Ubuntu chroot server - No traffic - need help!

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
kurval
OpenVpn Newbie
Posts: 1
Joined: Mon Feb 04, 2019 8:18 pm

Ubuntu chroot server - No traffic - need help!

Post by kurval » Mon Feb 04, 2019 8:42 pm

I have installed Ubuntu 16.04 chroot mode on a rooted Android box with Linux Deploy to make it a OpenVPN server. I have diligently followed the guide at https://nanashi07.blogspot.com/2017/04/build-openvpn-server-on-android-device.html and the one at https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04 and I have used keys and certificates that do work correctly on a Windows server.

The OpenVPN client connects correctly to the server, but at that point it can't go outside. In facts, the only thing I managed to do from the client is ping 10.8.0.6 which is its own IP assigned by the VPN server, can't even ping the server itself. After studying a lot and spending 2 days playing around with configuration, I have come to the conclusion that I need to ask for some help. I can't understand what I am doing wrong.

In particular, some things that I did (as I see they are often reason for a problem similar to mine) are: modifying the /etc/sysctl.conf file, uncommenting

net.ipv4.ip_forward=1

modified /etc/ufw/before.rules with

#
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to wlan0
-A POSTROUTING -s 10.8.0.0/8 -o wlan0 -j MASQUERADE
COMMIT
# END OPENVPN RULES


modified the the /etc/default/ufw with

DEFAULT_FORWARD_POLICY="ACCEPT"

and I also changed the default input policy to "Accept" for now, this was not required but should not be the cause of my problem.

The openvpn server configuration is

port 443
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
tls-auth ta.key 0
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log


Ifconfig now reads


tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1156 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:91233 (91.2 KB) TX bytes:120 (120.0 B)

wlan0 Link encap:Ethernet HWaddr 3c:cf:5b:a7:d7:5d
inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::3ecf:5bff:fea7:d75d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:763819 errors:0 dropped:0 overruns:0 frame:0
TX packets:513452 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:407591448 (407.5 MB) TX bytes:210808696 (210.8 MB)

I can't really understand what I am doing wrong. I thought the reason was that I was testing with server and client on the same LAN, but then I have repeated the same steps after installing the server on a remote machine and I get the same issue. It might be that I am missing some linux libraries because when I stop and restart UFW I do get some errors (although I read that they should not be an the reason for my issue):

root@localhost:~/serverkeys# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
ERROR: problem running ufw-init
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/3.10.0/modules.dep.bin'
modprobe: FATAL: Module nf_conntrack_ftp not found in directory /lib/modules/3.10.0
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/3.10.0/modules.dep.bin'
modprobe: FATAL: Module nf_nat_ftp not found in directory /lib/modules/3.10.0
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/3.10.0/modules.dep.bin'
modprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/3.10.0
iptables-restore: line 85 failed
iptables-restore: line 30 failed
ip6tables-restore: line 138 failed

Problem running '/etc/ufw/before.rules'
Problem running '/etc/ufw/after.rules'
Problem running '/etc/ufw/before6.rules'

It's been a few days now that I am trying to figure out where the problem is with no luck... What am I doing wrong? A huge thank you to anyone who can help me out!

Post Reply