I have setup an OpenVPN server on a DigitalOcean VPS using this guide: ttps://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
Everything seemed fine during the setup. The problem is I can now connect to my server via OpenVPN GUI client but I can't reach internet. I can't even ping 8.8.8.8 or my vpnserver gateway (10.8.0.5)
Please note that I have setup another OPENVPN server on a different VPS a while ago and it works fine on the same client. so I think the problem is with NAT rules or firewall of the VPS. Please advice.
Here's my client (windows 10) iptable when not connected to VPN: (BTW, -.-.143.128 is my server public ip)
https://imgur.com/a/8HMMsZv
iptable when connected to VPN
https://imgur.com/BcIrfkL
my network adapter configs (ipconfig /all)
https://imgur.com/zGn1eK5
my server conf:
Code: Select all
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
key-direction 0
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
Code: Select all
client
dev tun
proto udp
remote -.-.143.128 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-128-CBC
auth SHA256
key-direction 1
comp-lzo
verb 3
<ca>
-----BEGIN CERTIFICATE-----
[b][i]SOME RANDOM LETTERS[/i][/b]
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=server/emailAddress=me@myhost.mydomain
Validity
Not Before: Nov 12 19:07:14 2018 GMT
Not After : Nov 9 19:07:14 2028 GMT
Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=client1/name=server/emailAddress=me@myhost.mydomain
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a7:7c:60:1a:8a:57:1b:3d:23:7b:66:24:b7:c3:
5c:9a:2a:43:03:18:bd:32:a9:f4:a6:ea:b2:31:60:
8a:74:3c:34:8b:c6:9e:bb:b3:89:0d:1f:5f:d0:d0:
1f:59:ff:5b:6a:52:a9:ff:9e:e8:d8:0f:4d:03:e9:
69:33:aa:58:33:87:0e:01:29:7e:50:ae:ec:e0:8f:
d7:05:30:c0:78:fc:b4:ab:72:c7:8b:32:e2:78:46:
ef:15:6a:e3:ac:f1:98:88:18:13:3f:6e:ac:7a:2b:
58:c7:9c:da:cb:10:4d:f9:eb:05:97:4d:a1:d6:11:
49:b3:6a:14:dc:42:bf:e4:c6:cf:a3:9e:38:56:ba:
f9:2a:1b:6d:1d:05:e3:72:7d:32:16:47:af:2b:e7:
02:16:e8:7e:c7:f7:69:c2:9f:31:39:f0:1c:56:6e:
6b:31:b2:22:6b:f0:1c:49:bb:f1:c9:c4:da:6e:f7:
e0:2d:fd:71:96:1f:3f:6f:53:85:01:3e:cb:80:db:
36:32:d4:77:c4:71:d2:62:23:24:bc:93:3d:3e:ae:
e0:43:e9:fa:dd:14:c6:bf:75:3b:eb:e5:12:e5:3a:
43:c5:69:1c:fd:dd:94:3e:8c:52:52:80:5e:38:7b:
41:82:54:ce:e4:7d:73:6b:b7:31:34:5f:de:b8:e6:
61:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
B4:DE:4F:9A:B4:F0:BA:75:B7:E8:3F:8A:7A:C0:BB:85:E3:5C:95:D9
X509v3 Authority Key Identifier:
keyid:2A:F1:92:5F:B4:28:43:DF:AF:80:1B:74:75:B9:DE:A2:DE:A8:1A:7D
DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=server/emailAddress=me@myhost.mydomain
serial:85:F0:EE:96:08:CC:B9:E0
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:client1
Signature Algorithm: sha256WithRSAEncryption
38:4f:19:99:7c:f5:27:53:73:ae:4a:f1:75:26:b4:8d:14:41:
ed:35:40:44:53:f3:9f:55:aa:31:a4:99:08:ca:66:63:6a:ca:
de:e9:a0:d7:4e:2a:c8:76:e2:d5:d6:d6:a7:75:09:ef:14:a4:
a7:ae:73:19:bb:2d:25:c5:a9:4e:73:4d:a2:a4:9b:1c:31:90:
98:0c:0b:ca:6f:74:d7:0f:76:a8:6f:c4:f5:62:62:59:27:ad:
20:97:5a:ce:a0:7b:a0:c2:9d:69:e6:9b:26:26:ed:3f:c9:f4:
0d:c4:02:8a:20:44:f5:61:70:fa:64:eb:27:78:d2:18:58:49:
a6:8d:e9:8f:e4:b0:90:fd:5e:44:7e:f6:c7:1d:d7:50:7e:ea:
db:d4:fe:f7:c4:a6:3e:32:a5:c8:d3:47:6d:f0:e4:97:fc:0d:
92:e1:15:73:0f:5a:a9:c1:fd:eb:43:e1:cf:42:a2:03:48:0e:
51:8a:ee:af:6f:a7:d7:50:e1:30:cf:36:40:3e:55:09:a6:33:
1f:71:82:c4:57:3a:2b:0f:8e:3b:3b:cf:38:b4:49:87:b0:ca:
25:8f:8e:ca:56:d8:e7:c2:d5:1b:ff:bd:bb:95:c4:61:45:19:
9c:f9:32:6e:b8:f1:1d:75:a8:f9:e4:34:6a:71:3e:5c:28:9f:
0b:22:e6:c0
-----BEGIN CERTIFICATE-----
[b][i]SOME RANDOM LETTERS[/i][/b]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
[b][i]SOME RANDOM LETTERS[/i][/b]
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
[b][i]SOME RANDOM LETTERS[/i][/b]
-----END OpenVPN Static key V1-----
</tls-auth>