OpenVPN client connects but can't access internet

2

I setup an Openvpn server on a centos box and I can get the client to connect (osx) but can't access the internet or even the local network. I thought maybe DNS but couldn't access any sites via IP. Any help would be appreciated. I will list my config files below.

server.conf:::

port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS
#plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3


client.conf:::

client
dev tun
proto udp
remote My server IP 1194 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
auth-user-pass
comp-lzo
verb 3


ifconfig (client)::

    lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    options=3<RXCSUM,TXCSUM>
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
    inet 127.0.0.1 netmask 0xff000000 
    inet6 ::1 prefixlen 128 
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 10:40:f3:88:27:6c 
    inet6 fe80::1240:f3ff:fe88:276c%en0 prefixlen 64 scopeid 0x4 
    inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255
    media: autoselect
    status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
    ether 02:40:f3:88:27:6c 
    media: autoselect
    status: inactive
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    inet 10.8.0.6 --> 10.8.0.5 netmask 0xffffffff 
    open (pid 7494)

    ifconfig (server)::

eth0      Link encap:Ethernet  HWaddr 00:23:54:03:F2:BB
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::223:54ff:fe03:f2bb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:113530 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13376 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:25518343 (24.3 MiB)  TX bytes:1310138 (1.2 MiB)
          Interrupt:26 Base address:0xe000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:828 (828.0 b)  TX bytes:828 (828.0 b)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:397 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
centos
iptables
openvpn
asked on Server Fault Aug 26, 2013 by Fr0ntSight

5 Answers

1

In client box, do these testing:

1. Ping 10.8.0.1, if not ok check client/server firewall let ICMP can pass through, then we can debug deeply.
2. Ping 192.168.0.10, if not ok check:
    A. Client routing table, where the traffic goes while destination network is 192.168.0.0/24, it should go to 10.8.0.5/tun0
    B. Server sysctl net.ipv4.ip_forward, it should be 1.
    C. Server NAT/MASQUERADE with iptables.
3. Traceroute 8.8.8.8, if not ok check which hop stopped the traffic.
answered on Server Fault Aug 26, 2013 by Sunry • edited Aug 26, 2013 by Sunry
1

Firstly check that you can ping the OpenVPN Servers VPN Range IP, 10.8.0.1, assuming that is successful:

https://community.openvpn.net/openvpn/wiki/BridgingAndRouting

Follow the instructions under Using Routing, it assumes your internet connection is eth0, if it isn't change the value to your internet connections adapter identifier (ppp0, atm0) etc. It also assumes that your OpenVPN server is your main router for the internet connection.

answered on Server Fault Aug 26, 2013 by Aaron Tate • edited Aug 26, 2013 by Aaron Tate
1

Your IPTables are probably wrong. When I can connect to a OpenVPN node but can not access the internet and can ping locally, it is NAT issue.

See this for help: http://blog.solidshellsecurity.com/2013/01/15/openvpn-installation-configuration-setup-centos-5-6-32-64bit-openvz-xen-kvm/

answered on Server Fault May 17, 2014 by Jason
1

After configuring your OpenVPN server and client, there's one more thing which needs to be done: Add a route on each computer (or in your network's router) in the local network which is supposed to communicate with computers in the vpn network.

Example:

My home network is: 10.13.0.0/24
OpenVPN network is: 10.14.0.0/24

The OpenVPN server physical NIC is configured as: 10.13.0.1/24

The OpenVPN server vpn NIC is configured as: 10.14.0.1/24

When my client connects to the VPN it gets IP: 10.14.0.6/24 In order for the other computers on the 10.13.0.0/24 network (home computers) to be able to communicate with machines which are connected through vpn I had to add a specific route:

route add -net 10.14.0.0/24 gw 10.13.0.1 metric 1

This enables computers on the home network to communicate with computers on the OpenVPN network and vice versa.

In your case it will enable your network computers to communicate with the vpn computers.

I wrote a very detailed article on How to install and configure OpenVPN server and the above steps are described there, feel free to check it out... it may help you: How To: OpenVPN on CentOS

answered on Server Fault Jul 20, 2014 by Itai Ganot • edited Jul 20, 2014 by Itai Ganot
0

on windows, the client have to run as "Administrator" otherwise the routing will not work. I wonder if there is something similar on mac? what openvpn client (if any) do you use on the mac? have you tried to run with elevated permissions?

answered on Server Fault Mar 12, 2014 by Sverre

User contributions licensed under CC BY-SA 3.0