[Solved] Connection established but no Internet connection.

Samples of working configurations.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Locked
ontaneas
OpenVpn Newbie
Posts: 1
Joined: Tue Dec 29, 2015 4:01 pm

[Solved] Connection established but no Internet connection.

Post by ontaneas » Tue Dec 29, 2015 7:38 pm

Hi there,

I read the whole day so much and spent about 8 hours to figure out what is wrong. I don't know what is wrong.... :( I appreciate any hints.
My OpenVPN-Server is running on Debian 7.8. I fail to get it working.
Could it be, there is some heavy DNS issue?
So this are my settings:
server.conf
;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert vpn-topos.crt
key vpn-topos.key # This file should be kept secret
dh dh4096.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
push "route 192.168.10.0 255.255.255.0"
push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
;user nobody
;group nogroup
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20
client.conf
appended extra code with no effect

Code: Select all

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
client.conf
client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote ip.my.ser.ver
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nogroup
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ./ca.crt
cert ./eymes.crt
key ./eymes.key
ns-cert-type server
;tls-auth ta.key 1
cipher AES-128-CBC
comp-lzo
verb 3
;mute 20
redirect-gateway
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
the start log

Code: Select all

Tue Dec 29 19:12:28 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Tue Dec 29 19:12:28 2015 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Dec 29 19:12:28 2015 Socket Buffers: R=[212992->131072] S=[212992->131072]
Tue Dec 29 19:12:28 2015 UDPv4 link local: [undef]
Tue Dec 29 19:12:28 2015 UDPv4 link remote: [AF_INET]ip.my.ser.ver:1194
Tue Dec 29 19:12:28 2015 TLS: Initial packet from [AF_INET]ip.my.ser.ver:1194, sid=f45ee217 515231c1
Tue Dec 29 19:12:28 2015 VERIFY OK: depth=1, C=CH, ST=BS, L=Basel, O=Fort-Funston, OU=changeme, CN=vpn.ip.my.ser.ver, name=topos, emailAddress=mail@post.com
Tue Dec 29 19:12:28 2015 VERIFY OK: nsCertType=SERVER
Tue Dec 29 19:12:28 2015 VERIFY OK: depth=0, C=DE, ST=BS, L=Brunn, O=Fort-Funston, OU=changeme, CN=vpn-topos, name=topos, emailAddress=mail@post.com
Tue Dec 29 19:12:29 2015 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Dec 29 19:12:29 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 29 19:12:29 2015 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Dec 29 19:12:29 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 29 19:12:29 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Tue Dec 29 19:12:29 2015 [vpn-topos] Peer Connection Initiated with [AF_INET]ip.my.ser.ver:1194
Tue Dec 29 19:12:31 2015 SENT CONTROL [vpn-topos]: 'PUSH_REQUEST' (status=1)
Tue Dec 29 19:12:32 2015 PUSH: Received control message: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 192.168.20.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Dec 29 19:12:32 2015 OPTIONS IMPORT: timers and/or timeouts modified
Tue Dec 29 19:12:32 2015 OPTIONS IMPORT: --ifconfig/up options modified
Tue Dec 29 19:12:32 2015 OPTIONS IMPORT: route options modified
Tue Dec 29 19:12:32 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Dec 29 19:12:32 2015 ROUTE_GATEWAY 192.168.178.1/255.255.255.0 IFACE=wlan0 HWADDR=60:57:18:d0:dd:42
Tue Dec 29 19:12:32 2015 TUN/TAP device tun0 opened
Tue Dec 29 19:12:32 2015 TUN/TAP TX queue length set to 100
Tue Dec 29 19:12:32 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Dec 29 19:12:32 2015 /sbin/ip link set dev tun0 up mtu 1500
Tue Dec 29 19:12:32 2015 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Tue Dec 29 19:12:32 2015 /etc/openvpn/update-resolv-conf tun0 1500 1558 10.8.0.6 10.8.0.5 init
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
Tue Dec 29 19:12:33 2015 /sbin/ip route add ip.my.ser.ver/32 via 192.168.178.1
Tue Dec 29 19:12:33 2015 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Tue Dec 29 19:12:33 2015 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Tue Dec 29 19:12:33 2015 /sbin/ip route add 192.168.10.0/24 via 10.8.0.5
Tue Dec 29 19:12:33 2015 /sbin/ip route add 192.168.20.0/24 via 10.8.0.5
Tue Dec 29 19:12:33 2015 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Tue Dec 29 19:12:33 2015 Initialization Sequence Completed
Tue Dec 29 19:12:35 2015 event_wait : Interrupted system call (code=4)
Tue Dec 29 19:12:35 2015 /sbin/ip route del 10.8.0.1/32
Tue Dec 29 19:12:35 2015 /sbin/ip route del 192.168.20.0/24
Tue Dec 29 19:12:35 2015 /sbin/ip route del 192.168.10.0/24
Tue Dec 29 19:12:35 2015 /sbin/ip route del ip.my.ser.ver/32
Tue Dec 29 19:12:35 2015 /sbin/ip route del 0.0.0.0/1
Tue Dec 29 19:12:35 2015 /sbin/ip route del 128.0.0.0/1
Tue Dec 29 19:12:35 2015 Closing TUN/TAP interface
Tue Dec 29 19:12:35 2015 /sbin/ip addr del dev tun0 local 10.8.0.6 peer 10.8.0.5
Tue Dec 29 19:12:35 2015 /etc/openvpn/update-resolv-conf tun0 1500 1558 10.8.0.6 10.8.0.5 init
Tue Dec 29 19:12:36 2015 SIGINT[hard,] received, process exiting
my route -n (client)

Code: Select all

Kernel-IP-Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.0.5        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.137.1   0.0.0.0         UG    0      0        0 wlan0
10.8.0.1        10.8.0.5        255.255.255.255 UGH   0      0        0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
128.0.0.0       10.8.0.5        128.0.0.0       UG    0      0        0 tun0
ip.my.ser.ver   192.168.137.1   255.255.255.255 UGH   0      0        0 wlan0
192.168.10.0    10.8.0.5        255.255.255.0   UG    0      0        0 tun0
192.168.20.0    10.8.0.5        255.255.255.0   UG    0      0        0 tun0
192.168.137.0   0.0.0.0         255.255.255.0   U     9      0        0 wlan0
my ip tables settings on my server

Code: Select all

iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT 
iptables -A INPUT -i tun+ -j ACCEPT 
iptables -A FORWARD -i tun+ -j ACCEPT 
iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT 
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
I got NO idea anymore what is going wrong.
Best regards and many thanks for some hints in advance!
:?

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Connection established but no Internet connection.

Post by Traffic » Wed Jan 06, 2016 3:40 pm

ontaneas wrote:client.conf
appended extra code with no effect
Code:
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Actually, this is working as per your log:
ontaneas wrote:Tue Dec 29 19:12:32 2015 /etc/openvpn/update-resolv-conf tun0 1500 1558 10.8.0.6 10.8.0.5 init
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
In fact, you appear to have everything in place but have you enabled IP_Forwarding on the server ?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: [Solved] Connection established but no Internet connection.

Post by TinCanTech » Tue Feb 21, 2017 4:48 pm

The Openvpn Crystal Ball speaketh .. enable ip_forwarding 8-)

Locked