OpenVPN client connects but no internet access, even though I masquerade
Finally found the problem and the solution, I saw this message in journalctl -xe
for (openvpn server logs)
client/__MYPUBLICHOMEIP__:39661 IP packet with unknown IP version=15 seen
Then I realized on my client default configuration compression was enabled but the server side the compression was not enabled.
uncommenting this line in the openvpn server's conf fixed the problem:
comp-lzo
Related videos on Youtube
Medya
Master of Computer science from DePaul University, Chicago. Author of multiple open source projects such as Winnaker for Spinnaker, and K8Guard for Kubernetes. Started Programming life with Pascal on 80286 all the way to GoLang on core i7.
Updated on September 18, 2022Comments
-
Medya over 1 year
I installed openvpn server at home on centos 7. using digital ocean doc.
ip route
showed my server's network interface is ens32. so I added a rule to iptables to forward routing to OpenVPN subnetiptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens32 -j MASQUERADE
I also have google's DNS in my server config.
push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
and I also configured the server to tell the clients to redirect all traffic through the OpenVPN.
push "redirect-gateway def1 bypass-dhcp"
and I am doing this at home internet, so on the router I did port forwarding on openvpn's port.
on my android phone, the openvpn client app successfully logs in to the server and it gets a private ip (10.8.0.6) and it shows a few KB been sent and received, and it is green and happy ! but it can NOT access internet.
I have been trying so many different things, I have no idea why it can't access internet.
the openvpn server itself I checked by
curl google.com
that it does have access to internet.any idea?
-
Michal Sokolowski over 6 yearsFull configs? Logs? Route tables?
-
Medya over 6 years@MichalSokolowski I didnt change anything else other than the ones I posted above, (plus I enbabled ipv4 forwarding)
-
Medya over 6 years@MichalSokolowski here is my full server config anyways gist.github.com/medyagh/3dba362436fc8e1b0e7cbd7e4d20a45b
-
Medya over 6 years@MichalSokolowski this is my client ovpn without the actual keys gist.github.com/medyagh/a19be7cd3318803cf93bb1bfabb80a57
-
Medya over 6 yearsthe only thing I see in the journalctl -xe is
client/MYPUBLICHOMEIP:39661 IP packet with unknown IP version=15 seen
-
Michal Sokolowski over 6 years@Madya, as a sysadmin with almost decade experience with OpenVPN; networking problems are hard to diagnose remotely in the first place, without full picture it's almost impossible or it'd take too much time. I won't be able to help without it. Possibly others too.
-
Michal Sokolowski over 6 years@Madya, See? Power of the logs. With verb 3 you had direct clue for sure in OpenVPN's client log that compression option was different on the server side.
-
Medya over 6 yearsLet us continue this discussion in chat.
-