Can't get internet by OpenVpn.

Issues related to configuring your network
Post Reply
czarekplpl
Posts: 53
Joined: 2014/08/23 07:57:52

Can't get internet by OpenVpn.

Post by czarekplpl » 2018/05/27 10:02:32

Hello.
I configured OpenVPN on my server and I can establish the connection between the server and my location.
But I cannot get any ping except my server.
Can anybody help me how to find the problem??

Code: Select all

[root@czaro ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
link-local      0.0.0.0         255.255.0.0     U     1002   0        0 venet0
default         0.0.0.0         0.0.0.0         U     0      0        0 venet0

Code: Select all

[root@czaro ~]# ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 316  bytes 94955 (92.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 316  bytes 94955 (92.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.255  destination 10.8.0.2
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100                       (UNSPEC)
        RX packets 369  bytes 165615 (161.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

venet0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
        inet 127.0.0.1  netmask 255.255.255.255  broadcast 0.0.0.0  destination                      127.0.0.1
        inet6 2402:9e80:0:1000::1:fe7d  prefixlen 128  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (U                     NSPEC)
        RX packets 196263  bytes 104333355 (99.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 144084  bytes 27527442 (26.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

venet0:0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
        inet xx.xx.xx.xx  netmask 255.255.255.255  broadcast xx.xx.xx.xx dest                     ination 45.124.64.31
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (U                     NSPEC)

Code: Select all

%
client-to-client
persist-key
persist-tun
ca /etc/openvpn/ssl/ca.crt
cert /etc/openvpn/ssl/czaro.crt
comp-lzo adaptive
dev tun
dh /etc/openvpn/ssl/dh.pem
ifconfig-pool-persist server-ipp.txt 0
keepalive 10 120
key /etc/openvpn/ssl/czaro.key
tls-auth /etc/openvpn/ssl/ta.key 0
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
log /var/log/openvpn/server.log
port 1194
proto udp
server 10.8.0.0  255.255.255.0
verb 3
crl-verify /etc/openvpn/ssl/crl.pem
route 10.8.0.0 255.255.255.0
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

Code: Select all

client
dev tun
proto udp
port 1194
remote xx.xx.xx.xx 1194 udp
remote-cert-tls server
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
auth-nocache
redirect-gateway def1
<ca>
-----BEGIN CERTIFICATE-----

LS7PN4+Ae3w6hV/77kr6/I38pybtph9MuTINPBlQnUY7WAOZXQ==
-----END CERTIFICATE-----

</ca>
<cert>
             
-----BEGIN CERTIFICATE-----

I+NLLRE9akg3z79v8a5bXqo=
-----END CERTIFICATE-----

</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----

9L81gtQS6/QHpA7SXL4czlQOzNCbpfZqsAUyVcjnzaCDlVj02LwDKXNUVhVMIU5H
+Ts=
-----END ENCRYPTED PRIVATE KEY-----

</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----

62dc6cfff761986ade803a1ba7dcf2c5
-----END OpenVPN Static key V1-----



</tls-auth>



User avatar
fdisk
Posts: 30
Joined: 2017/11/04 00:59:56

Re: Can't get internet by OpenVpn.

Post by fdisk » 2018/05/30 13:17:01

Looks like missing source NAT/Masq at servers output interface.

Make sure IP forwarding is enabled by kernel.

Post Reply