OVPN on GCP and Android - No Internet

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
sancho79
OpenVpn Newbie
Posts: 1
Joined: Sat Nov 09, 2019 3:39 pm

OVPN on GCP and Android - No Internet

Post by sancho79 » Sat Nov 09, 2019 4:23 pm

First of all.. sorry for beeing a noob.
Second: Thanks for your help despite that.

I have set up a server on Google cloud Platform. There I have installed openvpn. I have also installed OVPN on my Android phone. It worked for a while, but then all of a sudden it stopped. I have made no changes on the config or network though. And I do not get it back to work even though I have reinstalled the whole setup.

I have contacted google, and they say the server and its internet connection work fine, it must be a problem with the openvpn setup.

I can connect to the server. But I have no (more) connection to the internet. I have looked the web, but havent found a solution yes. Maybe, you can help me?!

I hope I post all the needed information. Otherwise, please let me know, what is missing. Thanks!

server conf
local 10.156.0.2
port 443
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify


client config
client
dev tun
proto udp
remote 35.207.130.57 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
<ca>


android log


16:20:59.458 -- ----- OpenVPN Start -----

16:20:59.459 -- EVENT: CORE_THREAD_ACTIVE trans=TO_DISCONNECTED

16:20:59.462 -- OpenVPN core 3.git::728733ae:Release android arm64 64-bit PT_PROXY built on Aug 14 2019 14:13:26

16:20:59.463 -- Frame=512/2048/512 mssfix-ctrl=1250

16:20:59.464 -- UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
11 [ignore-unknown-option] [block-outside-dns]
12 [block-outside-dns]
13 [verb] [3]

16:20:59.465 -- EVENT: RESOLVE trans=TO_DISCONNECTED

16:20:59.468 -- Contacting 35.207.130.57:443 via UDP

16:20:59.468 -- EVENT: WAIT trans=TO_DISCONNECTED

16:20:59.489 -- Connecting to [35.207.130.57]:443 (35.207.130.57) via UDPv4

16:20:59.511 -- EVENT: CONNECTING trans=TO_DISCONNECTED

16:20:59.547 -- Tunnel Options:V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client

16:20:59.549 -- Creds: UsernameEmpty/PasswordEmpty

16:20:59.551 -- Peer Info:
IV_GUI_VER=OC30Android
IV_VER=3.git::728733ae:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1


16:20:59.576 -- VERIFY OK : depth=1
cert. version : 3
serial number : 8B:8F:4B:FD:2A:0E:56:EE
issuer name : CN=ChangeMe
subject name : CN=ChangeMe
issued on : 2019-11-09 14:00:00
expires on : 2029-11-06 14:00:00
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign


16:20:59.582 -- VERIFY OK : depth=0
cert. version : 3
serial number : 2F:E0:81:7A:E5:B0:E5:04:63:30:6C:5D:72:B8:A5:E2
issuer name : CN=ChangeMe
subject name : CN=server
issued on : 2019-11-09 14:00:00
expires on : 2029-11-06 14:00:00
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication


16:20:59.696 -- SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

16:20:59.699 -- Session is ACTIVE

16:20:59.700 -- EVENT: GET_CONFIG trans=TO_DISCONNECTED

16:20:59.711 -- Sending PUSH_REQUEST to server...

16:20:59.714 -- OPTIONS:
0 [redirect-gateway] [def1] [bypass-dhcp]
1 [dhcp-option] [DNS] [8.8.8.8]
2 [dhcp-option] [DNS] [8.8.4.4]
3 [route-gateway] [10.8.0.1]
4 [topology] [subnet]
5 [ping] [10]
6 [ping-restart] [120]
7 [ifconfig] [10.8.0.2] [255.255.255.0]
8 [peer-id] [1]
9 [cipher] [AES-256-GCM]


16:20:59.715 -- PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA512
compress: NONE
peer ID: 1

16:20:59.715 -- EVENT: ASSIGN_IP trans=TO_DISCONNECTED

16:20:59.797 -- TunPersist: saving tun context:
Session Name: 35.207.130.57
Layer: OSI_LAYER_3
Remote Address: 35.207.130.57
Tunnel Addresses:
10.8.0.2/24 -> 10.8.0.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 BYPASS_DHCP IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
DNS Servers:
8.8.8.8
8.8.4.4
Search Domains:


16:20:59.801 -- Connected via tun

16:20:59.836 -- EVENT: CONNECTED info='35.207.130.57:443 (35.207.130.57) via /UDPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]'

16:26:37.527 -- Session invalidated: KEEPALIVE_TIMEOUT

16:26:37.532 -- Client terminated, restarting in 2000 ms...

16:26:39.572 -- EVENT: RECONNECTING trans=TO_DISCONNECTED

16:26:39.577 -- Contacting 35.207.130.57:443 via UDP

16:26:39.578 -- EVENT: WAIT

16:26:39.585 -- Connecting to [35.207.130.57]:443 (35.207.130.57) via UDPv4

16:26:39.615 -- EVENT: CONNECTING

16:26:39.620 -- Tunnel Options:V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client

16:26:39.622 -- Creds: UsernameEmpty/PasswordEmpty

16:26:39.625 -- Peer Info:
IV_GUI_VER=OC30Android
IV_VER=3.git::728733ae:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1


android log part 2
16:26:39.702 -- VERIFY OK : depth=1
cert. version : 3
serial number : 8B:8F:4B:FD:2A:0E:56:EE
issuer name : CN=ChangeMe
subject name : CN=ChangeMe
issued on : 2019-11-09 14:00:00
expires on : 2029-11-06 14:00:00
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign


16:26:39.705 -- VERIFY OK : depth=0
cert. version : 3
serial number : 2F:E0:81:7A:E5:B0:E5:04:63:30:6C:5D:72:B8:A5:E2
issuer name : CN=ChangeMe
subject name : CN=server
issued on : 2019-11-09 14:00:00
expires on : 2029-11-06 14:00:00
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication


16:26:39.823 -- SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

16:26:39.824 -- Session is ACTIVE

16:26:39.825 -- EVENT: GET_CONFIG

16:26:39.831 -- Sending PUSH_REQUEST to server...

16:26:39.835 -- OPTIONS:
0 [redirect-gateway] [def1] [bypass-dhcp]
1 [dhcp-option] [DNS] [8.8.8.8]
2 [dhcp-option] [DNS] [8.8.4.4]
3 [route-gateway] [10.8.0.1]
4 [topology] [subnet]
5 [ping] [10]
6 [ping-restart] [120]
7 [ifconfig] [10.8.0.2] [255.255.255.0]
8 [peer-id] [1]
9 [cipher] [AES-256-GCM]


16:26:39.836 -- PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA512
compress: NONE
peer ID: 1

16:26:39.837 -- TunPersist: reused tun context
16:26:39.837 -- Connected via tun
16:26:39.852 -- EVENT: CONNECTED info='35.207.130.57:443 (35.207.130.57) via /UDPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]' trans=TO_CONNECTED
16:28:37.532 -- EVENT: CORE_THREAD_INACTIVE trans=TO_DISCONNECTED
16:28:37.534 -- Tunnel bytes per CPU second: 0
16:28:37.535 -- ----- OpenVPN Stop -----


Post Reply