Page 1 of 1

Connection to server success but no internet

Posted: Thu Sep 17, 2015 8:29 pm
by vividou
Hello,

I want to install OpenVPN on my Raspberry Pi 2.

Using the following tutorial http://readwrite.com/2014/04/10/raspber ... b-browsing with some slight modifications, I have managed to install an OpenVPN on a Raspbian. It is working well, I can connect to the server and surf the Internet through the VPN.
Now, I want to install it on a Archlinux (for PI2). I have followed the same tutorial and used the same configuration files as for Raspbian (presented bellow). I can connect to the server but I cannot surf the Internet.
Each time I try to open a web page the log file shows the message MULTI: bad source address from client [....], packet dropped.

I don't understand why the config is working with one distro and not with the other. I have read several post presenting the problem but so far have no clue how to solve the problem...


Here are the configurations:
  • serve.conf:

Code: Select all

port 1194
proto udp
dev tun

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/rasp_server.crt
key /etc/openvpn/easy-rsa/keys/rasp_server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"

duplicate-cn
keepalive 10 120

tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC   # AES
comp-lzo
max-clients 10

user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log

log openvpn.log

verb 5
  • client.conf:

Code: Select all

client
dev tun
proto udp
remote XX.XX.XX.XX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
  • and I have enable forwarding with:

Code: Select all

net.ipv4.ip_forward=1
  • and allow the routing on firewall (this is different from the tutorial):

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Re: Connection to server success but no internet

Posted: Fri Sep 18, 2015 11:23 pm
by Traffic
vividou wrote:Each time I try to open a web page the log file shows the message MULTI: bad source address from client [....], packet dropped.
https://community.openvpn.net/openvpn/w ... rt-failedq

// Your client Source address is unknown to your server.

Re: Connection to server success but no internet

Posted: Sat Sep 19, 2015 4:19 pm
by vividou
Why would it be different between Raspbian and Archlinux ARM?

Maybe I am wrong but creating the file suggested in he howto supposes the client IP does not change, no? I would prefer dhcp one.

Re: Connection to server success but no internet

Posted: Mon Sep 21, 2015 10:08 am
by Traffic
vividou wrote:Each time I try to open a web page the log file shows the message MULTI: bad source address from client [....], packet dropped.
Using DHCP for your client is ok and you can still setup the solution above if the Arch machine is always in the same network. If you use it in a new location (eg: coffee shop etc) then you cannot guarantee the client LAN IP address and so that solution will not necessarily work .. But in that case, the "packet dropped" messages can be safely ignored.
vividou wrote:Now, I want to install it on a Archlinux (for PI2). <snip> I can connect to the server but I cannot surf the Internet.
According to the details you have posted, this suggests that this machine is using your LAN IP address as the source address (eg: 192.168.x.x) not the VPN IP address (eg: 10.8.0.6) while trying to browse the internet over the VPN. On archlinux you can use tcpdump to see the packets that pass over your VPN and verify this. If this is the case, you must configure archlinux to bind to the VPN IP address to send packets over the VPN.
vividou wrote:Why would it be different between Raspbian and Archlinux ARM?
All Linux Distros are different ..