archlinux 5.14.15-arch1-1 openvpn 2.5.4 connection ok client server no internet no internet ping

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Locked
dcastellacci
OpenVpn Newbie
Posts: 6
Joined: Wed Jan 26, 2022 3:57 pm

archlinux 5.14.15-arch1-1 openvpn 2.5.4 connection ok client server no internet no internet ping

Post by dcastellacci » Wed Jan 26, 2022 4:23 pm

Hello

Aprés la connection établie, je fais un ping www.google.fr rien ne ce passe. Je fais un essai avec un browser je consulte le page www.google.fr rien de ne se passe.

After the connection is established, I ping www.google.fr nothing happens. I try with a browser I consult the page www.google.fr nothing happens.

Voici ma configuration

My server openvpn

Code: Select all

plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so login
port 1194
proto udp
dev tun
ca Cert-Server/ca.crt
cert Cert-Server/server.crt
key Cert-Server/server.key
dh Cert-Server/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 185.148.79.11"
push "dhcp-option DNS 185.148.79.12"
keepalive 10 120
tls-auth Cert-Server/ta.key 0 # This file is secret
auth SHA512
cipher AES-256-GCM
comp-lzo
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1

My client openvpn

Code: Select all

client
dev tun
proto udp
remote vm26-18.hosteur.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca Cert-Client-vpn0/ca.crt
cert Cert-Client-vpn0/vpn0.crt 
key Cert-Client-vpn0/vpn0.key
auth-user-pass Cert-Client-vpn0/login.txt
auth-nocache
ns-cert-type server
tls-auth Cert-Client-vpn0/ta.key 1
auth SHA512
cipher AES-256-GCM
comp-lzo
verb 3
Message My server status

Code: Select all

Jan 26 16:11:09 vm26-18.hosteur.net systemd[1]: Starting OpenVPN service for vm26/18.hosteur.net/server...
Jan 26 16:11:09 vm26-18.hosteur.net vm26-18.hosteur.net-server[880]: WARNING: Compression for receiving enabled. Compression has been used in the pas>
Jan 26 16:11:09 vm26-18.hosteur.net systemd[1]: Started OpenVPN service for vm26/18.hosteur.net/server.
Jan 26 16:12:23 vm26-18.hosteur.net unix_chkpwd[898]: check pass; user unknown
Jan 26 16:12:23 vm26-18.hosteur.net unix_chkpwd[899]: check pass; user unknown
Jan 26 16:12:23 vm26-18.hosteur.net unix_chkpwd[899]: password check failed for user (vpn0)
Jan 26 16:12:23 vm26-18.hosteur.net openvpn[881]: pam_unix(login:auth): authentication failure; logname= uid=975 euid=975 tty= ruser= rhost=  user=vp>
Jan 26 16:12:24 vm26-18.hosteur.net openvpn[881]: pam_systemd_home(login:auth): Home for user vpn0 successfully acquired.

My server route

Code: Select all

]# ip route
default via 46.182.7.254 dev ens160 
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1 
46.182.7.0/24 dev ens160 proto kernel scope link src 46.182.7.90
My Server
Iptables -nvL

Code: Select all

# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
 9201  780K ACCEPT     all  --  ens160 *       0.0.0.0/0            0.0.0.0/0           
 2029 89232 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 39 packets, 2474 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
 8037  951K ACCEPT     all  --  *      ens160  0.0.0.0/0            0.0.0.0/0           
 2026 81016 ACCEPT     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0




My Client route

Code: Select all

# ip route
0.0.0.0/1 via 10.8.0.1 dev tun0 
default via 192.168.10.1 dev enp0s5 
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.4 
46.182.7.90 via 192.168.10.1 dev enp0s5 
128.0.0.0/1 via 10.8.0.1 dev tun0 
192.168.10.0/24 dev enp0s5 proto kernel scope link src 192.168.10.24 
192.168.10.0/24 dev enp0s5.1 proto kernel scope link src 192.168.10.100

My Client
iptables -nvL

Code: Select all

# iptables -nvL
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    6   441 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
 3751  286K ACCEPT     all  --  enp0s5 *       0.0.0.0/0            0.0.0.0/0           
 2016 80726 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  enp0s5.1 *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    6   441 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
 3605  304K ACCEPT     all  --  *      enp0s5  0.0.0.0/0            0.0.0.0/0           
 2095 94411 ACCEPT     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      enp0s5.1  0.0.0.0/0            0.0.0.0/0



I don't understand why I don't have internet access from the client.

