[Solved] [Debian] Cannot reach some sites but can ping

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
iljyable
OpenVpn Newbie
Posts: 3
Joined: Mon Mar 20, 2023 11:13 am

[Solved] [Debian] Cannot reach some sites but can ping

Post by iljyable » Mon Mar 20, 2023 12:41 pm

I configured an openvpn server for the first time and it works well, except that I can't open some sites in the browser on the client, although I can ping them via the console.

Code: Select all

# ping instagram.com
PING instagram.com (31.13.72.174) 56(84) bytes of data.
64 bytes from 31.13.72.174: icmp_seq=1 ttl=54 time=125 ms
64 bytes from 31.13.72.174: icmp_seq=2 ttl=54 time=125 ms
64 bytes from 31.13.72.174: icmp_seq=3 ttl=54 time=125 ms
64 bytes from 31.13.72.174: icmp_seq=4 ttl=54 time=126 ms
64 bytes from 31.13.72.174: icmp_seq=5 ttl=54 time=125 ms
^C
--- instagram.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 6309ms
rtt min/avg/max/mdev = 124.761/125.192/125.662/0.317 ms
These sites are blocked by my internet service provider and when I'm not connected to a VPN I cannot even ping them. Some sites do not even ping on the client, although they do ping on the server.

Code: Select all

# ping rutracker.org
ping: rutracker.org: Name or service not known

Code: Select all

# ping rutracker.org
PING rutracker.org (104.21.72.173) 56(84) bytes of data.
64 bytes from 104.21.72.173 (104.21.72.173): icmp_seq=1 ttl=58 time=0.971 ms
64 bytes from 104.21.72.173 (104.21.72.173): icmp_seq=2 ttl=58 time=1.14 ms
64 bytes from 104.21.72.173 (104.21.72.173): icmp_seq=3 ttl=58 time=1.03 ms
64 bytes from 104.21.72.173 (104.21.72.173): icmp_seq=4 ttl=58 time=0.975 ms
^C
--- rutracker.org ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 0.971/1.029/1.142/0.069 ms
Other sites that were blocked by the internet service provider are now opening. For example soundcloud.com or twitter.com.

I followed the configuration instructions on the Debian wiki page and didn't add any other configuration. My OS is on an Archlinux client though.

I don't know how to diagnose the problem or find resources or documentation on how to log all traffic and find errors.

Please help me.

server.conf:

Code: Select all

port 1194
proto udp
dev tun

ca      /etc/openvpn/easy-rsa/pki/ca.crt
cert    /etc/openvpn/easy-rsa/pki/issued/server.crt
key     /etc/openvpn/easy-rsa/pki/private/server.key  # keep secret
dh      /etc/openvpn/easy-rsa/pki/dh.pem

topology subnet

server 10.9.8.0 255.255.255.0  # internal tun0 connection IP
ifconfig-pool-persist ipp.txt

push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"

keepalive 10 120

tls-auth /etc/openvpn/server/ta.key 0
auth-nocache

cipher AES-256-CBC
data-ciphers AES-256-CBC

persist-key
persist-tun

status /var/log/openvpn/openvpn-status.log

verb 3  # verbose mode

client-to-client
explicit-exit-notify 1

log /var/log/openvpn/openvpn.log
client.conf

Code: Select all

client
dev tun
proto udp

remote server.ip.address 1194             # [VPN server IP] [PORT]
redirect-gateway def1 bypass-dhcp
resolv-retry infinite
nobind

persist-key
persist-tun

ca      ./ca.crt
cert    ./issued/user.crt
key     ./private/user.key

remote-cert-tls server
tls-auth ./ta.key 1
auth-nocache

cipher AES-256-CBC
data-ciphers AES-256-CBC

mute-replay-warnings

verb 3
Top
iljyable
OpenVpn Newbie
Posts: 3
Joined: Mon Mar 20, 2023 11:13 am

Re: [Solved] [Debian] Cannot reach some sites but can ping

Post by iljyable » Mon Mar 20, 2023 12:53 pm

Solved issue by adding following DHCP option to push Google DNS server to the client in the server config below push "redirect-gateway def1 bypass-dhcp" line.

Code: Select all

push "dhcp-option DNS 8.8.8.8"
Top
Post Reply

Return to “Installation Help”