Yoda007
Posts: 44
Joined: Mon Jan 23, 2012 6:05 pm

OpenVPN Problem

Sat Mar 25, 2017 4:07 pm

I have installed and configured an OpenVPN server with this http://readwrite.com/2014/04/10/raspber ... -browsing/ guide and I have a problem.

I can connect to my new VPN with my Android phone, but I don't have an internet connection (I cannot browse, ping machines on the internet - even if i try to connect with a direct IP address it doesn't work - so DNS is not at fault here). I can ping/browse devices on my local network without a problem.

I have forwarded the correct port on my router and even set the raspberry PI on the DMZ but, it didn't make a difference.

Does anyone know what could be an issue ? I am attaching my server configuration and logs.

Server configuration:

Code: Select all

local 192.168.0.30
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/NAME.crt
cert /etc/openvpn/easy-rsa/keys/NAME.crt
key /etc/openvpn/easy-rsa/keys/NAME.key
dh /etc/openvpn/easy-rsa/keys/NAME.pem
server 10.8.0.0 255.255.255.0 
# server and remote endpoints 
ifconfig 10.8.0.1 10.8.0.2 
# Add route to Client routing table for the OpenVPN Server 
push "route 10.8.0.1 255.255.255.255" 
# Add route to Client routing table for the OpenVPN Subnet 
push "route 10.8.0.0 255.255.255.0" 
# your local subnet
push "route 192.168.0.0 255.255.255.0"
# Set primary domain name server address to the SOHO Router 
# If your router does not do DNS, you can use Google DNS 8.8.8.8 
push "dhcp-option DNS 192.168.0.1"
# Override the Client default gateway by using 0.0.0.0/1 and 
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of 
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1" 
client-to-client 
duplicate-cn 
keepalive 10 120 
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 
cipher AES-128-CBC 
comp-lzo 
user nobody 
group nogroup 
persist-key 
persist-tun 
status /var/log/openvpn-status.log 20 
log /var/log/openvpn.log 
verb 1
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Log with Android device connected:

Code: Select all

Sat Mar 25 16:48:15 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Sat Mar 25 16:48:15 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Sat Mar 25 16:48:15 2017 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sat Mar 25 16:48:15 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Mar 25 16:48:15 2017 Control Channel Authentication: using '/etc/openvpn/easy-rsa/keys/ta.key' as a OpenVPN static key file
Sat Mar 25 16:48:15 2017 TUN/TAP device tun0 opened
Sat Mar 25 16:48:15 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Mar 25 16:48:15 2017 /sbin/ip link set dev tun0 up mtu 1500
Sat Mar 25 16:48:15 2017 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sat Mar 25 16:48:15 2017 /etc/openvpn/update-resolv-conf tun0 1500 1558 10.8.0.1 10.8.0.2 init
Sat Mar 25 16:48:15 2017 GID set to nogroup
Sat Mar 25 16:48:15 2017 UID set to nobody
Sat Mar 25 16:48:15 2017 UDPv4 link local (bound): [AF_INET]192.168.0.30:1194
Sat Mar 25 16:48:15 2017 UDPv4 link remote: [undef]
Sat Mar 25 16:48:15 2017 Initialization Sequence Completed
Sat Mar 25 17:03:42 2017 213.229.236.157:50074 [Client1] Peer Connection Initiated with [AF_INET]213.229.236.157:50074
Sat Mar 25 17:03:42 2017 Client1/213.229.236.157:50074 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Sat Mar 25 17:03:42 2017 Client1/213.229.236.157:50074 send_push_reply(): safe_cap=940

User avatar
DougieLawson
Posts: 35381
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: OpenVPN Problem

Sat Mar 25, 2017 4:47 pm

Try this

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
keepalive 10 120
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 3
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
Then route 10.8.0.xxx to the public internet on your RPi with iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE plus a few other iptables routing options. Don't try and push your 192.168.0.xxx subnet down your OpenVPN tunnel.

Lots of rich details here: https://www.linode.com/docs/networking/ ... vpn-server
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

Yoda007
Posts: 44
Joined: Mon Jan 23, 2012 6:05 pm

Re: OpenVPN Problem

Sat Mar 25, 2017 7:38 pm

Thank you for your explanation and link !

I got it working with the openVPN DNS servers, if I use mine (10.8.0.1 or 192.168.0.1) it stops working. Need to tinker some more so that I can use mine (though openVPN DNS is probably just fine since all I am looking for is security on unsecured wifi and on a data connection).:

Code: Select all

...
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

Electron752
Posts: 142
Joined: Mon Mar 02, 2015 7:09 pm

Re: OpenVPN Problem

Sat Mar 25, 2017 8:50 pm

If you're Wifi is unsecured, you really need to set some kind of password on that Wifi. That's going to be the biggest help their. If you add that to the vpn, you will be better.

Yoda007
Posts: 44
Joined: Mon Jan 23, 2012 6:05 pm

Re: OpenVPN Problem

Sun Mar 26, 2017 2:43 pm

My Wifi is secured, this is for using other peoples Wifi (secured or unsecured), and the data connection from my cell phone provider.

Return to “General discussion”