[resolved] Pivpn Openvpn connected no internet access

[lebossejames]

Hello,

I have Ubuntu mate 18.04, i can connect my phone on the vpn but i cannot access Internet.

My raspberry:

Code: Select all

 
 sudo cat /etc/iptables/rules.v4 
[sudo] password for jamesraspberry: 
# Generated by iptables-save v1.6.1 on Sat Feb 15 00:37:07 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/24 -o enxb827eb93e2d3 -m comment --comment openvpn-nat-rule -j MASQUERADE
COMMIT
# Completed on Sat Feb 15 00:37:07 2020
# Generated by iptables-save v1.6.1 on Sat Feb 15 00:37:07 2020
*filter
:INPUT ACCEPT [2471:2638833]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1645:128590]
COMMIT
# Completed on Sat Feb 15 00:37:07 2020

 
 

Server.conf:

Code: Select all

sudo cat /etc/openvpn/server.conf
dev tun
proto udp
port 1111
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/raspberry-desktop_baa46e79-ffcd-470e-b5ba-27b12e0d884f.crt
key /etc/openvpn/easy-rsa/pki/private/raspberry-desktop_baa46e79-ffcd-470e-b5ba-27b12e0d884f.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
#push "dhcp-option DNS 208.67.222.222"
#push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device. 
#duplicate-cn
# Generated for use by PiVPN.io

On the raspberry, i can start browser and go to google.com, i can ping 8.8.8.8

Code: Select all

ifconfig
enxb827eb93e2d3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.43  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::4f1e:679a:16db:6f8a  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:93:e2:d3  txqueuelen 1000  (Ethernet)
        RX packets 24844  bytes 4577104 (4.5 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13018  bytes 1932663 (1.9 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 152  bytes 12179 (12.1 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 152  bytes 12179 (12.1 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether b8:27:eb:c6:b7:86  txqueuelen 1000  (Ethernet)
        RX packets 37658  bytes 14704663 (14.7 MB)
        RX errors 0  dropped 37658  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Where is the problem please?

Thank you.

[DarrenHill]

Check if you have ipv4 forwarding enabled. Use either of these:

sysctl net.ipv4.ip_forward

or

cat /proc/sys/net/ipv4/ip_forward

If it returns zero then you don't have forwarding enabled, and you won't be able to access the internet (or indeed anywhere off the server). If that is the case, to enable it edit the file /etc/sysctl.conf and add or uncomment the line net.ipv4.ip_forward = 1 (or change = 0 to = 1 if it already exists but is disabled).

After that do either

sysctl -p /etc/sysctl.conf

or

/etc/init.d/procps.sh restart

(the latter for debian and ubuntu only).

[lebossejames]

ip_forward is at value 1.

Code: Select all

cat /proc/sys/net/ipv4/ip_forward
1

[DarrenHill]

Hmm, odd one then, as your server.conf matches my working one (give or take the port, but that's a config setting).

If you put your phone on another network (or on mobile 4G or something) and connect to your network via the VPN, can you see/ping and access machines inside your network? To understand if the problem is that you can't get out of your local network onto the wider internet, or if you can't get out of the VPN server at all.

Also it may be worth confirming that you don't have compression enabled on your clients, as it isn't on your server.

[lebossejames]

On my phone, I can connect VPN with 4G network.

I use JuiceSSH application to connect on my ssh console, but i cannot to connect.

[DarrenHill]

That wasn't quite what I asked. From the phone on 4G, after you connect to the VPN (ie to the VPN server) can you then connect/ping another device on your local network, and also to something on the internet?

To understand how far you can connect:

Phone --> VPN server --X -- local network
Phone --> VPN server --> local network (e.g. router) --X -- internet
Phone --> VPN server --> local router --> internet

At some point you're hitting a roadblock, and the above partitions down which point that is.

What are you trying to connect to with JuiceSSH? The VPN server, something on your local network or something on the internet?

[lebossejames]

When i connect VPN, i get this address: 10.8.0.3, i cannot ping local network

i cannot ping local network: Phone --> VPN server --X -- local network
i cannot ping local network, i cannot access Internet: Phone --> VPN server --> local network (e.g. router) --X -- internet
i cannot ping local network, i cannot access Internet: Phone --> VPN server --> local router --> internet

I try JuiceSSH with my local network 192.168.0.44 with login/password, it cannot access.

[lebossejames]

Hello,

Anyone, have an idea?

[lebossejames]

You need to add in you server.conf and your clients .ovpn files.

Code: Select all

compress lz4

It's works now for me.