OpenVPN Support Forum

Posted: **Fri Feb 19, 2016 6:40 pm**

AFAIK your server virtual IP should not serve as DNS, instead comment out ALL (#) dhcp-option DNS x.x.x.x and leave it that way for the time being.

Thanks for this hint!

Welcome, now at least you know what caused the "some sites yes, some sites no" problem.

From the last server log I see:

PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'

Please try and add

Code: Select all

push "route 10.8.0.0 255.255.255.0"

to server config.

Advice:
Don`t change your config all the time because the ones trying to help will have a difficult time of understanding what`s going on, maybe losing interest to help (-;
I think for clarity, that you should repost your complete setup.....

Posted: **Fri Feb 19, 2016 7:50 pm**

Added push "route 10.8.0.0 255.255.255.0" to server config as suggested and restarted the server.
Result:
No Internetaccess
Ping fails:
root@h2384168:~# ping -I 10.8.0.1 10.8.0.2
PING 10.8.0.2 (10.8.0.2) from 10.8.0.1 : 56(84) bytes of data.
^C
--- 10.8.0.2 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms

Config server:
port 1194
proto udp
dev tun0
ca ./easy-rsa2/keys/ca.crt
cert ./easy-rsa2/keys/server.crt
key ./easy-rsa2/keys/server.key # This file should be kept secret
dh ./easy-rsa2/keys/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
push "redirect-gateway def1"
push "route 10.8.0.0 255.255.255.0"
status openvpn-status.log
log-append openvpn.log
verb 4

Config client:
client
dev tun
proto udp
remote 85.214.80.189 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca c:/Programme/OpenVPN/config/keys/ca.crt
cert c:/Programme/OpenVPN/config/keys/tenckhoff.crt
key c:/Programme/OpenVPN/config/keys/tenckhoff.key
comp-lzo
verb 4

Posted: **Sat Feb 20, 2016 9:46 am**

Your last config looks ok to me, so i think that now you need to look at routing and iptables, which I don`t know enough about.
And for testing I would disable IPv6.

Posted: **Sat Feb 20, 2016 12:32 pm**

Kulturmensch wrote:Ping fails:
root@h2384168:~# ping -I 10.8.0.1 10.8.0.2

If this fails then either your VPN is not operational or a firewall blocks you.

Kulturmensch wrote:It was the wrong forwarding directive by the Router what I checked due to your firewall comment. Now ping works in all directions.

Whatever you mean by this it is important .. your router should not have any effect on packets sent via the tunnel .. so you must figure out what this is doing .. or perhaps you have used the wrong words ?

Posted: **Sat Feb 20, 2016 9:51 pm**

In my configuration I have to take care of 3 firewalls which are working in the client, the router (has an own one) and the server.
However, thank you for your help, I stop this project now because it is to time consuming and a possible success seems to be not very close.

Posted: **Mon Feb 22, 2016 1:04 pm**

I am back to let you know that I could not stop to look for a solution (as recently posted)- ,now it works!!!
Please let me know if you would like to read my final configuration here. However, thank you very much indeed for your help! Now I will feel more save when I try to get access to my bank accounts in Germany while travelling through Korea.
Regards
Jürgen

Posted: **Sun Nov 18, 2018 8:33 pm**

Hello,

Have the same problem.
Client to server working fine.
Server to client fails.
Can you tell me what was the final configuration and it worked?

Posted: **Thu Aug 15, 2019 7:51 am**

Kulturmensch wrote: ↑
Tue Feb 16, 2016 8:39 am

[...]

IP:
If OpenVpn is in operation I cannot get access to sites checking my IP (i.e. http://www.cogipas.com/whats-my-ip/)
but using the service by https://wie-ist-meine-aktuelle-ip.de/ the following happens:
Without VPN this site shows my IP4 address, with VPN it shows a IP6 address.

As I suppose it will be an iptables/routing issue of my root server here is what comes up using route - v on my server:

Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
default 85.214.64.1 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 * 255.255.255.0 U 0 0 0 tun0
85.214.64.1 * 255.255.255.255 UH 0 0 0 eth0

Any idea/help?

Did you find out why you can only access some sites and not others. Seems odd. Might be helpful for a different issue i have.

o/

OpenVPN Support Forum

client->server: ping ok, server->client: ping fails +Plesk

Re: client->server: ping ok, server->client: ping fails +Ple

Re: client->server: ping ok, server->client: ping fails +Ple

Re: client->server: ping ok, server->client: ping fails +Ple

Re: client->server: ping ok, server->client: ping fails +Ple

Re: client->server: ping ok, server->client: ping fails +Ple

Re: client->server: ping ok, server->client: ping fails +Ple

Re: client->server: ping ok, server->client: ping fails +Plesk

Re: client->server: ping ok, server->client: ping fails +Plesk