Connected to config but no internet access

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
ipts12
OpenVpn Newbie
Posts: 2
Joined: Tue Aug 13, 2019 4:20 am

Connected to config but no internet access

Post by ipts12 » Tue Aug 13, 2019 4:31 am

Hello well yesturday I have confinged my server and a CA server to host a OPENVPN server.
(https://www.digitalocean,com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-18-04)

After finishing up I have moved the client1.ovp to my PC as mentioned on the guide and I have tried to run it, I seem to be connected but no internet access, also the IP I got is not the IP of the server.

Please assist me

Here is my Log file (changed serverIP to - MYSERVERIP, and real IP to - REALIP)

Tue Aug 13 07:22:43 2019 NOTE: --user option is not implemented on Windows
Tue Aug 13 07:22:43 2019 NOTE: --group option is not implemented on Windows
Tue Aug 13 07:22:43 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Tue Aug 13 07:22:43 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Aug 13 07:22:43 2019 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10
Enter Management Password:
Tue Aug 13 07:22:43 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Aug 13 07:22:43 2019 Need hold release from management interface, waiting...
Tue Aug 13 07:22:43 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Aug 13 07:22:43 2019 MANAGEMENT: CMD 'state on'
Tue Aug 13 07:22:43 2019 MANAGEMENT: CMD 'log all on'
Tue Aug 13 07:22:43 2019 MANAGEMENT: CMD 'echo all on'
Tue Aug 13 07:22:43 2019 MANAGEMENT: CMD 'bytecount 5'
Tue Aug 13 07:22:43 2019 MANAGEMENT: CMD 'hold off'
Tue Aug 13 07:22:43 2019 MANAGEMENT: CMD 'hold release'
Tue Aug 13 07:22:43 2019 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Aug 13 07:22:43 2019 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Aug 13 07:22:43 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]MYSERVERIP:443
Tue Aug 13 07:22:43 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Aug 13 07:22:43 2019 Attempting to establish TCP connection with [AF_INET]MYSERVERIP:443 [nonblock]
Tue Aug 13 07:22:43 2019 MANAGEMENT: >STATE:1565670163,TCP_CONNECT,,,,,,
Tue Aug 13 07:22:44 2019 TCP connection established with [AF_INET]MYSERVERIP:443
Tue Aug 13 07:22:44 2019 TCP_CLIENT link local: (not bound)
Tue Aug 13 07:22:44 2019 TCP_CLIENT link remote: [AF_INET]MYSERVERIP:443
Tue Aug 13 07:22:44 2019 MANAGEMENT: >STATE:1565670164,WAIT,,,,,,
Tue Aug 13 07:22:44 2019 MANAGEMENT: >STATE:1565670164,AUTH,,,,,,
Tue Aug 13 07:22:44 2019 TLS: Initial packet from [AF_INET]MYSERVERIP:443, sid=8dbb4446 c5913237
Tue Aug 13 07:22:45 2019 VERIFY OK: depth=1, CN=Easy-RSA CA
Tue Aug 13 07:22:45 2019 VERIFY KU OK
Tue Aug 13 07:22:45 2019 Validating certificate extended key usage
Tue Aug 13 07:22:45 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Aug 13 07:22:45 2019 VERIFY EKU OK
Tue Aug 13 07:22:45 2019 VERIFY OK: depth=0, CN=server
Tue Aug 13 07:22:45 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Aug 13 07:22:45 2019 [server] Peer Connection Initiated with [AF_INET]MYSERVERIP:443
Tue Aug 13 07:22:46 2019 MANAGEMENT: >STATE:1565670166,GET_CONFIG,,,,,,
Tue Aug 13 07:22:46 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Aug 13 07:22:46 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Tue Aug 13 07:22:46 2019 OPTIONS IMPORT: timers and/or timeouts modified
Tue Aug 13 07:22:46 2019 OPTIONS IMPORT: --ifconfig/up options modified
Tue Aug 13 07:22:46 2019 OPTIONS IMPORT: route options modified
Tue Aug 13 07:22:46 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Aug 13 07:22:46 2019 OPTIONS IMPORT: peer-id set
Tue Aug 13 07:22:46 2019 OPTIONS IMPORT: adjusting link_mtu to 1626
Tue Aug 13 07:22:46 2019 OPTIONS IMPORT: data channel crypto options modified
Tue Aug 13 07:22:46 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Aug 13 07:22:46 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Aug 13 07:22:46 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Aug 13 07:22:46 2019 interactive service msg_channel=0
Tue Aug 13 07:22:46 2019 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=7 HWADDR=9c:b6:d0:c0:49:3d
Tue Aug 13 07:22:46 2019 open_tun
Tue Aug 13 07:22:46 2019 TAP-WIN32 device [Ethernet 4] opened: \\.\Global\{974AC092-3D37-48AA-9EA1-F08FCA3BFE91}.tap
Tue Aug 13 07:22:46 2019 TAP-Windows Driver Version 9.23
Tue Aug 13 07:22:46 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {974AC092-3D37-48AA-9EA1-F08FCA3BFE91} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Aug 13 07:22:46 2019 Successful ARP Flush on interface [65] {974AC092-3D37-48AA-9EA1-F08FCA3BFE91}
Tue Aug 13 07:22:46 2019 MANAGEMENT: >STATE:1565670166,ASSIGN_IP,,10.8.0.6,,,,
Tue Aug 13 07:22:51 2019 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Aug 13 07:22:51 2019 C:\Windows\system32\route.exe ADD MYSERVERIP MASK 255.255.255.255 192.168.1.1
Tue Aug 13 07:22:51 2019 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=50 and dwForwardType=4
Tue Aug 13 07:22:51 2019 Route addition via IPAPI succeeded [adaptive]
Tue Aug 13 07:22:51 2019 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Aug 13 07:22:51 2019 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Tue Aug 13 07:22:51 2019 Route addition via IPAPI succeeded [adaptive]
Tue Aug 13 07:22:51 2019 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Aug 13 07:22:51 2019 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Tue Aug 13 07:22:51 2019 Route addition via IPAPI succeeded [adaptive]
Tue Aug 13 07:22:51 2019 MANAGEMENT: >STATE:1565670171,ADD_ROUTES,,,,,,
Tue Aug 13 07:22:51 2019 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue Aug 13 07:22:51 2019 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Tue Aug 13 07:22:51 2019 Route addition via IPAPI succeeded [adaptive]
Tue Aug 13 07:22:51 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Aug 13 07:22:51 2019 Initialization Sequence Completed
Tue Aug 13 07:22:51 2019 MANAGEMENT: >STATE:1565670171,CONNECTED,SUCCESS,10.8.0.6,MYSERVERIP,443,MYREALIP,64896



On OVPN status it shows:

Bytes in: 3.9kb out: 363Kib

client1.ovp:

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
proto tcp
;proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 104.248.205.207 443
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
#ca ca.crt
#cert client.crt
#key client.key

# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
#tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Note that v2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC
auth SHA256
key-direction 1
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
#comp-lzo
# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20
<ca>

(After that line starts all the keys...)

ipts12
OpenVpn Newbie
Posts: 2
Joined: Tue Aug 13, 2019 4:20 am

Re: Connected to config but no internet access

Post by ipts12 » Tue Aug 13, 2019 5:18 am

Server is on ubuntu 18.4(VPS), CA is on ubuntu 18.4(VPS) and client is a PC

Post Reply