Connects to OpenVPN but no internet...

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
jgasmussen
OpenVpn Newbie
Posts: 3
Joined: Mon Dec 23, 2013 4:43 am

Connects to OpenVPN but no internet...

Post by jgasmussen » Sat Dec 28, 2013 8:53 pm

Hello, I am having trouble configuring my setup to successfully work with my iPhone. I have read a lot of other posts concerning this same matter and tried to fix it myself with the suggestions that were provided, but I havent had any luck. I know that I'm overlooking something (probably something REALLY simple) and would really appreciate some help.

I have my own OpenVPN server setup at my house running Ubuntu 12.04 LTS server.
I have a Netgear R6300 router - with my LAN settings:

10.100.200.1 = Router access
10.100.200.101 = Static LAN IP for my server

***EDITED TO ADD***
Port 40 is my chosen port for OpenVPN to work off of.
I have port 40 forwarded to my server at 10.100.200.101
I have two static routes selected in my router:
1. Destination of 10.8.0.0 / Gateway of 10.100.200.101
2. Destination of 10.100.200.0 / Gateway of 10.8.0.1

I am also running UFW with the following rules:
root@Server1:/etc# ufw status
Status: active

To Action From
-- ------ ----
22 ALLOW Anywhere
80 ALLOW Anywhere
40 ALLOW Anywhere
40/tcp ALLOW Anywhere
40/udp ALLOW Anywhere
22 ALLOW Anywhere (v6)
80 ALLOW Anywhere (v6)
40 ALLOW Anywhere (v6)
40/tcp ALLOW Anywhere (v6)
40/udp ALLOW Anywhere (v6)
***END EDIT***


(I can successfully connect to my OpenVPN server using both my windows laptop and my Ubuntu laptop - just not with my iPhone 4s running iOS7.)

Here are my settings:

Code: Select all

# OpenVPN server.conf:

port 40
proto udp
dev tun
ca (MY_SERVER_CA).crt 
cert (MY_SERVER_CERT).crt
key (MY_SERVER_KEY.key)
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1"
keepalive 10 180
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append  openvpn.log
verb 3
mute 20
Here is my /etc/rc.local file with my iptables settings:

Code: Select all

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth2 -j MASQUERADE

exit 0

Code: Select all

# client.ovpn file:     (NOTE: Yes, I saved the client.ovpn file in the UTF-8 format)

client
dev tun0
proto udp
remote XXX.XXX.XXX.XXX 40
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cer-type server
comp-lzo
verb 3
mute 20

<ca>
-----BEGIN CERTIFICATE-----
***MY CA DATA***
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
***MY CERT DATA***
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
***MY KEY DATA***
-----END PRIVATE KEY-----
</key>
* I also copied these ca.crt, client.crt, client.key files to the iPhone through iTunes into the OpenVPN app.

Here is the most recent copy of my logfile from the OpenVPN app on my iPhone:

Code: Select all

2013-12-28 14:31:29 ----- OpenVPN Start (iOS 32-bit) -----
2013-12-28 14:31:29 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
8 [ns-cer-type] [server]
10 [verb] [3]
11 [mute] [20]
 
2013-12-28 14:31:29 LZO-ASYM init swap=0 asym=0
2013-12-28 14:31:29 EVENT: RESOLVE
2013-12-28 14:31:29 Contacting MY_IP_ADDRESS:40 via UDP
2013-12-28 14:31:29 EVENT: WAIT
2013-12-28 14:31:29 Connecting to MY_IP_ADDRESS:40 (75.65.191.194) via UDPv4
2013-12-28 14:31:30 EVENT: CONNECTING
2013-12-28 14:31:30 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2013-12-28 14:31:30 Peer Info:
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1
 
2013-12-28 14:31:31 VERIFY OK: depth=1
cert. version : 3
serial number : AD:86:10:0E:D0:84:E4:CF
issuer name  : C=US, ST=LA, L=CITY, O=MY_INFO OU=MY_INFO, CN=MY_INFO, emailAddress=info@myemail.com
subject name  : C=US, ST=LA, L=CITY, O=MY_INFO, OU=MY_INFO, CN=MY_INFO, emailAddress=info@myemail.com
issued  on    : 2013-12-24 03:39:19
expires on    : 2023-12-22 03:39:19
signed using  : RSA+SHA1
RSA key size  : 1024 bits
 
