OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Openvpn connects but with no internet connection

https://forums.openvpn.net/viewtopic.php?t=17794

Page 1 of 1

Openvpn connects but with no internet connection

Posted: Sun Dec 21, 2014 9:32 pm
by tonyantony
Hello, I am trying to install an openvpn server on Centos6.6. I tried various installation and configuration guides but with no luck. When I am connected to vpn I have no internet connection.

For testing purposes before try it on my vps, I am working on vmware workstation with bridge mode networking and I am trying to connect to vpn using windows 7+openvpn client.

Centos IP Address: 10.10.10.59
OpenVPN IP range (default): 10.8.0.0/24
Network Gateway: 10.10.10.245

The problem is in routing.

Please I really need your help. I am trying to figure out what is the problem 3 days now.

The steps I followed:
> I added epel repository to install openvpn and easy-rsa
> I copied server.conf file from samples
> I have enabled push "redirect-gateway def1 bypass-dhcp" in /etc/openvpn/server.conf
> I have changed dhcp options push "dhcp-option DNS 8.8.8.8" and push "dhcp-option DNS 8.8.4.4" in /etc/openvpn/server.conf
>I generated keys and certificates
> I configured vars etc
> I generated diffie hellman keys
> I have edited /etc/openvpn/server.conf file to fix paths for dh key, ca.crt, server.crt and server.key
> I have built keys for client (./build-key client)
> I have enabled ip forwarding nano –w /etc/sysctl.conf to change net.ipv4.ip_forward = 1 and then sysctl -p
> I have also executed echo 1 > /proc/sys/net/ipv4/ip_forward
> I have added openvpn as a service 1) chkconfig --add openvpn 2) chkconfig openvpn on 3) service openvpn start

iptables (I tried various rules). The last rules I used:
>>iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
>>iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
>>iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
>>iptables -A INPUT -p udp --dport 1194 -j ACCEPT
>>iptables -A INPUT -i tun+ -j ACCEPT
>>iptables -A FORWARD -i tun+ -j ACCEPT
>>iptables -A OUTPUT -m state --state NEW -o eth0 -j ACCEPT
>>iptables -A FORWARD -m state --state NEW -o eth0 -j ACCEPT
>>iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>>iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT
>>iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
>>iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
>>iptables -A OUTPUT -o tun+ -j ACCEPT
>>service iptables save
>>service iptables restart

I don't know how and if I should edit routing table.
Current routing table values:

Code: Select all

10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
0.0.0.0         10.10.10.245    0.0.0.0         UG    0      0        0 eth0
server.conf

Code: Select all

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key  # This file should be kept secret
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
verb 3
client.ovpn

Code: Select all

client
dev tun
proto udp
remote 10.10.10.59 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
comp-lzo
verb 3
[hr]
I use device tun.

Code: Select all

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
      inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
      UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
      RX packets:349 errors:0 dropped:0 overruns:0 frame:0
      TX packets:164 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100 
      RX bytes:20751 (20.2 KiB)  TX bytes:14236 (13.9 KiB)

Re: Openvpn connects but with no internet connection

Posted: Mon Dec 22, 2014 11:48 am
by maikcat
some things to check:

post the output of sestatus on your linux server,
disable ALL firewall rules and leave only the NAT one,
post your client logs,
post the output of tracert 8.8.8.8 on your client.

Michael.

Re: Openvpn connects but with no internet connection

Posted: Tue Dec 23, 2014 10:56 am
by tonyantony
sestatus -v output

Code: Select all

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Process contexts:
Current context:                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Init context:                   system_u:system_r:init_t:s0
/sbin/mingetty                  system_u:system_r:getty_t:s0
/usr/sbin/sshd                  system_u:system_r:sshd_t:s0-s0:c0.c1023

File contexts:
Controlling term:               unconfined_u:object_r:user_devpts_t:s0
/etc/passwd                     system_u:object_r:etc_t:s0
/etc/shadow                     system_u:object_r:shadow_t:s0
/bin/bash                       system_u:object_r:shell_exec_t:s0
/bin/login                      system_u:object_r:login_exec_t:s0
/bin/sh                         system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0
/sbin/agetty                    system_u:object_r:getty_exec_t:s0
/sbin/init                      system_u:object_r:init_exec_t:s0
/sbin/mingetty                  system_u:object_r:getty_exec_t:s0
/usr/sbin/sshd                  system_u:object_r:sshd_exec_t:s0
I removed all iptables rules with the following script:

Code: Select all

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
and I added these rules (to allow all inbound connection, outbound connections and nat):

Code: Select all

iptables -I INPUT -j ACCEPT
iptables -I OUTPUT -o eth0 -d 0.0.0.0/0 -j ACCEPT
iptables -I INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
I'll come back with client logs and tracert output

Re: Openvpn connects but with no internet connection

Posted: Tue Dec 23, 2014 11:42 am
by maikcat
are you from greece?

ive noticed you are using as a nickname the lates tony antony actors name...

please set selinux to permissive while testing.

Michael.

Re: Openvpn connects but with no internet connection

Posted: Wed Dec 24, 2014 7:49 am
by tonyantony
yes from Greece! iptables did the trick. It is working! Thank you!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/