OpenVPN Client timing out

routing networking vpn vps openvpn
5,064

So, what you are missing in your conf is - Routing.

The entry like this:

;push "route 192.168.10.0 255.255.255.0"

is commented into your config file. That explains why you are getting the IP but not able to ping, as there is no route information in your config file.

Uncomment this line and replace the IP information with the IP of your gateway where you are running the openvpn server.

Once you do that, your problem should be fixed.

Share:
5,064

Related videos on Youtube

Austin
Author by

Austin

Updated on September 18, 2022

Comments

  • Austin
    Austin almost 2 years

    I recently installed OpenVPN on my Ubuntu VPS. Whenenver I try to connect to it, I can establish a connection just fine.

    However, everything I try to connect to times out.

    If I try to ping something, it will resolve the IP, but will time out after resolving the IP. (So DNS Server seems to be working correctly)

    My server.conf has this relevant information (At least I think it's relevant. I'm not sure if you need more or not)

    port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
;push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
comp-lzo
persist-key
persist-tun
status openvpn-status.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3

    I've tried on multiple computers by the way. The same result on all of them.

    What could be wrong?

    Thanks in advance, and if you need other information I'll gladly post it.

    Information for new comments

    root@vps:~# iptables -L -n -v
Chain INPUT (policy ACCEPT 862K packets, 51M bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain FORWARD (policy ACCEPT 3 packets, 382 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
 4641  298K ACCEPT     all  --  *      *       10.8.0.0/24          0.0.0.0/0   
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 1671K packets, 2378M bytes)
 pkts bytes target     prot opt in     out     source               destination

    And

    root@vps:~# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 17937 packets, 2013K bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain POSTROUTING (policy ACCEPT 8975 packets, 562K bytes)
 pkts bytes target     prot opt in     out     source               destination 
 1579  103K SNAT       all  --  *      *       10.8.0.0/24          0.0.0.0/0           to:SERVERIP

Chain OUTPUT (policy ACCEPT 8972 packets, 562K bytes)
 pkts bytes target     prot opt in     out     source               destination
    • Napster_X
      Napster_X over 11 years
      Can you please paste the complete server.conf here.
    • Dom
      Dom over 11 years
      Could you check that the routing is activated on your server ? Is the NAT correctely configured ? If there is no nat, could you check your back route too ?
    • MadHatter
      MadHatter over 11 years
      My suspicion is the NAT, too; could we see the outputs of iptables -L -n -v and iptables -t nat -L -n -v?
    • Austin
      Austin over 11 years
      @MadHatter I posted the outputs of what I think it is you want.
    • MadHatter
      MadHatter over 11 years
      Grumble. Not the NAT, then (well done you). Could we also get the output of cat /proc/sys/net/ipv4/ip_forward?
    • Austin
      Austin over 11 years
      @MadHatter The output is just 1, which I believe means it's forwarding correct?
    • Austin
      Austin over 11 years
      @MadHatter I have tried to change that line to any IP I believe could be the gateway, and it doesn't seem to matter.
    • zordor
      zordor over 11 years
      Just one question are you trying to establish this tunnel to China?
    • Austin
      Austin over 11 years
      @zordor No, It's in Romania. And MadHatter I'll get the logs posted soon.
    • user2423302
      user2423302 over 11 years
      What is your exact SNAT rule? Can you iptables -t nat -F and try: iptables -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
    • grs
      grs over 11 years
      You said it happens on everything you connect to. Seems to me that it may be networking issue. Did you try echo "550" >> /proc/sys/net/ipv4/tcp_keepalive_time?
  • Austin
    Austin over 11 years
    How exactly would I find this? Is it just a matter of doing an ifconfig? Thanks
  • Napster_X
    Napster_X over 11 years
    Yes, on your gateway.
  • Napster_X
    Napster_X over 11 years
    That's bad. Let me see if there could be anything else.
  • Napster_X
    Napster_X over 11 years
    Can you check the value for ip forwarding in your machine. Use this command: # sudo sysctl -a | grep net.ipv4.ip_forward
  • Austin
    Austin over 11 years
    I think it's the same value MadHatter was asking for before, but here's the output. root@vps:~# sudo sysctl -a | grep net.ipv4.ip_forward error: permission denied on key 'vm.compact_memory' error: permission denied on key 'net.ipv4.route.flush' error: permission denied on key 'net.ipv4.route.flush' net.ipv4.ip_forward = 1 error: permission denied on key 'net.ipv6.route.flush'
  • Napster_X
    Napster_X over 11 years
    I need some info from the client side. Can you please tell me which client (Operating system) you are using ? I will send the commands according to the same to test it.
  • Austin
    Austin over 11 years
    I've tried with Linux, Windows 7 and Windows 8.
  • Napster_X
    Napster_X over 11 years
    So, couple of things which could help 1. The logs on the client machine when you are trying to connect. It's available in both windows and Linux. 2. If you can send the route table for your client. I believe this command sud work netstat -rn for windows and route -n for linux
  • Napster_X
    Napster_X over 11 years
    just fyi ... Please send the route table after connecting to the VPN. That way we could be sure that where exactly the issue is, Server or Client.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

OpenVPN connecting but no internet access on Ubuntu 16.04 / 18.04 / 20.04
Split tunnel routing a specific port over OpenVPN on Ubuntu Server 12.04
Only routing certain traffic through VPN
openvpn - How to set client to use local gateway? aka use connection for resources on its network only
OpenVPN without NAT
Yet another routing issue in OpenVPN - Cannot access local machines while on VPN
Peering two sites in a VPN: DIY mode with twin Raspberry Pi
Access Client side LAN on VPN server
Setting up bridged OpenVPN server with single public IP NIC
Routing a particular subnet into a VPN tunnel