OpenVPN - Connects but no internet on Linux, works perfectly on Windows

linux windows ubuntu vpn openvpn
7,351

I finally got to the bottom of this one.

It turns out that as I am based in China, DNS requests to visit websites such as facebook.com and twitter.com were being filtered by "The Great Firewall". It was therefore necessary to push DNS through the OpenVPN tunnel too.

This can be done in the following manner:

Append these two lines to the client config (.ovpn) file:

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Ensure these two lines are included in the server config file:

push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

Run the client using the following command (the script security flags allow the up and down scripts to be run in order to modify /etc/resolv.conf, your system DNS settings)

sudo openvpn --script-security 2 --config client-settings.ovpn

I now have a fully working connection.

Thanks to everybody who tried to help with this!

Share:
7,351
jonolumb
Author by

jonolumb

Updated on September 18, 2022

Comments

  • jonolumb
    jonolumb over 1 year

    I have set up an Amazon EC2 server with OpenVPN configured. I can connect using a windows machine and everything works as expected - internet traffic is all routed through the VPN. With the Ubuntu client, I am able to connect to the server successfully but cannot view web pages in a browser or ping external IPs (such as 8.8.8.8). Does anybody have any idea what I need to change to get this to work? Configurations are posted below:

    Ubuntu Server

    port 443
proto tcp
dev tun
ca ca.crt
cert singa.crt
key singa.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

    Ubuntu Client

    client
dev tun
proto tcp
remote (delete) 443
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3
<ca>
(deleted)
</ca>
<cert>
(deleted)
</cert>
<key>
(deleted)
</key>

    Windows Config

    client
dev tun
proto tcp
remote (delete) 443
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3
<ca>
(deleted)
</ca>
<cert>
(deleted)
</cert>
<key>
(deleted)
</key>

    Client routing table before connect:

    Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     2      0        0 wlan0

    Client routing table after connect:

    Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.0.5        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
10.8.0.1        10.8.0.5        255.255.255.255 UGH   0      0        0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
** SERVERIP **  192.168.1.1     255.255.255.255 UGH   0      0        0 wlan0
128.0.0.0       10.8.0.5        128.0.0.0       UG    0      0        0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     2      0        0 wlan0
    • Jan Hudec
      Jan Hudec over 10 years
      On Ubuntu, which method do you use to initiate the connection? It can be done either via NetworkManager (the newer approach) or with /etc/init.d/openvpn?
    • Jan Hudec
      Jan Hudec over 10 years
      NetworkManager defaults to setting default route to the VPN, but the init script does not. You have to do it manually in the up and down scripts.
  • jonolumb
    jonolumb over 10 years
    Have tried that - didn't work unfortunately.
  • MariusMatutiae
    MariusMatutiae over 10 years
    @jonolumb Can you post the client's routing table?
  • MariusMatutiae
    MariusMatutiae over 10 years
    @jonolumb cannot be read, like this

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Multiple OpenVPN connections from one client to one server - connection reset
VPN on Ubuntu server
OpenVPN - ERROR: Linux route add command failed: external program exited with error status: 2
Strange OpenVPN behavior - disconnects after one minute
Flutter release to linux
Will the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?
How to configure ufw-firewall for OpenVPN
Resolve names on OpenVPN server side?
How to correct Openvpn with elevated rights while being an ordinary user?
OpenVPN client connects to VPN server, but no internet connection