OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Connection OK, but cannot reach services

https://forums.openvpn.net/viewtopic.php?t=35837

Page 1 of 1

Connection OK, but cannot reach services

Posted: Wed Jun 14, 2023 9:15 am
by jlgarnier
Dear Community,

I just installed the latest version of the Win11 client (3.3.7) and managed to connect to the VPN server. Unfortunately I can't reach the expected services, even ping them! How can I troubleshoot this (could be a DNS error maybe)?

Thanks in advance for any hint!

Re: Connection OK, but cannot reach services

Posted: Sun Jun 18, 2023 12:27 pm
by never-stop-learning
hey, please share how you reach the expected services, is it via Domain Name?
What is your VPN server, is it installed in Linux OS or a Router/Firewall?

a traceroute and nslookup results would give us some idea about It.

Re: Connection OK, but cannot reach services

Posted: Sun Jun 18, 2023 3:56 pm
by jlgarnier
Hi,
I'm trying to reach the service by its URL service.mydomain.lan. Others services are fully accessible, such as microsoft.com. Tracert and nslookup both fail resolving the domain name. I've found out that everything works fine when I disable the firewall (MS Defender), although OpenVPN has all requested authorizations...
I suppose the VPN server is installed on a Debian server.
Thanks for your help!

Re: Connection OK, but cannot reach services

Posted: Mon Jun 26, 2023 7:08 am
by jlgarnier
Hi,

Any clue with the provided information? Is there any chance I can get OpenVPN working on my Windows machine?

Thanks in advance for any help!

Re: Connection OK, but cannot reach services

Posted: Wed Jul 12, 2023 8:03 am
by jlgarnier
Trying to revive this topic... Did anyone encounter issues with Defender w/ OpenVPN?

Thanks in advance for any help!

Re: Connection OK, but cannot reach services

Posted: Fri Jul 28, 2023 6:52 am
by jlgarnier
Hi all,

Here's a bit of additional information. I've read https://openvpn.net/vpn-server-resource ... -problems/ and performed some additional tests. For all tests, I've kept MS Defender ON and my antivirus (Kaspersky) OFF.

VPN connection OFF
ipconfig /all

Code: Select all

Carte inconnue Connexion au réseau local :

   Statut du média. . . . . . . . . . . . : Média déconnecté
   Suffixe DNS propre à la connexion. . . :
   Description. . . . . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
   Adresse physique . . . . . . . . . . . : 00-FF-42-73-30-C0
   DHCP activé. . . . . . . . . . . . . . : Non
   Configuration automatique activée. . . : Oui

Carte Ethernet Ethernet :

   Suffixe DNS propre à la connexion. . . : box.freepro.com
   Description. . . . . . . . . . . . . . : USB Dock Ethernet
   Adresse physique . . . . . . . . . . . : 80-6D-97-53-6E-3A
   DHCP activé. . . . . . . . . . . . . . : Oui
   Configuration automatique activée. . . : Oui
   Adresse IPv6 de liaison locale. . . . .: fe80::b44c:8c8d:1d2c:53a%17(préféré)
   Adresse IPv4. . . . . . . . . . . . . .: 192.168.1.58(préféré)
   Masque de sous-réseau. . . . . . . . . : 255.255.255.0
   Bail obtenu. . . . . . . . . . . . . . : vendredi 28 juillet 2023 08:09:01
   Bail expirant. . . . . . . . . . . . . : vendredi 28 juillet 2023 20:09:01
   Passerelle par défaut. . . . . . . . . : fe80::72fc:8fff:fe93:c2f8%17, 192.168.1.254
   Serveur DHCP . . . . . . . . . . . . . : 192.168.1.254
   IAID DHCPv6 . . . . . . . . . . . : 394292631
   DUID de client DHCPv6. . . . . . . . : 00-01-00-01-2A-61-EF-8F-9C-EB-E8-29-AF-3D
   Serveurs DNS. . .  . . . . . . . . . . : 8.8.8.8, 192.168.1.254
   NetBIOS sur Tcpip. . . . . . . . . . . : Activé
   Liste de recherche de suffixes DNS propres à la connexion :  box.freepro.com
  • DNS servers are those configured at my router level (8.8.8.8, 192.168.1.254), gateway = router.
  • The laptop internal IP address is determined by the embedded DHCP server, the external IP address is my router's one: OK.
  • nslookup myservice.lan queries dns.google and fails.
VPN connection ON
ipconfig /all

