OpenVPN Support Forum

Posted: **Wed Aug 17, 2022 7:12 am**

Hi,
i set up an OpenVPN server on my Raspberry with this configuration:

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/XXXXXXXX_7d38a7eb-1694-4f2d-ba01-6a8a68d80186.crt
key /etc/openvpn/easy-rsa/pki/private/XXXXXXXX_7d38a7eb-1694-4f2d-ba01-6a8a68d80186.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.129.70.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device. 
#duplicate-cn
# Generated for use by PiVPN.io

and a client with this configuration (i deleted the personal informations such as the DNS name and the certificates/key):

Code: Select all

client
dev tun
proto udp
remote [DNS]
resolv-retry infinite
nobind
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspchri_7d38a7eb-1694-4f2d-ba01-6a8a68d80186 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
[CA_CERT]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
[CERT]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
[KEY]
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
[OPENVPN_STATI_KEY]
-----END OpenVPN Static key V1-----
</tls-auth>

The problem is the client can connect correclty to the VPN server and navigate the local network but it doesn't navigate the Internet

, when i try to open a web page i receive an error with the names resolution; in the server config file i set the parameters to set up the Google DNS on the client, but it seems not work.
Can anyone ehelp me understanding what i am doing wrong?
Thanks a lot in advance
Christian

Posted: **Wed Aug 17, 2022 9:10 am**

You are using pivpn to install your server, so it should work.

Try https://github.com/pivpn/pivpn/wiki/FAQ

Posted: **Wed Aug 17, 2022 9:32 am**

TinCanTech wrote: ↑
Wed Aug 17, 2022 9:10 am
You are using pivpn to install your server, so it should work.

Try https://github.com/pivpn/pivpn/wiki/FAQ

Yes, i followed the guide but it doesn't work on my PC and also on my smartphone

It seems all OK but it doesn't work...
With the tcpdump command in the guide (in my case

Code: Select all

tcpdump -n -i wlan0 udp port 1194

), i saw theare are a lot of packages from my client device to the server, but very verylittle packets from the server to the client device.... that's strange (192.168.1.2 it's my local IP of the server and 95.74.28.200 it'as my client device IP):

Code: Select all

root@raspchri:/home/pi# tcpdump -n -i wlan0 udp port 1194
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:28:09.153477 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:09.159663 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:09.433294 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:09.693237 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:09.923167 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:10.053565 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:10.059842 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:10.061236 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 85
11:28:10.061789 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:10.062140 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:10.195655 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:10.423332 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:10.423949 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:10.430094 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:10.523265 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:10.603391 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:10.693156 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:10.732883 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:10.943237 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:11.053145 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 105
11:28:11.073338 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:11.079844 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:11.080409 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:11.080805 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:11.156219 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:11.203094 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:11.453582 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:11.468086 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:11.613316 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:11.712843 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:11.963206 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:11.979237 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:11.979910 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:12.260028 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:12.270274 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:12.270589 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:12.274655 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:12.274702 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:12.287830 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:12.491072 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:12.733519 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:12.744266 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:12.882749 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:12.899888 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 93
11:28:12.900531 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 93
11:28:12.983505 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:12.990329 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:13.049223 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:13.092757 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:13.100937 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:13.101391 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:13.102285 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:13.253020 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:13.366167 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:13.366585 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 101
11:28:13.476136 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:13.476655 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:13.504134 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:13.561455 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:13.585014 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:13.633122 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:13.682818 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:13.913345 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:13.990140 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:14.053063 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:14.093298 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:14.283281 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:14.288966 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:14.289546 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:14.289787 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:14.291012 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:14.291748 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:14.292372 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:14.292449 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:14.580278 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:14.914603 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:14.915355 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:15.062604 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 85
11:28:15.062915 IP 192.168.1.2.1194 > 95.74.28.200.43341: UDP, length 40
11:28:15.171484 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:15.178905 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 92
11:28:15.383440 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:15.390539 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:15.923327 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:15.933222 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:16.003288 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:16.041450 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 105
11:28:16.071478 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:16.193301 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:16.323110 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:16.330177 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:16.330766 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:16.331174 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:16.331876 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:16.331941 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:16.332438 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:16.423098 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:16.430069 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:16.523105 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:16.583212 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 95
11:28:16.583831 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:16.795194 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:17.113588 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:17.370310 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:17.371067 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:17.371139 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:17.372009 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:17.611885 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:17.870370 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:17.910431 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 93
11:28:17.911526 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 93
11:28:17.960460 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:18.123415 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:18.213357 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:18.363265 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 101
11:28:18.433265 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:18.440179 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:19.140316 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:19.724344 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:20.083537 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 85
11:28:20.173453 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:20.180109 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:20.180855 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:20.181207 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:20.181545 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 92
11:28:20.688082 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:20.933525 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:21.050396 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 105
11:28:21.160307 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:21.299798 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:21.602129 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 95
11:28:22.240601 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:22.311436 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:22.473008 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:22.480150 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:22.480917 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:22.481526 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:22.910400 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 93
11:28:22.910762 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 93
11:28:23.229549 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:23.397631 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 101
11:28:24.003407 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:24.350313 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:25.070316 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 85
11:28:25.188511 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 92
11:28:25.283360 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:25.550179 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:25.550967 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:25.551585 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:25.552250 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:25.792135 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:26.050830 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 105
11:28:26.051239 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 84
11:28:26.123992 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 1284
11:28:26.580548 IP 95.74.28.200.43341 > 192.168.1.2.1194: UDP, length 95

Posted: **Wed Aug 17, 2022 9:51 am**

I did a test:
i replaced the line

Code: Select all

push "redirect-gateway def1"

in /etc/openvpn/server.conf with

Code: Select all

push "route 192.168.1.0 255.255.255.0"

, restarted the service and the tried again...
It seems now it is working from my smartphone, i can access the internet from herebut it doens't work on my PC (and i don't know why, the server configuration is the same from all the client device)...

Posted: **Wed Aug 17, 2022 9:55 am**

Your change has basically disabled your VPN.

If you want to learn how your VPN works then you need to start with the Openvpn Howto.

But first, I suggest you do as pivpn ask and provide them with the debug information.

Posted: **Wed Aug 17, 2022 10:32 am**

TinCanTech wrote: ↑
Wed Aug 17, 2022 9:55 am
Your change has basically disabled your VPN.

If you want to learn how your VPN works then you need to start with the Openvpn Howto.

But first, I suggest you do as pivpn ask and provide them with the debug information.

I didn't understand where i have to open a new issue/topic...

Posted: **Wed Aug 17, 2022 11:32 am**

TinCanTech wrote: ↑
Wed Aug 17, 2022 9:10 am
You are using pivpn to install your server, so it should work.

Try https://github.com/pivpn/pivpn/wiki/FAQ

That link. ^

You must read the information provided.

Posted: **Wed Aug 17, 2022 12:19 pm**

Follow-up-set-to: https://github.com/pivpn/pivpn/issues/1590

OpenVPN Support Forum

Client doesn't resolve DNS!

Client doesn't resolve DNS!

Re: Client doesn't resolve DNS!

Re: Client doesn't resolve DNS!

Re: Client doesn't resolve DNS!

Re: Client doesn't resolve DNS!

Re: Client doesn't resolve DNS!

Re: Client doesn't resolve DNS!

Re: Client doesn't resolve DNS!