[SOLVED] OpenVPN: Connected but no Internet access *sigh*

This forum is for topics specific to the Raspberry Pi and Arch Linux ARM

[SOLVED] OpenVPN: Connected but no Internet access *sigh*

Postby dafero » Fri Sep 11, 2015 8:08 pm

Hi everyone,

I had this posted on the ArchLinux forums but they closed it :(
I reopen it here again hoping for an answer. Thanks in advance!

---

I have a RaspberryPi2 with Arch Linux ARM installed.
I'm trying to configure a VPN Server on the Pi so I can connect securely from the outside to my local network and browse from there.

To do it I followed this tutorial http://readwrite.com/2014/04/10/raspber ... b-browsing
Everything was pretty straight forward and after finishing all the steps I was able to connect to my new VPN from my Android.

The problem is that once I'm connected I don't have access to the Internet. I can ping the Pi (192.168.10.12) and the Pi's VPN IP (10.8.0.1).
Other than that nothing. No ping to the router (192.168.10.1) or Google's DNS 8.8.8.8.

I already read these posts [SOLVED] Need help, OpenVPN not routing, [SOLVED] VPN routing issue - maybe my iptables and this one too OpenVPN issues, no access to internet after static ip configuration but unfortunately I'm still not able to solve it.

This is my configuration:

No firewall enabled

$ip addr
$this->bbcode_second_pass_quote('', '
') 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether b8:27:eb:45:38:22 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.12/24 brd 192.168.10.255 scope global dynamic eth0
valid_lft 50537sec preferred_lft 50537sec
inet6 fe56::ba27:ebff:fe96:3877/64 scope link
valid_lft forever preferred_lft forever
3: tun0@NONE: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
valid_lft forever preferred_lft forever


$cat /etc/openvpn/server.conf
$this->bbcode_second_pass_quote('', '
') local 192.168.10.12
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/certs/ca.crt
cert /etc/openvpn/easy-rsa/certs/server.crt
key /etc/openvpn/easy-rsa/certs/server.key
dh /etc/openvpn/easy-rsa/certs/dh2048.pem
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.10.0 255.255.255.0"
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 192.168.10.1"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/certs/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 3


$cat client.ovpn
$this->bbcode_second_pass_quote('', '
') client
dev tun
proto udp
remote thisisfake.myaddress.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 5
mute 20

+ private certs


$cat /etc/systemd/network/eth0.network
$this->bbcode_second_pass_quote('', '
') [Match]
Name=eth0

[Network]
DHCP=yes
IPForward=yes
IPMasquerade=yes

$sysctl -a | grep forwarding | grep ipv4
$this->bbcode_second_pass_quote('', '
') net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.tun0.forwarding = 1
net.ipv4.conf.tun0.mc_forwarding = 0

Can anyone please help me out with this?

Thank you very much,
Daniel.
Last edited by dafero on Tue Sep 15, 2015 6:35 pm, edited 1 time in total.
dafero
 
Posts: 8
Joined: Tue Aug 11, 2015 9:02 pm
Top

Re: [OpenVPN] Connected but no Internet access *sigh*

Postby dafero » Sun Sep 13, 2015 9:14 pm

Can someone please move this to the Raspberry pi subforum?
Thank you!
dafero
 
Posts: 8
Joined: Tue Aug 11, 2015 9:02 pm

Re: [OpenVPN] Connected but no Internet access *sigh*

Postby opotonil » Tue Sep 15, 2015 10:46 am

My /etc/openvpn/server.conf:
$this->bbcode_second_pass_code('', '
mode server
dev tun0
proto udp
port 1194
ca /etc/openvpn/easy-rsa/certs/ca.crt
cert /etc/openvpn/easy-rsa/certs/server.crt
key /etc/openvpn/easy-rsa/certs/server.key
dh /etc/openvpn/easy-rsa/certs/dh2048.pem
tls-auth /etc/openvpn/easy-rsa/certs/ta.key
key-direction 0
user nobody
group nobody
topology subnet
server 10.8.0.0 255.255.255.0
push "route 192.168.10.0 255.255.255.0"
push "dhcp-option DNS 192.168.10.1"
client-config-dir /etc/openvpn/ccd
ifconfig-pool-persist /etc/openvpn/ipp.txt
keepalive 10 120
persist-tun
persist-key
comp-lzo
client-to-client
')

I have replaced my IPs and paths with yours. You can remove options "client-config-dir" and "ifconfig-pool-persist". To use option "redirect-gateway" see:
- https://openvpn.net/index.php/open-sour ... l#redirect

More concrete:
$this->bbcode_second_pass_quote('', '
')Pushing the redirect-gateway option to clients will cause all IP network traffic originating on client machines to pass through the OpenVPN server. The server will need to be configured to deal with this traffic somehow, such as by NATing it to the internet, or routing it through the server site's HTTP proxy.

On Linux, you could use a command such as this to NAT the VPN client traffic to the internet:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
This command assumes that the VPN subnet is 10.8.0.0/24 (taken from the server directive in the OpenVPN server configuration) and that the local ethernet interface is eth0.
opotonil
 
Posts: 40
Joined: Sat Feb 08, 2014 1:17 pm
Top

Re: [OpenVPN] Connected but no Internet access *sigh*

Postby dafero » Tue Sep 15, 2015 6:35 pm

Hi opotonil,

Yay! Awesome! Your configuration worked!
Seriously, thank you very much. I was really frustrated with this...
I still need to do some readings thought if I wanna fully understand what was going on.

But yeah! Thank you again :D
dafero
 
Posts: 8
Joined: Tue Aug 11, 2015 9:02 pm

Re: [SOLVED] OpenVPN: Connected but no Internet access *sigh

Postby vividou » Fri Sep 18, 2015 10:48 am

Hi dafero,

I am encountering the same problem as you. What exactly solved your problems?

Would it possible to add the links to the posts which helped you to solve the issues you mentioned here:
$this->bbcode_second_pass_quote('', 'I') already read these posts [SOLVED] Need help, OpenVPN not routing, [SOLVED] VPN routing issue - maybe my iptables and this one too OpenVPN issues, no access to internet after static ip configuration but unfortunately I'm still not able to solve it.


Thanks!
vividou
 
Posts: 1
Joined: Fri Sep 18, 2015 9:03 am
Top

Re: [SOLVED] OpenVPN: Connected but no Internet access *sigh

Postby dafero » Sat Sep 19, 2015 9:54 pm

Hi,

Sorry my bad! anyway knowing the post title, it was really easy to find them on Google.

[SOLVED] Need help, OpenVPN not routing --> https://bbs.archlinux.org/viewtopic.php?id=196809
[SOLVED] VPN routing issue - maybe my iptables --> https://bbs.archlinux.org/viewtopic.php?id=200522
OpenVPN issues, no access to internet after static ip configuration --> https://bbs.archlinux.org/viewtopic.php?id=200522

What problems are you facing? Can you open a new topic so we can track your specific issues there?

Cheers,
Daniel.
dafero
 
Posts: 8
Joined: Tue Aug 11, 2015 9:02 pm


Return to Raspberry Pi

Who is online

Users browsing this forum: No registered users and 9 guests