lost local internet connectivity once connected to openvpn

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
kashyap009
OpenVPN User
Posts: 26
Joined: Tue Jul 13, 2021 10:23 am

lost local internet connectivity once connected to openvpn

Post by kashyap009 » Wed Jul 28, 2021 11:01 am

i have installed openvpn in centos 7.5 using github script. i am able to connect openvpn server and access my servers from my client device window 10 but as soon as i connected my local internet just stopped working........

However in network setting status show internet is working sending and reciving the packets.

kindly find my server and .ovpn details below.
_______________________________client_________________________________

client
proto udp
explicit-exit-notify
remote 164.52.216.107 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_7IiBwZCkZsRpkVFn name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3

_______________________________________-server___________________________
port 1194
proto udp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;push "dhcp-option DNS 94.140.14.14"
;push "dhcp-option DNS 94.140.15.15"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
;push "redirect-gateway def1 bypass-dhcp"
push "redirect-gateway def1"
____________________________________________________

Kindly let me know where i went wrong

Thanks in advance

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: lost local internet connectivity once connected to openvpn

Post by 300000 » Wed Jul 28, 2021 11:22 am

Can you access other computer on server side when connected? if you cant and only can access openvpn server . it mean you need ip forward and nat at openvpn server.

only said no internet not help at all . there are many thing make it stop and you need post log client too .

kashyap009
OpenVPN User
Posts: 26
Joined: Tue Jul 13, 2021 10:23 am

Re: lost local internet connectivity once connected to openvpn

Post by kashyap009 » Wed Jul 28, 2021 11:29 am

yes i can connect to other computers on servers side as well apart from openvpn server....

