OpenVPN Support Forum

Posted: **Wed Aug 19, 2015 4:46 pm**

Hi,

I managed to install a openvpn server in a raspberry pi 2.
Everything is OK, I can access Internet in Android and Ubuntu though the VPN but I cannot connect to my own websites which are in the same raspberry. If I connect those websites without the VPN they works but through the VPN it redirects me to my router configuration Web.

My server.conf is

Code: Select all

local 192.168.1.112
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem                                     user nobody
group nogroup
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
# SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS,
# AND MAKE SURE THE SUBNET IS CORRECT
push "route 192.168.1.112 255.255.255.0"
# This should match your router address and not need to be changed.
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
#push "dhcp-option DNS 192.168.1.1"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original
push "redirect-gateway def1"
#ifconfig-pool-persist ipp.txt
client-to-client
duplicate-cn
keepalive 10 120
#tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
#cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1

My client code

Code: Select all

dev tun
client
proto udp
remote mywebsite.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3

My firewall rules in /etc/rc.local

Code: Select all

iptables -t nat -A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 192.168.1.112

If I comment push "redirect-gateway def1" I can access my websites but the IP is my local IP, not the VPN IP.

Does anyone know how the bypass or redirect websites to local IP or something similar to be able to access my websites?

Thanks in advance.

Posted: **Thu Aug 20, 2015 1:18 pm**

There are many errors here:

Remove all this from your server:
magarto wrote:# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
# SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS,
# AND MAKE SURE THE SUBNET IS CORRECT
push "route 192.168.1.112 255.255.255.0"
# This should match your router address and not need to be changed.
Add this to your server:
Code: Select all
```
push "route 192.168.1.0 255.255.255.0" # Note: .0 not .112
```
Delete ALL your iptables rules permanently !

Add this rule only! to iptables:
Code: Select all
```
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
```
Note: This presumes your server has eth0 as LAN NIC .. check ifconfig for details.

Also,
- NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
You are advised to change your server LAN to a more unique RFC1918 compliant subnet. f.e 192.168.143.0/24

Also, ensure IP forwarding is enabled on your server.

Posted: **Thu Aug 20, 2015 3:31 pm**

Thank you very much. I will try it in an hour.

Posted: **Thu Aug 20, 2015 4:15 pm**

I tried but I when entering my websites it still redirects to the router configuration Web.

Posted: **Thu Aug 20, 2015 8:38 pm**

The most weird thing is that one of my websites works, I can open it if I am connecting to the VPN but not with the others.

Posted: **Thu Aug 20, 2015 9:00 pm**

I don't know why but now it works. I deleted cache in Firefox and also added ip redirection in /etc/hosts in the raspberry and now it works.
Thank you very much!

Posted: **Thu Aug 20, 2015 9:04 pm**

Sorry, I was wrong, it works in a laptop connected to the VPN but not in Android (both smartphone and tablet). I don't know why in Android it is not working but it works in the laptop.

Posted: **Fri Aug 21, 2015 6:28 pm**

Any help?

Posted: **Sun Aug 23, 2015 3:58 pm**

It is not a fix, but with the app "OpenVPN for Android" I can exclude my websites traffic to be redirected to the tunnel.

OpenVPN Support Forum

[HELP] Cannot connect to my own webs

[HELP] Cannot connect to my own webs

Re: [HELP] Cannot connect to my own webs

Re: [HELP] Cannot connect to my own webs

Re: [HELP] Cannot connect to my own webs

Re: [HELP] Cannot connect to my own webs

Re: [HELP] Cannot connect to my own webs

Re: [HELP] Cannot connect to my own webs

Re: [HELP] Cannot connect to my own webs

Re: [HELP] Cannot connect to my own webs