Connection to server success but no internet

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
vividou
OpenVpn Newbie
Posts: 2
Joined: Thu Sep 17, 2015 8:12 pm

Connection to server success but no internet

Post by vividou » Thu Sep 17, 2015 8:29 pm

Hello,

I want to install OpenVPN on my Raspberry Pi 2.

Using the following tutorial http://readwrite.com/2014/04/10/raspber ... b-browsing with some slight modifications, I have managed to install an OpenVPN on a Raspbian. It is working well, I can connect to the server and surf the Internet through the VPN.
Now, I want to install it on a Archlinux (for PI2). I have followed the same tutorial and used the same configuration files as for Raspbian (presented bellow). I can connect to the server but I cannot surf the Internet.
Each time I try to open a web page the log file shows the message MULTI: bad source address from client [....], packet dropped.

I don't understand why the config is working with one distro and not with the other. I have read several post presenting the problem but so far have no clue how to solve the problem...


Here are the configurations:
  • serve.conf:

Code: Select all

port 1194
proto udp
dev tun

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/rasp_server.crt
key /etc/openvpn/easy-rsa/keys/rasp_server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"

duplicate-cn
keepalive 10 120

tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC   # AES
comp-lzo
max-clients 10

user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log

log openvpn.log

verb 5
  • client.conf:

Code: Select all

client
dev tun
proto udp
remote XX.XX.XX.XX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
  • and I have enable forwarding with:

Code: Select all

net.ipv4.ip_forward=1
  • and allow the routing on firewall (this is different from the tutorial):

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Connection to server success but no internet

Post by Traffic » Fri Sep 18, 2015 11:23 pm

vividou wrote:Each time I try to open a web page the log file shows the message MULTI: bad source address from client [....], packet dropped.
https://community.openvpn.net/openvpn/w ... rt-failedq

// Your client Source address is unknown to your server.

vividou
OpenVpn Newbie
Posts: 2
Joined: Thu Sep 17, 2015 8:12 pm

Re: Connection to server success but no internet

Post by vividou » Sat Sep 19, 2015 4:19 pm

Why would it be different between Raspbian and Archlinux ARM?

Maybe I am wrong but creating the file suggested in he howto supposes the client IP does not change, no? I would prefer dhcp one.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Connection to server success but no internet

Post by Traffic » Mon Sep 21, 2015 10:08 am

vividou wrote:Each time I try to open a web page the log file shows the message MULTI: bad source address from client [....], packet dropped.
Using DHCP for your client is ok and you can still setup the solution above if the Arch machine is always in the same network. If you use it in a new location (eg: coffee shop etc) then you cannot guarantee the client LAN IP address and so that solution will not necessarily work .. But in that case, the "packet dropped" messages can be safely ignored.
vividou wrote:Now, I want to install it on a Archlinux (for PI2). <snip> I can connect to the server but I cannot surf the Internet.
According to the details you have posted, this suggests that this machine is using your LAN IP address as the source address (eg: 192.168.x.x) not the VPN IP address (eg: 10.8.0.6) while trying to browse the internet over the VPN. On archlinux you can use tcpdump to see the packets that pass over your VPN and verify this. If this is the case, you must configure archlinux to bind to the VPN IP address to send packets over the VPN.
vividou wrote:Why would it be different between Raspbian and Archlinux ARM?
All Linux Distros are different ..

Post Reply