_____________________client log file___________________________________________________

2021-07-28 16:56:10 OpenVPN 2.5.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 17 2021
2021-07-28 16:56:10 Windows version 10.0 (Windows 10 or greater) 64bit
2021-07-28 16:56:10 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
Enter Management Password:
2021-07-28 16:56:10 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
2021-07-28 16:56:10 Need hold release from management interface, waiting...
2021-07-28 16:56:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
2021-07-28 16:56:10 MANAGEMENT: CMD 'state on'
2021-07-28 16:56:10 MANAGEMENT: CMD 'log all on'
2021-07-28 16:56:10 MANAGEMENT: CMD 'echo all on'
2021-07-28 16:56:10 MANAGEMENT: CMD 'bytecount 5'
2021-07-28 16:56:10 MANAGEMENT: CMD 'hold off'
2021-07-28 16:56:10 MANAGEMENT: CMD 'hold release'
2021-07-28 16:56:10 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2021-07-28 16:56:10 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-07-28 16:56:10 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2021-07-28 16:56:10 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-07-28 16:56:10 TCP/UDP: Preserving recently used remote address: [AF_INET]164.52.216.107:1194
2021-07-28 16:56:10 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-07-28 16:56:10 UDP link local: (not bound)
2021-07-28 16:56:10 UDP link remote: [AF_INET]164.52.216.107:1194
2021-07-28 16:56:10 MANAGEMENT: >STATE:1627471570,WAIT,,,,,,
2021-07-28 16:56:10 MANAGEMENT: >STATE:1627471570,AUTH,,,,,,
2021-07-28 16:56:10 TLS: Initial packet from [AF_INET]164.52.216.107:1194, sid=62a63527 f74101ae
2021-07-28 16:56:11 VERIFY OK: depth=1, CN=cn_pUm5lfUNZAcFnaCU
2021-07-28 16:56:11 VERIFY KU OK
2021-07-28 16:56:11 Validating certificate extended key usage
2021-07-28 16:56:11 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-07-28 16:56:11 VERIFY EKU OK
2021-07-28 16:56:11 VERIFY X509NAME OK: CN=server_7IiBwZCkZsRpkVFn
2021-07-28 16:56:11 VERIFY OK: depth=0, CN=server_7IiBwZCkZsRpkVFn
2021-07-28 16:56:11 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, peer certificate: 256 bit EC, curve prime256v1, signature: ecdsa-with-SHA256
2021-07-28 16:56:11 [server_7IiBwZCkZsRpkVFn] Peer Connection Initiated with [AF_INET]164.52.216.107:1194
2021-07-28 16:56:12 MANAGEMENT: >STATE:1627471572,GET_CONFIG,,,,,,
2021-07-28 16:56:12 SENT CONTROL [server_7IiBwZCkZsRpkVFn]: 'PUSH_REQUEST' (status=1)
2021-07-28 16:56:12 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
2021-07-28 16:56:12 OPTIONS IMPORT: timers and/or timeouts modified
2021-07-28 16:56:12 OPTIONS IMPORT: --ifconfig/up options modified
2021-07-28 16:56:12 OPTIONS IMPORT: route options modified
2021-07-28 16:56:12 OPTIONS IMPORT: route-related options modified
2021-07-28 16:56:12 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-07-28 16:56:12 OPTIONS IMPORT: peer-id set
2021-07-28 16:56:12 OPTIONS IMPORT: adjusting link_mtu to 1624
2021-07-28 16:56:12 OPTIONS IMPORT: data channel crypto options modified
2021-07-28 16:56:12 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2021-07-28 16:56:12 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2021-07-28 16:56:12 interactive service msg_channel=664
2021-07-28 16:56:12 ROUTE_GATEWAY 192.168.29.1/255.255.255.0 I=22 HWADDR=d8:9c:67:4e:93:fd
2021-07-28 16:56:12 open_tun
2021-07-28 16:56:12 tap-windows6 device [OpenVPN TAP-Windows6] opened
2021-07-28 16:56:12 TAP-Windows Driver Version 9.24
2021-07-28 16:56:12 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
2021-07-28 16:56:12 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {5EE52799-7F39-46FA-B038-2698B4A84523} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
2021-07-28 16:56:12 Successful ARP Flush on interface [17] {5EE52799-7F39-46FA-B038-2698B4A84523}
2021-07-28 16:56:12 MANAGEMENT: >STATE:1627471572,ASSIGN_IP,,10.8.0.2,,,,
2021-07-28 16:56:12 IPv4 MTU set to 1500 on interface 17 using service
2021-07-28 16:56:12 Blocking outside dns using service succeeded.
2021-07-28 16:56:17 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
2021-07-28 16:56:17 C:\WINDOWS\system32\route.exe ADD 164.52.216.107 MASK 255.255.255.255 192.168.29.1
2021-07-28 16:56:17 Route addition via service succeeded
2021-07-28 16:56:17 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1
2021-07-28 16:56:17 Route addition via service succeeded
2021-07-28 16:56:17 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
2021-07-28 16:56:17 Route addition via service succeeded
2021-07-28 16:56:17 Initialization Sequence Completed
2021-07-28 16:56:17 MANAGEMENT: >STATE:1627471577,CONNECTED,SUCCESS,10.8.0.2,164.52.216.107,1194,,
2021-07-28 16:57:22 SIGTERM received, sending exit notification to peer
2021-07-28 16:57:23 C:\WINDOWS\system32\route.exe DELETE 164.52.216.107 MASK 255.255.255.255 192.168.29.1
2021-07-28 16:57:23 Route deletion via service succeeded
2021-07-28 16:57:23 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.0.1
2021-07-28 16:57:23 Route deletion via service succeeded
2021-07-28 16:57:23 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.0.1
2021-07-28 16:57:23 Route deletion via service succeeded
2021-07-28 16:57:23 Closing TUN/TAP interface
2021-07-28 16:57:23 TAP: DHCP address released
2021-07-28 16:57:23 Unblocking outside dns using service succeeded.
2021-07-28 16:57:23 SIGTERM[soft,exit-with-notification] received, process exiting
2021-07-28 16:57:23 MANAGEMENT: >STATE:1627471643,EXITING,exit-with-notification,,,,,

Hope this will help

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: lost local internet connectivity once connected to openvpn

Post by TinCanTech » Wed Jul 28, 2021 11:31 am

kashyap009 wrote:
Wed Jul 28, 2021 11:01 am
i have installed openvpn in centos 7.5 using github script
What script ?


300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: lost local internet connectivity once connected to openvpn

Post by 300000 » Wed Jul 28, 2021 12:56 pm

Let tracert route first to see when client stop . open cmd on windows and type

Code: Select all

tracert   8.8.4.4


if stop at 10.8.0.1 it mean something at server stop it . maybe firewall or nat not work correct.

kashyap009
OpenVPN User
Posts: 26
Joined: Tue Jul 13, 2021 10:23 am

Re: lost local internet connectivity once connected to openvpn

Post by kashyap009 » Wed Jul 28, 2021 1:26 pm

Tracing route to 8.8.4.4 over a maximum of 30 hops

1 22 ms 23 ms 22 ms 10.8.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * *

yes you are right tracert stops at 10.8.0.1

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: lost local internet connectivity once connected to openvpn

Post by TinCanTech » Wed Jul 28, 2021 3:11 pm

I suggest you run the script again, only, do it correctly this time.

