OpenVPN Client timing out
So, what you are missing in your conf is - Routing.
The entry like this:
;push "route 192.168.10.0 255.255.255.0"
is commented into your config file. That explains why you are getting the IP but not able to ping, as there is no route information in your config file.
Uncomment this line and replace the IP information with the IP of your gateway where you are running the openvpn server.
Once you do that, your problem should be fixed.
Related videos on Youtube
Austin
Updated on September 18, 2022Comments
-
Austin almost 2 years
I recently installed OpenVPN on my Ubuntu VPS. Whenenver I try to connect to it, I can establish a connection just fine.
However, everything I try to connect to times out.
If I try to ping something, it will resolve the IP, but will time out after resolving the IP. (So DNS Server seems to be working correctly)
My server.conf has this relevant information (At least I think it's relevant. I'm not sure if you need more or not)
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" ;push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" ;client-to-client ;duplicate-cn keepalive 10 120 ;tls-auth ta.key 0 # This file is secret comp-lzo persist-key persist-tun status openvpn-status.log # Set the appropriate level of log # file verbosity. # # 0 is silent, except for fatal errors # 4 is reasonable for general usage # 5 and 6 can help to debug connection problems # 9 is extremely verbose verb 3
I've tried on multiple computers by the way. The same result on all of them.
What could be wrong?
Thanks in advance, and if you need other information I'll gladly post it.
Information for new comments
root@vps:~# iptables -L -n -v Chain INPUT (policy ACCEPT 862K packets, 51M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 3 packets, 382 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4641 298K ACCEPT all -- * * 10.8.0.0/24 0.0.0.0/0 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 1671K packets, 2378M bytes) pkts bytes target prot opt in out source destination
And
root@vps:~# iptables -t nat -L -n -v Chain PREROUTING (policy ACCEPT 17937 packets, 2013K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 8975 packets, 562K bytes) pkts bytes target prot opt in out source destination 1579 103K SNAT all -- * * 10.8.0.0/24 0.0.0.0/0 to:SERVERIP Chain OUTPUT (policy ACCEPT 8972 packets, 562K bytes) pkts bytes target prot opt in out source destination
-
Napster_X over 11 yearsCan you please paste the complete server.conf here.
-
Dom over 11 yearsCould you check that the routing is activated on your server ? Is the NAT correctely configured ? If there is no nat, could you check your back route too ?
-
MadHatter over 11 yearsMy suspicion is the NAT, too; could we see the outputs of
iptables -L -n -v
andiptables -t nat -L -n -v
? -
Austin over 11 years@MadHatter I posted the outputs of what I think it is you want.
-
MadHatter over 11 yearsGrumble. Not the NAT, then (well done you). Could we also get the output of
cat /proc/sys/net/ipv4/ip_forward
? -
Austin over 11 years@MadHatter The output is just
1
, which I believe means it's forwarding correct? -
Austin over 11 years@MadHatter I have tried to change that line to any IP I believe could be the gateway, and it doesn't seem to matter.
-
zordor over 11 yearsJust one question are you trying to establish this tunnel to China?
-
Austin over 11 years@zordor No, It's in Romania. And MadHatter I'll get the logs posted soon.
-
user2423302 over 11 yearsWhat is your exact SNAT rule? Can you iptables -t nat -F and try: iptables -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
-
grs over 11 yearsYou said it happens on everything you connect to. Seems to me that it may be networking issue. Did you try
echo "550" >> /proc/sys/net/ipv4/tcp_keepalive_time
?
-
-
Austin over 11 yearsHow exactly would I find this? Is it just a matter of doing an
ifconfig
? Thanks -
Napster_X over 11 yearsYes, on your gateway.
-
Napster_X over 11 yearsThat's bad. Let me see if there could be anything else.
-
Napster_X over 11 yearsCan you check the value for ip forwarding in your machine. Use this command: # sudo sysctl -a | grep net.ipv4.ip_forward
-
Austin over 11 yearsI think it's the same value MadHatter was asking for before, but here's the output.
root@vps:~# sudo sysctl -a | grep net.ipv4.ip_forward error: permission denied on key 'vm.compact_memory' error: permission denied on key 'net.ipv4.route.flush' error: permission denied on key 'net.ipv4.route.flush' net.ipv4.ip_forward = 1 error: permission denied on key 'net.ipv6.route.flush'
-
Napster_X over 11 yearsI need some info from the client side. Can you please tell me which client (Operating system) you are using ? I will send the commands according to the same to test it.
-
Austin over 11 yearsI've tried with Linux, Windows 7 and Windows 8.
-
Napster_X over 11 yearsSo, couple of things which could help 1. The logs on the client machine when you are trying to connect. It's available in both windows and Linux. 2. If you can send the route table for your client. I believe this command sud work
netstat -rn
for windows androute -n
for linux -
Napster_X over 11 yearsjust fyi ... Please send the route table after connecting to the VPN. That way we could be sure that where exactly the issue is, Server or Client.