Linux Connected to my OpenVPN server VPS but no internet access help !!

R

rajeshjsl

Disciple
so i did the setup and all , i am able to connect to the vpn and get a private ip assigned ,
but i am unable to get "internet access" windows shows "local area connection 3" no internet access ..
there is nothing wrong in windows side as i can use other vpn's and their internet

server:debian 6
client: windows 7 tried , tried on android phone ..

here is my server config

#local 204.xx.xx.xx
port 9201
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 172.17.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group users
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client
push "redirect-gateway def1"
Click to expand...

here is my client config

client
dev tun
proto udp
remote 204.xx.xx.xx 9201
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3
Click to expand...

my connection log
Fri Oct 19 20:48:18 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Fri Oct 19 20:48:18 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Oct 19 20:48:18 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Oct 19 20:48:18 2012 LZO compression initialized
Fri Oct 19 20:48:18 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Oct 19 20:48:18 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Oct 19 20:48:18 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Oct 19 20:48:18 2012 Local Options hash (VER=V4): '41690919'
Fri Oct 19 20:48:18 2012 Expected Remote Options hash (VER=V4): '530fdded'
Fri Oct 19 20:48:18 2012 UDPv4 link local: [undef]
Fri Oct 19 20:48:18 2012 UDPv4 link remote: 204.xx.xx.xx:9201
Fri Oct 19 20:48:18 2012 TLS: Initial packet from 204.xx.xx.xx:9201, sid=436087e1 e8ffa4fe
Fri Oct 19 20:48:24 2012 VERIFY OK: depth=1, /C=US/ST=CA/L=Chicago/O=ra**/CN=download9/name=rajesh/emailAddress=temp@ra**.com
Fri Oct 19 20:48:24 2012 VERIFY OK: depth=0, /C=US/ST=CA/L=Chicago/O=ra**/CN=download9/emailAddress=temp@ra**.com
Fri Oct 19 20:48:45 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Oct 19 20:48:45 2012 Data Channel Encry
pt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Oct 19 20:48:45 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Oct 19 20:48:45 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Oct 19 20:48:45 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Oct 19 20:48:45 2012 [download9] Peer Connection Initiated with 204.xx.xx.xx:9201
Fri Oct 19 20:48:47 2012 SENT CONTROL [download9]: 'PUSH_REQUEST' (status=1)
Fri Oct 19 20:48:48 2012 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 172.17.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 172.17.0.10 172.17.0.9'
Fri Oct 19 20:48:48 2012 OPTIONS IMPORT: timers and/or timeouts modified
Fri Oct 19 20:48:48 2012 OPTIONS IMPORT: --ifconfig/up options modified
Fri Oct 19 20:48:48 2012 OPTIONS IMPORT: route options modified
Fri Oct 19 20:48:48 2012 ROUTE default_gateway=192.168.79.1
Fri Oct 19 20:48:48 2012 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{FD8865AC-049A-4225-9DA0-D0952C465557}.tap
Fri Oct 19 20:48:48 2012 TAP-Win32 Driver Version 9.9
Fri Oct 19 20:48:48 2012 TAP-Win32 MTU=1500
Fri Oct 19 20:48:48 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.17.0.10/255.255.255.252 on interface {FD8865AC-049A-4225-9DA0-D0952C465557} [DHCP-serv: 172.17.0.9, lease-time: 31536000]
Fri Oct 19 20:48:48 2012 Successful ARP Flush on interface [47] {FD8865AC-049A-4225-9DA0-D0952C465557}
Fri Oct 19 20:48:53 2012 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Fri Oct 19 20:48:53 2012 C:\WINDOWS\system32\route.exe ADD 204.xx.xx.xx MASK 255.255.255.255 192.168.79.1
Fri Oct 19 20:48:53 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Fri Oct 19 20:48:53 2012 Route addition via IPAPI succeeded [adaptive]
Fri Oct 19 20:48:53 2012 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.17.0.9
Fri Oct 19 20:48:53 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Oct 19 20:48:53 2012 Route addition via IPAPI succeeded [adaptive]
Fri Oct 19 20:48:53 2012 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.17.0.9
Fri Oct 19 20:48:53 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Oct 19 20:48:53 2012 Route addition via IPAPI succeeded [adaptive]
Fri Oct 19 20:48:53 2012 C:\WINDOWS\system32\route.exe ADD 172.17.0.0 MASK 255.255.255.0 172.17.0.9
Fri Oct 19 20:48:53 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Oct 19 20:48:53 2012 Route addition via IPAPI succeeded [adaptive]
Fri Oct 19 20:48:53 2012 Initialization Sequence Completed


NOW i disconnect cause no internet access !!