You may need to verify that the script supports your distro ..

kashyap009
OpenVPN User
Posts: 26
Joined: Tue Jul 13, 2021 10:23 am

Re: lost local internet connectivity once connected to openvpn

Post by kashyap009 » Thu Jul 29, 2021 4:33 am

i verified the script i used support centos 7 as well.

any how the above tracert which stops at 10.8.0.1 what i needs to check for the same.

below is the firewall reule i added in openvpn server. kindly check anything else is neds to add.


firewall-cmd --zone=public --add-port=1194/udp
firewall-cmd --zone=trusted --add-source=10.8.0.0/24
firewall-cmd --permanent --zone=public --add-port=1194/udp
firewall-cmd --permanent --zone=trusted --add-source=10.8.0.0/24


firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 172.16.112.85
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 172.16.112.85

kashyap009
OpenVPN User
Posts: 26
Joined: Tue Jul 13, 2021 10:23 am

Re: lost local internet connectivity once connected to openvpn

Post by kashyap009 » Thu Jul 29, 2021 10:39 am

300000 wrote:
Wed Jul 28, 2021 12:56 pm
Let tracert route first to see when client stop . open cmd on windows and type

Code: Select all

tracert   8.8.4.4


if stop at 10.8.0.1 it mean something at server stop it . maybe firewall or nat not work correct.
could you pls help with the same....what exactly needs to be check for the same

Thanks.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: lost local internet connectivity once connected to openvpn

Post by TinCanTech » Thu Jul 29, 2021 10:53 am

You need to report the problem to the script author, angristan.

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: lost local internet connectivity once connected to openvpn

Post by 300000 » Thu Jul 29, 2021 2:13 pm

You can try forward and nat to see if it work for your set up

Code: Select all

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

  /proc/sys/net/ipv4/ip_forward =1

kashyap009
OpenVPN User
Posts: 26
Joined: Tue Jul 13, 2021 10:23 am

Re: lost local internet connectivity once connected to openvpn

Post by kashyap009 » Fri Jul 30, 2021 3:48 am

thanks for the reply.

i did nat and ip forwarding as well but i think after doing ip forwading i need to restart network service which currently i am unable to do on my server , hopefully after restarting the network services my issue will get resolve.

once again thanks for your support.

will update once my issue get resolved .

kashyap009
OpenVPN User
Posts: 26
Joined: Tue Jul 13, 2021 10:23 am

Re: lost local internet connectivity once connected to openvpn

Post by kashyap009 » Fri Jul 30, 2021 10:06 am

300000 wrote:
Thu Jul 29, 2021 2:13 pm
You can try forward and nat to see if it work for your set up

Code: Select all

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

  /proc/sys/net/ipv4/ip_forward =1

still no luck after running above command and did ip forward aswell ...restart network service but still able to only access openvpn server able to ping 10.8.0.1 but lost my local internet as soon as i connected to vpn server

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: lost local internet connectivity once connected to openvpn

Post by 300000 » Fri Jul 30, 2021 11:05 am

Can you try two more iptable rule as

Code: Select all

iptables -I INPUT  -i tun0 -j ACCEPT 
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT 
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

kashyap009
OpenVPN User
Posts: 26
Joined: Tue Jul 13, 2021 10:23 am

Re: lost local internet connectivity once connected to openvpn

Post by kashyap009 » Fri Jul 30, 2021 11:12 am

did it before only but still issue persist

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: lost local internet connectivity once connected to openvpn

Post by TinCanTech » Fri Jul 30, 2021 12:08 pm

kashyap009 wrote:
Fri Jul 30, 2021 10:06 am
able to ping 10.8.0.1 but lost my local internet as soon as i connected to vpn server
That how angristan's script works.

kashyap009
OpenVPN User
Posts: 26
Joined: Tue Jul 13, 2021 10:23 am

Re: lost local internet connectivity once connected to openvpn

Post by kashyap009 » Fri Jul 30, 2021 12:17 pm

i am also thinking the same now .....could you please tell me as you are openvpn experts is it possible in openvpn to be connected to openvpn server without disturbing our local internet.....which is most of the scenario like using any hardware firewall...

thanks..

kashyap009
OpenVPN User
Posts: 26
Joined: Tue Jul 13, 2021 10:23 am

Re: lost local internet connectivity once connected to openvpn

Post by kashyap009 » Fri Jul 30, 2021 12:19 pm

and aslo the same script i run on my on prem server there as soon as i am connected to my vpn server my all local internet traffic goes from openvpn server which i dont to do to avoid unnecassry traffic to my servers...

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: lost local internet connectivity once connected to openvpn

Post by TinCanTech » Fri Jul 30, 2021 12:31 pm

Remove all this from your server config:
kashyap009 wrote:
Wed Jul 28, 2021 11:01 am

Code: Select all

;push "dhcp-option DNS 94.140.14.14"
;push "dhcp-option DNS 94.140.15.15"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
;push "redirect-gateway def1 bypass-dhcp"
push "redirect-gateway def1"
And read the Howto to learn what they do.

Post Reply