When I am not connected with openvpn either on the server or on the client I have access to the internet without going through the openvpn connection

With the openvpn connection the client no longer has access to the internet



Je ne comprends pas pourquoi je n'ai pas acces a internet depuis le client.

Quand je ne suis pas connecté avec openvpn que ce soit sur le serveur ou sur le client j'ai acces à internet sans passé par la connexion openvpn

Avec la connexion openvpn le client n'a plus acces à internet


Thank you
Didier

User avatar
TinCanTech
Forum Team
Posts: 10693
Joined: Fri Jun 03, 2016 1:17 pm

Re: archlinux 5.14.15-arch1-1 openvpn 2.5.4 connection ok client server no internet no internet ping

Post by TinCanTech » Wed Jan 26, 2022 4:45 pm

You need to use NAT at the server firewall.

https://community.openvpn.net/openvpn/w ... oughtheVPN

dcastellacci
OpenVpn Newbie
Posts: 6
Joined: Wed Jan 26, 2022 3:57 pm

Re: archlinux 5.14.15-arch1-1 openvpn 2.5.4 connection ok client server no internet no internet ping

Post by dcastellacci » Wed Jan 26, 2022 5:54 pm

Hello

I had already configured the forward
: # more /etc/sysctl.d/sysctl.conf
#
net.ipv4.ip_forward=1

I tried push "redirect-gateway def1"

and tried push "redirect-gateway local def1"


and added on: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

nothing has changed




bonjour

j'avais déjà configuré le forward
: # more /etc/sysctl.d/sysctl.conf
#
net.ipv4.ip_forward=1

J'ai essayé push "redirect-gateway def1"

et esayé push "redirect-gateway local def1"


et ajouté le : iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

rien a changé

User avatar
TinCanTech
Forum Team
Posts: 10693
Joined: Fri Jun 03, 2016 1:17 pm

Re: archlinux 5.14.15-arch1-1 openvpn 2.5.4 connection ok client server no internet no internet ping

Post by TinCanTech » Wed Jan 26, 2022 5:55 pm

Go through the howto carefully.

dcastellacci
OpenVpn Newbie
Posts: 6
Joined: Wed Jan 26, 2022 3:57 pm

Re: archlinux 5.14.15-arch1-1 openvpn 2.5.4 connection ok client server no internet no internet ping

Post by dcastellacci » Thu Jan 27, 2022 2:11 pm

Hello

I found the problem here is what is wrong:

Code: Select all

vpn0/81.185.175.71:62698 SENT CONTROL [vpn0]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route-gateway 10.8.0.1,topol
ogy subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)

I have no idea how to solve the problem


If someone could help me?



Bonjour

J'ai repéré le probléme voici ce qui ne passe pas :

Code: Select all

vpn0/81.185.175.71:62698 SENT CONTROL [vpn0]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route-gateway 10.8.0.1,topol
ogy subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Je n'ai aucune idée pour résoudre le probléme


Si quelqu'un pouvait m'aider ?




