OpenVPN client connects but no internet access, even though I masquerade

iptables openvpn port-forwarding
6,481

Finally found the problem and the solution, I saw this message in journalctl -xe for (openvpn server logs)

client/__MYPUBLICHOMEIP__:39661 IP packet with unknown IP version=15 seen

Then I realized on my client default configuration compression was enabled but the server side the compression was not enabled.

uncommenting this line in the openvpn server's conf fixed the problem:

comp-lzo

Share:
6,481

Related videos on Youtube

Medya
Author by

Medya

Master of Computer science from DePaul University, Chicago. Author of multiple open source projects such as Winnaker for Spinnaker, and K8Guard for Kubernetes. Started Programming life with Pascal on 80286 all the way to GoLang on core i7.

Updated on September 18, 2022

Comments

  • Medya
    Medya over 1 year

    I installed openvpn server at home on centos 7. using digital ocean doc.

    ip route showed my server's network interface is ens32. so I added a rule to iptables to forward routing to OpenVPN subnet

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens32 -j MASQUERADE

    I also have google's DNS in my server config.

    push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"

    and I also configured the server to tell the clients to redirect all traffic through the OpenVPN.

    push "redirect-gateway def1 bypass-dhcp"

    and I am doing this at home internet, so on the router I did port forwarding on openvpn's port.

    on my android phone, the openvpn client app successfully logs in to the server and it gets a private ip (10.8.0.6) and it shows a few KB been sent and received, and it is green and happy ! but it can NOT access internet.

    I have been trying so many different things, I have no idea why it can't access internet.

    the openvpn server itself I checked by curl google.com that it does have access to internet.

    any idea?

    • Michal Sokolowski
      Michal Sokolowski over 6 years
      Full configs? Logs? Route tables?
    • Medya
      Medya over 6 years
      @MichalSokolowski I didnt change anything else other than the ones I posted above, (plus I enbabled ipv4 forwarding)
    • Medya
      Medya over 6 years
      @MichalSokolowski here is my full server config anyways gist.github.com/medyagh/3dba362436fc8e1b0e7cbd7e4d20a45b
    • Medya
      Medya over 6 years
      @MichalSokolowski this is my client ovpn without the actual keys gist.github.com/medyagh/a19be7cd3318803cf93bb1bfabb80a57
    • Medya
      Medya over 6 years
      the only thing I see in the journalctl -xe is client/MYPUBLICHOMEIP:39661 IP packet with unknown IP version=15 seen
    • Michal Sokolowski
      Michal Sokolowski over 6 years
      @Madya, as a sysadmin with almost decade experience with OpenVPN; networking problems are hard to diagnose remotely in the first place, without full picture it's almost impossible or it'd take too much time. I won't be able to help without it. Possibly others too.
    • Michal Sokolowski
      Michal Sokolowski over 6 years
      @Madya, See? Power of the logs. With verb 3 you had direct clue for sure in OpenVPN's client log that compression option was different on the server side.
    • Medya
      Medya over 6 years

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Forward port to OpenVPN Client
OpenVPN won't connect from remote location
openvpn port forwarding for SNAT or DNAT with Iptables?
Port forwarding with OpenVPN
Port forwarding through OpenVPN
port forwarding to application in network namespace with vpn
Port forward to VPN Client?
how to access openvpn outside my LAN
Port forwarding between bridged interfaces
forward packets from one interface to another interface using iptables