OpenVPN connects but no internet access
Masquerading does not work on a VPS .. you must use iptables
Source NAT
instead:
iptables -t nat -A POSTROUTING -s 10.x.x.x/xx -j SNAT --to-source y.y.y.y
x.x.x.x/x
is the VPN subnet - y.y.y.y
is the IP address of your server output interface.
Related videos on Youtube
lonerunner
I am Freelance Web Designer and Server Administrator with passion in Photography. My main area of expertise is web development and design. I love making cool stuff on the web, and mainly i work with WordPress and Joomla cms. I am experienced in customizing and developing WordPress driven websites. As a Server Administrator over past years i have built and setup various web servers from shared hosting solutions to dedicated servers for audio and video streaming, gaming servers, and web servers. I also love photography and in my free time i always take my camera out trying to snatch few cool photos. I also do product shots for catalogs, flyers, websites, etc...
Updated on September 18, 2022Comments
-
lonerunner over 1 year
I can't figure out why my openvpn connection is not working. It seems that it works fine on connection. I can connect to my server but once when I'm connected I can't use internet through vpn.
This is a VPS server running on Debian
Here is my openvpn server.conf file
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 10 120 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log log openvpn.log verb 6 mute 20
And here is my client.conf file
client dev tun proto udp remote server_ip 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ns-cert-type server comp-lzo verb 3 remote-cert-tls server
I've added firewall rules also to accept connection and route but strange thing is that some rules appear multiple times. Here is my iptables save file
# Generated by iptables-save v1.4.8 on Sun Dec 22 04:36:18 2013 *nat :PREROUTING ACCEPT [53:9749] :POSTROUTING ACCEPT [9:675] :OUTPUT ACCEPT [9:675] -A PREROUTING -d server_ip/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 1194 -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source server_ip -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE COMMIT # Completed on Sun Dec 22 04:36:18 2013 # Generated by iptables-save v1.4.8 on Sun Dec 22 04:36:18 2013 *filter :INPUT ACCEPT [946:112417] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [824:172939] -A INPUT -i tun0 -p tcp -m tcp --dport 1194 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 10.8.0.0/24 -j ACCEPT -A FORWARD -j REJECT --reject-with icmp-port-unreachable -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 10.8.0.0/24 -j ACCEPT -A FORWARD -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 10.8.0.0/24 -o eth0 -j ACCEPT COMMIT # Completed on Sun Dec 22 04:36:18 2013
I also checked /etc/sysctl.conf to make sure that
net.ipv4.ip_forward=1
I also have
net.ipv6.conf.all.forwarding=1
So I've tried OpenVPN connection on my linux pc and on Virtualbox XP and both have connection but none of them have access to internet once connected.
Strangest thing of all this is when I do traceroute it shows connection through VPN.
For example I do traceroute google.com
1 my ip from vpn connection 2 openvpn server ip 3 ... 4 ... 5 ... few hops between server to google 6 and finally google server ip
So traceroute shows that connection goes through vpn, and also when I ping, ping is increased to 100ms in difference when I'm not connected to vpn when ping is about 20ms.
But when I try to browse the internet with any program (firefox, chrome, iexplorer) I don't get anything. Nothing will load and connection times out.
It's not that my server is slow so pages won't load, speed test shows about 70mbit connection on server, and I have 6mbit connection.
And when I try to connect to other vpn like cloudnymous everything works fine. It's just something wrong on my openvpn setup.
EDIT: After all I thought I finally made it working, after messing around a lot of settings I finally can connect to my VPN and get internet from there.
Now I have one final problem. Since I'm on linux few programs doesn't work here and I use virtualbox with windows XP installation but when connected to vpn on virtualbox I can surf the internet. But no program can connect to the internet. Also my vpn connection is loosing internet from time to time, and it's not my internet or server connection because during that time when I loose internet over vpn I can still connect with putty over ssh to the server and do various things.
-
devasia2112 over 10 yearsWow.. Is it a bible? just kidding.. well, did you open the ports in your firewall?
-
Marcus Rickert over 10 yearsWhat is the
REDIRECT
rule good for if you have default port 1194 configured on both client and server? How's the proxy set up for your browsers? For testing you should deactivate all proxies. Can you load any of the web pages using e.g.wget
? -
lonerunner over 10 yearsI don't even have firewall enabled on my pc, and if i turn off redirect than i get connection to vpn but i get internet from my home network. using wget i can download files from ip but entering any domain address it got stuck.
-
Pol Hallen over 10 yearsgive me output off: netstat -rn
-
lonerunner over 10 yearsfrom server or my pc?
-
-
dotvotdot over 8 yearsSomebody must have found this useful by now ?