Clientes OpenVPN no se conectan a internet

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
PedroV
OpenVpn Newbie
Posts: 3
Joined: Thu Oct 15, 2015 8:11 pm

Clientes OpenVPN no se conectan a internet

Post by PedroV » Mon Feb 15, 2016 11:11 am

Good morning, I take several weeks trying to set up my own OpenVPN server on CentOS with Webmin and I can not make the internet customer leaves the network interface of OpenVPN.

Client seamlessly connects to the server, as this assigns local IP address, but the network interface TAP stands on the client (Windows) does not have access to the Internet, but the Windows client, Internet keeps coming but public IP address of the client.

How I can do so that all client connections go online by the OpenVPN?

This is the OpenVPN server configuration:

Code: Select all

port 1194
proto udp
dev tun0
ca keys/unidadit/ca.crt
cert keys/unidadit/keyserver.crt
key keys/unidadit/keyserver.key
dh keys/unidadit/dh2048.pem
server 192.10.10.0 255.255.255.0
crl-verify keys/unidadit/crl.pem
cipher DES-CBC
user nobody
group abrt
status servers/ServidorVPN/logs/openvpn-status.log
log-append servers/ServidorVPN/logs/openvpn.log
verb 2
mute 20
max-clients 100
keepalive 10 120
client-config-dir /etc/openvpn/servers/ServidorVPN/ccd
comp-lzo
persist-key
persist-tun
ccd-exclusive
push "route 192.168.1.1 255.255.255.0"
This is the OpenVPN client configuration:

Code: Select all

client
proto udp
dev tun
ca ca.crt
dh dh2048.pem
cert keyclient.crt
key keyclient.key
remote 88.XX.XX.XX 1194
cipher DES-CBC
verb 2
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind
push "route 192.168.1.1 255.255.255.0"
These are network interfaces of the server:

Code: Select all

eth1      Link encap:Ethernet  HWaddr 00:0C:29:46:6F:82  
          inet addr:192.168.1.120  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe46:6f82/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13437 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8455 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:15450640 (14.7 MiB)  TX bytes:970015 (947.2 KiB)
          Interrupt:19 Base address:0x2024 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:2144 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2144 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:322621 (315.0 KiB)  TX bytes:322621 (315.0 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.10.10.1  P-t-P:192.10.10.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b
This is the log of events from the client to connect to the VPN:

Code: Select all

Mon Feb 15 11:09:50 2016 OpenVPN 2.3.10 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Feb  1 2016
Mon Feb 15 11:09:50 2016 Windows version 6.1 (Windows 7)
Mon Feb 15 11:09:50 2016 library versions: OpenSSL 1.0.1r  28 Jan 2016, LZO 2.09
Mon Feb 15 11:09:51 2016 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Feb 15 11:09:54 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Feb 15 11:09:54 2016 UDPv4 link local: [undef]
Mon Feb 15 11:09:54 2016 UDPv4 link remote: [AF_INET]88.XX.XX.XX:1194
Mon Feb 15 11:09:56 2016 VERIFY OK: depth=1, C=US, ST=NY, L=New York, O=My Org, emailAddress=me@my.org
Mon Feb 15 11:09:56 2016 VERIFY OK: depth=0, C=US, ST=NY, L=New York, O=My Org, OU=Office, CN=keyserver, emailAddress=me@my.org
Mon Feb 15 11:09:57 2016 Data Channel Encrypt: Cipher 'DES-CBC' initialized with 64 bit key
Mon Feb 15 11:09:57 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Feb 15 11:09:57 2016 Data Channel Decrypt: Cipher 'DES-CBC' initialized with 64 bit key
Mon Feb 15 11:09:57 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Feb 15 11:09:57 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Feb 15 11:09:57 2016 [keyserver] Peer Connection Initiated with [AF_INET]88.12.211.3:1194
Mon Feb 15 11:09:59 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Feb 15 11:09:59 2016 open_tun, tt->ipv6=0
Mon Feb 15 11:09:59 2016 TAP-WIN32 device [Conexión de área local 2] opened: \\.\Global\{30394E47-7DD2-4B6B-9200-6197BA60F180}.tap
Mon Feb 15 11:09:59 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.10.10.6/255.255.255.252 on interface {30394E47-7DD2-4B6B-9200-6197BA60F180} [DHCP-serv: 192.10.10.5, lease-time: 31536000]
Mon Feb 15 11:09:59 2016 Successful ARP Flush on interface [17] {30394E47-7DD2-4B6B-9200-6197BA60F180}
Mon Feb 15 11:10:04 2016 Warning: address 192.168.1.1 is not a network address in relation to netmask 255.255.255.0
Mon Feb 15 11:10:04 2016 ROUTE: route addition failed using CreateIpForwardEntry: El parámetro no es correcto.   [status=87 if_index=17]
Mon Feb 15 11:10:04 2016 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Mon Feb 15 11:10:04 2016 Initialization Sequence Completed