2013-12-28 14:31:31 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name  : C=US, ST=LA, L=CITY, O=MY_INFO, OU=MY_INFO, CN=MY_INFO, emailAddress=info@myemail.com
subject name  : C=US, ST=LA, L=CITY, O=MY_INFO, OU=MY_INFO, CN=MY_INFO, emailAddress=info@myemail.com
issued  on    : 2013-12-24 03:40:51
expires on    : 2023-12-22 03:40:51
signed using  : RSA+SHA1
RSA key size  : 1024 bits
 
2013-12-28 14:31:31 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2013-12-28 14:31:31 Session is ACTIVE
2013-12-28 14:31:32 EVENT: GET_CONFIG
2013-12-28 14:31:32 Sending PUSH_REQUEST to server...
2013-12-28 14:31:33 OPTIONS:
0 [route] [10.8.0.0] [255.255.255.0]
1 [redirect-gateway] [def1] [bypass-dhcp]
2 [dhcp-option] [DNS] [10.8.0.1]
3 [route] [10.8.0.1]
4 [topology] [net30]
5 [ping] [10]
6 [ping-restart] [180]
7 [ifconfig] [10.8.0.10] [10.8.0.9]
 
2013-12-28 14:31:33 LZO-ASYM init swap=0 asym=0
2013-12-28 14:31:33 EVENT: ASSIGN_IP
2013-12-28 14:31:33 Connected via tun
2013-12-28 14:31:33 EVENT: CONNECTED @ID_ADDRESS:40 (IP_ADDRESS) via /UDPv4 on tun/10.8.0.10/
2013-12-28 14:32:56 OS Event: SLEEP
2013-12-28 14:32:56 EVENT: PAUSE
2013-12-28 14:32:59 OS Event: WAKEUP
2013-12-28 14:33:04 OS Event: SLEEP
2013-12-28 14:35:03 OS Event: WAKEUP
2013-12-28 14:35:10 EVENT: DISCONNECTED
2013-12-28 14:35:10 Raw stats on disconnect:
  BYTES_IN : 4333
  BYTES_OUT : 4000
  PACKETS_IN : 46
  PACKETS_OUT : 55
  TUN_BYTES_IN : 580
  TUN_PACKETS_IN : 8
  N_PAUSE : 1
2013-12-28 14:35:10 Performance stats on disconnect:
  CPU usage (microseconds): 156469
  Tunnel compression ratio (downlink): inf
  Network bytes per CPU second: 53256
  Tunnel bytes per CPU second: 3706
2013-12-28 14:35:10 ----- OpenVPN Stop -----
I realize that this is a lot to digest all at once and appreciate you taking the time to help me figure this out. I will post anything else that you may need for me to run for further diagnostics.

THANKS!
Top
jgasmussen
OpenVpn Newbie
Posts: 3
Joined: Mon Dec 23, 2013 4:43 am

Re: Connects to OpenVPN but no internet...

Post by jgasmussen » Wed Jan 01, 2014 6:28 pm

So I got it fixed...

For anyone else that may have the same problems here was my fix:

First I disabled UFW, then reset iptables using the following command:

Code: Select all

$ sudo iptables -F

(make sure you do this at the machine and not remotely!)

Then I went to the sysctl.conf file and I un-commented the ipforward line.

Then I cancelled the two static routes that I had applied to my router (since a little research educated me and I figured out I didn't need them).

I changed the port back to the default port.

Then I reapplied the iptable commands and successfully made a connection and confirmed the vpn was passing traffic.

Then and only then did I re-applied the UFW and "Voila!"

Mods - can one of you mark this problem as solved since I am unfamiliar with this forum and don't know how.
Top
Post Reply

Return to “OpenVPN Connect (iOS)”