Can ping, but cannot route web traffic through VPN

[trebordadda]

I am using a very basic setup. I can establish the VPN connection. I can ping from the server to the client; from the client to the server. However, I cannot route my web traffic through the VPN. When I try, the DNS lookup fails (error 105).

My firewalls are disabled on both ends.
I have IPEnableRouter set to 1 on the server.
I have port forwarded 1194 UDP on both the client and the server.
Still, cannot route web traffic through the VPN. Any help appreciated.


Server config:

dev tun
port 1194
ifconfig 10.8.0.1 10.8.0.2
secret "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\static.key"
verb 5

client config:

dev tun
ifconfig 10.8.0.2 10.8.0.1
secret "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\static.key"
redirect-gateway def1
verb 5

[janjust]

this is indeed very basic; from the VPN client, does

Code: Select all

ping 8.8.8.8

work?
if so, then add something like

Code: Select all

dhcp-option DNS 8.8.8.8

to the "client" config. This will cause the VPN client to use 8.8.8.8 for DNS lookups, which is a public google DNS server.

[trebordadda]

Thank you very much Jan. This worled like a charm.

[Chocomel]

Similar problem but I tried openvpn under Ubuntu running in vmware first and that worked fine.
Then I tried running it directly in Windows 7 and I get the same problem as described above; tunnel is up but no internet traffic. The proposed solution works (adding dns server 8.8.8.8) but is rather slow. How can I fix this properly?

My config:

Code: Select all

client2.conf
dev tun
proto udp
remote <myserver> 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client2.crt
key /etc/openvpn/client2.key
ns-cert-type server
comp-lzo
verb 3

server.conf
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key  # This file should be kept secret
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

And the verbose6 log:http://pastebin.com/w4cYGWKd

[Chocomel]

So after poking around with it, I settled with this:

First I looked up what DNS the server uses:

Code: Select all

~$ nslookup
> server
Default server: 4.2.2.1
Address: 4.2.2.1#53
Default server: 4.2.2.2
Address: 4.2.2.2#53

Then added to the server.conf

Code: Select all

push "dhcp-option 4.2.2.1"
push "dhcp-option 4.2.2.2"

Apparently windows must be spoonfed with a DNS, whilst Ubuntu can find its own way...