[Solved] [Debian] Cannot reach some sites but can ping

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
iljyable
OpenVpn Newbie
Posts: 3
Joined: Mon Mar 20, 2023 11:13 am

[Solved] [Debian] Cannot reach some sites but can ping

Post by iljyable » Mon Mar 20, 2023 12:41 pm

I configured an openvpn server for the first time and it works well, except that I can't open some sites in the browser on the client, although I can ping them via the console.

Code: Select all

# ping instagram.com
PING instagram.com (31.13.72.174) 56(84) bytes of data.
64 bytes from 31.13.72.174: icmp_seq=1 ttl=54 time=125 ms
64 bytes from 31.13.72.174: icmp_seq=2 ttl=54 time=125 ms
64 bytes from 31.13.72.174: icmp_seq=3 ttl=54 time=125 ms
64 bytes from 31.13.72.174: icmp_seq=4 ttl=54 time=126 ms
64 bytes from 31.13.72.174: icmp_seq=5 ttl=54 time=125 ms
^C
--- instagram.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 6309ms
rtt min/avg/max/mdev = 124.761/125.192/125.662/0.317 ms
These sites are blocked by my internet service provider and when I'm not connected to a VPN I cannot even ping them. Some sites do not even ping on the client, although they do ping on the server.

Code: Select all

# ping rutracker.org
ping: rutracker.org: Name or service not known

Code: Select all

# ping rutracker.org
PING rutracker.org (104.21.72.173) 56(84) bytes of data.
64 bytes from 104.21.72.173 (104.21.72.173): icmp_seq=1 ttl=58 time=0.971 ms
64 bytes from 104.21.72.173 (104.21.72.173): icmp_seq=2 ttl=58 time=1.14 ms
64 bytes from 104.21.72.173 (104.21.72.173): icmp_seq=3 ttl=58 time=1.03 ms
64 bytes from 104.21.72.173 (104.21.72.173): icmp_seq=4 ttl=58 time=0.975 ms
^C
--- rutracker.org ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 0.971/1.029/1.142/0.069 ms
Other sites that were blocked by the internet service provider are now opening. For example soundcloud.com or twitter.com.

I followed the configuration instructions on the Debian wiki page and didn't add any other configuration. My OS is on an Archlinux client though.

I don't know how to diagnose the problem or find resources or documentation on how to log all traffic and find errors.

Please help me.

server.conf:

Code: Select all

port 1194
proto udp
dev tun

ca      /etc/openvpn/easy-rsa/pki/ca.crt
cert    /etc/openvpn/easy-rsa/pki/issued/server.crt
key     /etc/openvpn/easy-rsa/pki/private/server.key  # keep secret
dh      /etc/openvpn/easy-rsa/pki/dh.pem

topology subnet

server 10.9.8.0 255.255.255.0  # internal tun0 connection IP
ifconfig-pool-persist ipp.txt

push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"

keepalive 10 120

tls-auth /etc/openvpn/server/ta.key 0
auth-nocache

cipher AES-256-CBC
data-ciphers AES-256-CBC

persist-key
persist-tun

status /var/log/openvpn/openvpn-status.log

verb 3  # verbose mode

client-to-client
explicit-exit-notify 1

log /var/log/openvpn/openvpn.log
client.conf

Code: Select all

client
dev tun
proto udp

remote server.ip.address 1194             # [VPN server IP] [PORT]
redirect-gateway def1 bypass-dhcp
resolv-retry infinite
nobind

persist-key
persist-tun

ca      ./ca.crt
cert    ./issued/user.crt
key     ./private/user.key

remote-cert-tls server
tls-auth ./ta.key 1
auth-nocache

cipher AES-256-CBC
data-ciphers AES-256-CBC

mute-replay-warnings

verb 3

iljyable
OpenVpn Newbie
Posts: 3
Joined: Mon Mar 20, 2023 11:13 am

Re: [Solved] [Debian] Cannot reach some sites but can ping

Post by iljyable » Mon Mar 20, 2023 12:53 pm

Solved issue by adding following DHCP option to push Google DNS server to the client in the server config below push "redirect-gateway def1 bypass-dhcp" line.

Code: Select all

push "dhcp-option DNS 8.8.8.8"

Post Reply