Merci / Thank you
Didier

User avatar
TinCanTech
Forum Team
Posts: 10693
Joined: Fri Jun 03, 2016 1:17 pm

Re: archlinux 5.14.15-arch1-1 openvpn 2.5.4 connection ok client server no internet no internet ping

Post by TinCanTech » Thu Jan 27, 2022 3:15 pm

That is not an error .. it's supposed to do that.

dcastellacci
OpenVpn Newbie
Posts: 6
Joined: Wed Jan 26, 2022 3:57 pm

Re: archlinux 5.14.15-arch1-1 openvpn 2.5.4 connection ok client server no internet no internet ping

Post by dcastellacci » Fri Jan 28, 2022 2:24 pm

Hello openvpn

So here's the news

While traveling through : "Arch Linux openvpn" / rubrique : Routing client traffic through the server / section : Firewall configuration / iptables

Code: Select all

I put this : # iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE 
where :  # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
where :  # iptables -t nat -A POSTROUTING -j MASQUERADE

etho = your web interface

Code: Select all

It was not enough for me I had to add

iptables -A FORWARD -j ACCEPT 

Code: Select all

so my iptables configuration to be sure it works I had to do this :

# iptables -t nat -A POSTROUTING -j MASQUERADE
# iptables -A FORWARD -j ACCEPT
there it should work
otherwise there is another option

accept everything like this

Code: Select all

1) erase everything

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P INPUT ACCEPT
iptables -t mangle -P FORWARD ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT
iptables -t raw -F
iptables -t raw -X
iptables -t raw -P PREROUTING ACCEPT
iptables -t raw -P OUTPUT ACCEPT
iptables -t security -F
iptables -t security -X
iptables -t security -P INPUT ACCEPT
iptables -t security -P FORWARD ACCEPT
iptables -t security -P OUTPUT ACCEPT
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Code: Select all

2) then accept everything

iptables -A INPUT -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -A PREROUTING -j ACCEPT
iptables -t nat -A INPUT -j ACCEPT
iptables -t nat -A OUTPUT -j ACCEPT
iptables -t mangle -A POSTROUTING -j ACCEPT
iptables -t mangle -A PREROUTING -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A OUTPUT -j ACCEPT
iptables -t mangle -A FORWARD -j ACCEPT
iptables -t security -A INPUT -j ACCEPT
iptables -t security -A FORWARD -j ACCEPT
iptables -t security -A OUTPUT -j ACCEPT
iptables -t raw -A PREROUTING -j ACCEPT
iptables -t raw -A OUTPUT -j ACCEPT

there this time everything is open you have to do 1) and 2)

it is essential that it is like message from client and server at the end of connection message "Initialization Sequence Completed"

there is nothing to do on the client side with iptables all done on the openvpn server side



So my openvpn server/client configuration is :
A) server
B) client

connection B to A everything is OK I have internet and internet ping

However in my setup :
A)server
B)client
C)VM Virtual Machine

connection from C to A everything is almost OK, that is to say that the ping www.google.fr does not work, however the ping ip ping 8.8.8.8 works so I have internet without dns


I don't know what to do for my Virtual Mavhine VMs, i.e. have access to the dns


That's all for now


if you have ideas to have the dns running I am a taker


Thank you
Didier

dcastellacci
OpenVpn Newbie
Posts: 6
Joined: Wed Jan 26, 2022 3:57 pm

Re: archlinux 5.14.15-arch1-1 openvpn 2.5.4 connection ok client server no internet no internet ping

Post by dcastellacci » Fri Jan 28, 2022 3:23 pm

Hello

everything is ok everything works
I had to add this on the client side for the dns

Code: Select all

# Add New Test
script-security 2
up /usr/share/openvpn/contrib/pull-resolv-conf/client.up 
plugin /usr/lib/openvpn/plugins/openvpn-plugin-down-root.so "/usr/share/openvpn/contrib/pull-resolv-conf/client.down tun0"
Thank you
Didier

dcastellacci
OpenVpn Newbie
Posts: 6
Joined: Wed Jan 26, 2022 3:57 pm

Re: archlinux 5.14.15-arch1-1 openvpn 2.5.4 connection ok client server no internet no internet ping [Closed]

Post by dcastellacci » Fri Jan 28, 2022 3:26 pm

Closed
you can close the topic it's over

Locked