Code: Select all

Carte inconnue Connexion au réseau local :

   Suffixe DNS propre à la connexion. . . : 
   Description. . . . . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
   Adresse physique . . . . . . . . . . . : 00-FF-42-73-30-C0
   DHCP activé. . . . . . . . . . . . . . : Non
   Configuration automatique activée. . . : Oui
   Adresse IPv6 de liaison locale. . . . .: fe80::7abd:ef85:41e3:743c%12(pr‚f‚r‚) 
   Adresse IPv4. . . . . . . . . . . . . .: 10.20.0.6(pr‚f‚r‚) 
   Masque de sous-réseau. . . . . . . . . : 255.255.255.252
   Passerelle par défaut. . . . . . . . . : 
   IAID DHCPv6 . . . . . . . . . . . : 268500802
   DUID de client DHCPv6. . . . . . . . : 00-01-00-01-2A-61-EF-8F-9C-EB-E8-29-AF-3D
   Serveurs DNS. . .  . . . . . . . . . . : 10.20.0.1, 208.67.220.220
   NetBIOS sur Tcpip. . . . . . . . . . . : Activé

Carte Ethernet Ethernet :

   Suffixe DNS propre à la connexion. . . : box.freepro.com
   Description. . . . . . . . . . . . . . : USB Dock Ethernet
   Adresse physique . . . . . . . . . . . : 80-6D-97-53-6E-3A
   DHCP activé. . . . . . . . . . . . . . : Oui
   Configuration automatique activée. . . : Oui
   Adresse IPv6 de liaison locale. . . . .: fe80::25fc:c298:1537:1738%17(pr‚f‚r‚) 
   Adresse IPv4. . . . . . . . . . . . . .: 192.168.1.58(pr‚f‚r‚) 
   Masque de sous-réseau. . . . . . . . . : 255.255.255.0
   Bail obtenu. . . . . . . . . . . . . . : jeudi 27 juillet 2023 08:18:56
   Bail expirant. . . . . . . . . . . . . : vendredi 28 juillet 2023 02:19:06
   Passerelle par défaut. . . . . . . . . : fe80::72fc:8fff:fe93:c2f8%17, 192.168.1.254
   Serveur DHCP . . . . . . . . . . . . . : 192.168.1.254
   IAID DHCPv6 . . . . . . . . . . . : 394292631
   DUID de client DHCPv6. . . . . . . . : 00-01-00-01-2A-61-EF-8F-9C-EB-E8-29-AF-3D
   Serveurs DNS. . .  . . . . . . . . . . : 8.8.8.8, 192.168.1.254
   NetBIOS sur Tcpip. . . . . . . . . . . : Activé
   Liste de recherche de suffixes DNS propres à la connexion : box.freepro.com
  • DNS servers are those configured at the Access Server level (10.20.0.1, 208.67.220.220), no gateway
  • The laptop internal IP address is determined by the Access Server, the external address is the Access Server's one: OK.
  • The first nslookup myservice.lan returns the correct IP address.
  • ping or trying to open the corresponding website both fail, and a second nslookup command returns "Server failed": STRANGE.
I'm therefore wondering whether the issue lies with the laptop or the VPN server... Could anyone help narrow the scope?

Thanks in advance for any help!

Re: Connection OK, but cannot reach services

Posted: Wed Aug 30, 2023 8:35 am
by jlgarnier
Hi all,

Trying to revive the post... I've checked that:
- Setting MS Defender to OFF doesn't change anything.
- Once the VPN is open, I'm able to ping the internal DNS servers configured with OpenVPN.
- But pinging the private site returns "not resolved"...

What else could I try to narrow the troubleshooting scope?

Thanks in advance for any help!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/