPN works all right.
I am using Arch Linux and openvpn.

Client config

Code: Select all

client

dev tun

proto tcp

remote 157.92.27.217 443

resolv-retry infinite

nobind

user nobody
group nobody

persist-key
persist-tun

remote-cert-tls server

cipher AES-256-CBC
key-direction 1

verb 3
Response:

Code: Select all

2021-12-06 11:40:37 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-12-06 11:40:37 OpenVPN 2.5.4 [git:makepkg/3f7a85b9aebe7be0+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct  5 2021
2021-12-06 11:40:37 library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
2021-12-06 11:40:37 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-12-06 11:40:37 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-12-06 11:40:37 TCP/UDP: Preserving recently used remote address: [AF_INET]157.92.27.217:443
2021-12-06 11:40:37 Socket Buffers: R=[131072->131072] S=[16384->16384]
2021-12-06 11:40:37 Attempting to establish TCP connection with [AF_INET]157.92.27.217:443 [nonblock]
2021-12-06 11:40:37 TCP connection established with [AF_INET]157.92.27.217:443
2021-12-06 11:40:37 TCP_CLIENT link local: (not bound)
2021-12-06 11:40:37 TCP_CLIENT link remote: [AF_INET]157.92.27.217:443
2021-12-06 11:40:37 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2021-12-06 11:40:37 TLS: Initial packet from [AF_INET]157.92.27.217:443, sid=0385ccb7 9e45537b
2021-12-06 11:40:37 VERIFY OK: depth=1, CN=Easy-RSA CA
2021-12-06 11:40:37 VERIFY KU OK
2021-12-06 11:40:37 Validating certificate extended key usage
2021-12-06 11:40:37 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-12-06 11:40:37 VERIFY EKU OK
2021-12-06 11:40:37 VERIFY OK: depth=0, CN=sectec-server
2021-12-06 11:40:37 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2021-12-06 11:40:37 [sectec-server] Peer Connection Initiated with [AF_INET]157.92.27.217:443
2021-12-06 11:40:38 SENT CONTROL [sectec-server]: 'PUSH_REQUEST' (status=1)
2021-12-06 11:40:38 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.0.0.253,dhcp-option DNS 10.0.0.241,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.26 10.8.0.25,peer-id 0,cipher AES-256-GCM'
2021-12-06 11:40:38 OPTIONS IMPORT: timers and/or timeouts modified
2021-12-06 11:40:38 OPTIONS IMPORT: --ifconfig/up options modified
2021-12-06 11:40:38 OPTIONS IMPORT: route options modified
2021-12-06 11:40:38 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-12-06 11:40:38 OPTIONS IMPORT: peer-id set
2021-12-06 11:40:38 OPTIONS IMPORT: adjusting link_mtu to 1626
2021-12-06 11:40:38 OPTIONS IMPORT: data channel crypto options modified
2021-12-06 11:40:38 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-12-06 11:40:38 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-12-06 11:40:38 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-12-06 11:40:38 net_route_v4_best_gw query: dst 0.0.0.0
2021-12-06 11:40:38 net_route_v4_best_gw result: via 192.168.0.1 dev wlp2s0
2021-12-06 11:40:38 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp2s0 HWADDR=f8:59:71:c1:14:34
2021-12-06 11:40:38 TUN/TAP device tun0 opened
2021-12-06 11:40:38 net_iface_mtu_set: mtu 1500 for tun0
2021-12-06 11:40:38 net_iface_up: set tun0 up
2021-12-06 11:40:38 net_addr_ptp_v4_add: 10.8.0.26 peer 10.8.0.25 dev tun0
2021-12-06 11:40:38 net_route_v4_add: 157.92.27.217/32 via 192.168.0.1 dev [NULL] table 0 metric -1
2021-12-06 11:40:38 net_route_v4_add: 0.0.0.0/1 via 10.8.0.25 dev [NULL] table 0 metric -1
2021-12-06 11:40:38 net_route_v4_add: 128.0.0.0/1 via 10.8.0.25 dev [NULL] table 0 metric -1
2021-12-06 11:40:38 net_route_v4_add: 10.8.0.1/32 via 10.8.0.25 dev [NULL] table 0 metric -1
2021-12-06 11:40:38 GID set to nobody
2021-12-06 11:40:38 UID set to nobody
2021-12-06 11:40:38 Initialization Sequence Completed
I am not sure what I am doing wrong.

Thanks.

User avatar
TinCanTech
Forum Team
Posts: 10721
Joined: Fri Jun 03, 2016 1:17 pm

Re: Internet connection lost when client logged in

Post by TinCanTech » Mon Dec 06, 2021 2:58 pm

Search for: Enable IP_Forwarding

chepalitos
OpenVpn Newbie
Posts: 3
Joined: Fri Dec 03, 2021 3:31 pm

Re: Internet connection lost when client logged in

Post by chepalitos » Tue Dec 07, 2021 1:16 pm

Thanks Tin!
Seams it worked for me.
Ive use this two links to figure out the IP_Forwarding:
https://wiki.archlinux.org/title/Sysctl#Configuration
https://bbs.archlinux.org/viewtopic.php?id=208842

Post Reply