Suddenly everything is broken

Use this forum to share your VPN or network disasters. Show diagrams, traffic graphs, or whatever else you need (a video of you letting the 'smoke' out of our network gear).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
nathanh0
OpenVpn Newbie
Posts: 1
Joined: Thu Mar 28, 2019 12:55 am

Suddenly everything is broken

Post by nathanh0 » Thu Mar 28, 2019 1:14 am

Ok so first off: Hi, my first post; thank you for OpenVPN :) <3

Second!

Everything was working for a good 3 months and suddenly stopped last night when I logged in to the VPN Server to add a new user.

How I started: I followed a setup guide from Digital Ocean Ubuntu 18 OpenVPN setup. I went as far as making a script to create new OVPN files (crt/key) by coworker names.

What the setup is all about: Pushing routes (domain names) using the allow pull fqdn option in client.

Is this a private network?: Yes, it's not a full VPN takeover (the user gets to keep their internet, this just routes their traffic of our company domains through OpenVPN so they all come from a firewall accepted IP Address (VPN IP)).

Where am I stuck?:

It seems like the gateway or something is not allowing traffic through. It feels like it's denying my traffic completely.

So for example, I had to turn off the firewalls on the sites I was protecting with VPN so our developers could get into them again, but if I turn on the VPN they can't even reach those sites.

So the VPN being connected will prevent you from accessing a site that's public which we're routing you through with the VPN. So this means that VPN is pushing routes, but nothing is making it through. It's doing the exact opposite of what I want even while the sites are public (no firewall).

Of course - Turning off the VPN I can get to those public sites originally pushed from the VPN.

This is running on Digital Ocean. If anyone knows why the server may have turned off after 3 months let me know.

OPEN VPN SERVER CONFIGURATION
[oconf=]
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route jenkins.redacted.co"
push "route ui.redacted.co"
push "route api-docs.redacted.co"
push "route staging.redacted.io"
push "route develop.redacted.co"
push "route admin.redacted.co"
push "route wire.redacted.co"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
cipher AES-256-CBC
auth SHA256
max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1
[/oconf]
Top
Post Reply

Return to “Doh!”