Greetings, thank you very much for your help.
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Clientes OpenVPN no se conectan a internet

Post by Traffic » Mon Feb 15, 2016 2:12 pm

PedroV wrote:server 192.10.10.0 255.255.255.0
This is not RFC1918 compliant .. which means it is routable over the internet and is a considerable security risk.

Also,
  • NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
:arrow: Never use 192.168.0.0/24 or 192.168.1.0/24 (or other common subnets) for your OpenVPN Server LAN :!:
  • You are advised to change your server LAN to a more unique RFC1918 compliant subnet. f.e 192.168.143.0/24
PedroV wrote:How I can do so that all client connections go online by the OpenVPN?
See the HOWTO:
HOWTO: Routing all client traffic (including web-traffic) through the VPN
Top
PedroV
OpenVpn Newbie
Posts: 3
Joined: Thu Oct 15, 2015 8:11 pm

Re: Clientes OpenVPN no se conectan a internet

Post by PedroV » Thu Feb 18, 2016 11:04 pm

Hello, thank you very much for your help, so I changed my client configuration file .ovpn well, and internet keeps coming for the customer router.

Code: Select all

push "redirect-gateway local def1 bypass-dhcp"
push "dhcp-option DNS 192.10.10.1"
client
proto udp
dev tun
ca ca.crt
dh dh2048.pem
This is the customer's network configuration:

Code: Select all

Configuración IP de Windows


Adaptador de Ethernet Conexión de área local 2:

   Sufijo DNS específico para la conexión. . :
   Vínculo: dirección IPv6 local. . . : fe80::9194:c54f:dbc3:878d%17
   Dirección IPv4. . . . . . . . . . . . . . : 192.10.10.6
   Máscara de subred . . . . . . . . . . . . : 255.255.255.252
   Puerta de enlace predeterminada . . . . . :

Adaptador de LAN inalámbrica Conexión de red inalámbrica:

   Sufijo DNS específico para la conexión. . :
   Vínculo: dirección IPv6 local. . . : fe80::f183:94d6:e123:5cc%13
   Dirección IPv4. . . . . . . . . . . . . . : 192.168.43.99
   Máscara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.43.1

Adaptador de Ethernet Conexión de área local:
I need to know how to make out Internet traffic from the VPN client, so you can plug in an Internet cafe, free wifi safely.

Greetings, thank you very much.
Top
User avatar
pazzovalerio
OpenVpn Newbie
Posts: 9
Joined: Fri Jan 19, 2018 8:28 pm

Re: Clientes OpenVPN no se conectan a internet

Post by pazzovalerio » Fri Jan 19, 2018 9:17 pm

PedroV wrote:Hello, thank you very much for your help, so I changed my client configuration file .ovpn well, and internet keeps coming for the customer router.

Code: Select all

push "redirect-gateway local def1 bypass-dhcp"
push "dhcp-option DNS 192.10.10.1"
client
proto udp
dev tun
ca ca.crt
dh dh2048.pem
This is the customer's network configuration:

Code: Select all

Configuración IP de Windows


Adaptador de Ethernet Conexión de área local 2:

   Sufijo DNS específico para la conexión. . :
   Vínculo: dirección IPv6 local. . . : fe80::9194:c54f:dbc3:878d%17
   Dirección IPv4. . . . . . . . . . . . . . : 192.10.10.6
   Máscara de subred . . . . . . . . . . . . : 255.255.255.252
   Puerta de enlace predeterminada . . . . . :

Adaptador de LAN inalámbrica Conexión de red inalámbrica:

   Sufijo DNS específico para la conexión. . :
   Vínculo: dirección IPv6 local. . . : fe80::f183:94d6:e123:5cc%13
   Dirección IPv4. . . . . . . . . . . . . . : 192.168.43.99
   Máscara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.43.1

Adaptador de Ethernet Conexión de área local:
I need to know how to make out Internet traffic from the VPN client, so you can plug in an Internet cafe, free wifi safely.

Greetings, thank you very much.
I also have this problem and I can not solve it

Inviato dal mio SM-G955F utilizzando Tapatalk

Top
Post Reply

Return to “Configuration”