OpenVPN server not forwarding to internet

[sdc]

Hello, I have a computer running Ubuntu 16 with an openvpn server. This is the server configuration file

Code: Select all

port 443
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
cipher AES-128-CBC   # AES
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append  openvpn.log
verb 3

and this is the client configuration

Code: Select all

client
dev tun
proto tcp
remote xxx.xxx.xxx.xxx 443
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-128-CBC
auth SHA256
key-direction 1
comp-lzo
verb 3
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

on the server I ran

Code: Select all

sysctl -w net.ipv4.ip_forward=1

and the following script for the iptables

Code: Select all

eth=$1
proto=$2
port=$3

# OpenVPN
iptables -A INPUT -i "$eth" -m state --state NEW -p "$proto" --dport "$port" -j ACCEPT

# Allow TUN interface connections to OpenVPN server
iptables -A INPUT -i tun+ -j ACCEPT

# Allow TUN interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o "$eth" -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i "$eth" -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT

# NAT the VPN client traffic to the internet
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o "$eth" -j MASQUERADE

and I call it as

Code: Select all

sudo ./iptables.sh wls1 tcp 433

yesterday everything worked perfectly but now I can connect to the vpn but the internet traffic is not forwarded. I can ping 8.8.8.8 but not google.com. What could it be? Thanks

[TinCanTech]

I can ping 8.8.8.8 but not google.com. What could it be? Thanks

Could be your DNS is not resolving the name.

[sdc]

I'm using the open dns and I also tried with the Google one without getting it to work. Yesterday everything was fine

[TinCanTech]

The best advise I can give you is here:
viewtopic.php?f=30&t=22603

[sdc]

I found the problem, in /etc/resolv.conf int the client there were others nameserver. I changed them with nameserver 8.8.8.8 and 8.8.4.4 and worked. Shouldn't the options do this automatically? Thank you

Code: Select all

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

[TinCanTech]

It is updated by:

Code: Select all

script-security 2 
up /etc/openvpn/update-resolv-conf 
down /etc/openvpn/update-resolv-conf

so check your log for errors.