Fri Oct 19 20:50:29 2012 TCP/UDP: Closing socket
Fri Oct 19 20:50:29 2012 C:\WINDOWS\system32\route.exe DELETE 172.17.0.0 MASK 255.255.255.0 172.17.0.9
Fri Oct 19 20:50:29 2012 Route deletion via IPAPI succeeded [adaptive]
Fri Oct 19 20:50:29 2012 C:\WINDOWS\system32\route.exe DELETE 204.xx.xx.xx MASK 255.255.255.255 192.168.79.1
Fri Oct 19 20:50:29 2012 Route deletion via IPAPI succeeded [adaptive]
Fri Oct 19 20:50:29 2012 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 172.17.0.9
Fri Oct 19 20:50:29 2012 Route deletion via IPAPI succeeded [adaptive]
Fri Oct 19 20:50:29 2012 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 172.17.0.9
Fri Oct 19 20:50:29 2012 Route deletion via IPAPI succeeded [adaptive]
Fri Oct 19 20:50:29 2012 Closing TUN/TAP interface
Fri Oct 19 20:50:29 2012 SIGTERM[hard,] received, process exiting
Click to expand...

i enabled packet forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Click to expand...

my iptables
iptables -A FORWARD -i tun+ -j ACCEPT

previously i tried this also

iptables -t nat -A POSTROUTING -s 172.17.0.0/24 -j SNAT --to 204.xx.xx.xx (my vps ip)
Click to expand...

also i asked my vps provider , they do not restrict any openvpn access or disable internet sharing ..
i have full control over my vps ..

WHAT IS WRONG ?? !!
 
:bleh: :bleh: :bleh:

I'm assuming you are running the latest OpenVPN (since the old one had some driver certification issues with Win 7) and under admin rights. It needs elevated privilege in order to use "route".

Test couple of things by running the appropriate commands:

Check whether TUN/TAP is enabled on your VPS, the output of following command should be "cat: /dev/net/tun: File descriptor in bad state"
HTML: 
cat /dev/net/tun

This should be returning 1 (or net.ipv4.ip_forward = 1)
Code: 
sysctl net.ipv4.ip_forward

Also make sure IPTABLES is installed, NAT module is enabled & you have setup the routing in the "/etc/rc.local" file.

By the way, which VPS provider are you using & specs/costs of the plan?
 
KernelPanic said:
:bleh: :bleh: :bleh:

I'm assuming you are running the latest OpenVPN (since the old one had some driver certification issues with Win 7) and under admin rights. It needs elevated privilege in order to use "route".

Test couple of things by running the appropriate commands:

Check whether TUN/TAP is enabled on your VPS, the output of following command should be "cat: /dev/net/tun: File descriptor in bad state"
HTML: 
cat /dev/net/tun

This should be returning 1 (or net.ipv4.ip_forward = 1)
Code: 
sysctl net.ipv4.ip_forward

Also make sure IPTABLES is installed, NAT module is enabled & you have setup the routing in the "/etc/rc.local" file.

By the way, which VPS provider are you using & specs/costs of the plan?
Click to expand...





Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Click to expand...


both are 1 and iptables given above ..
how to check nat module is enabled ??
the /etc/rc.local file is empty ..(i mean all are #'d lines no command lines except exit 0)

tried tcpdump -i tun0 , found that the client's packet are coming , i can see like 172.17.0.10 > ..some sites..... .bla bla

so what is the problem ?? !!
googled like hell , posted everywhere , someone help !!

specs :- debian 6, xen pv 256mb/512mb swap , 10GB HDD , 1 TB Bandwidth ..
 
Simply put, I've no idea. :bleh: As I really don't have much experience with it. My earlier response was related to issues I had faced, so just wanted to help out in case you were facing similar issues. :ashamed:

Anyways, my rc.local contains following line above the exit 0

Code: 
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to XXX.XXX.XXX.XXX

I can see you have issued a similar rule, but mine contains "-o venet0" (interface?), not sure if it makes any difference. :bleh:

Basically, I followed this tutorial https://forum.ramhost.us/bbs/viewtopic.php?id=4

I'll recommend posting the issue on LowEndTalk, you might get a quick solution. :bigok:
 
Thanks again for the reply , let me try will let you know !!

- - - Updated - - -

lol i dont know what i did , i did everything from scratch and it works , not the given forum link , but what i did b4 again the same thing , lol ..
 
lo i found the problem i restarted the server and tried many combinations i get to know these !!


iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to XXX.XXX.XXX.XXX
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to XXX.XXX.XXX.XXX
Click to expand...

any1 of them if not entered then it doesn't works !!
also i'm loling to the fact that even after entering iptables my list is empty !!
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Click to expand...

lol then how does it is affecting my internet access ?????:23:

- - - Updated - - -

lo i found the problem i restarted the server and tried many combinations i get to know these !!


iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to XXX.XXX.XXX.XXX
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to XXX.XXX.XXX.XXX
Click to expand...

any1 of them if not entered then it doesn't works !!
also i'm loling to the fact that even after entering iptables my list is empty !!
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Click to expand...

lol then how does it is affecting my internet access ?????:23:
 
rajeshjsl said:
lo i found the problem i restarted the server and tried many combinations i get to know these !!




any1 of them if not entered then it doesn't works !!
also i'm loling to the fact that even after entering iptables my list is empty !!


lol then how does it is affecting my internet access ?????:23:
Click to expand...

It's empty even for me. As I'm not sure how it works, so can't really comment on it :bleh:

So, you have to enter those commands everytime your VPS is restarted? I suppose that rc.local file is taking care of it for me then?

I think this rule would be enough, don't think you need that 3rd line. :unsure:
Code: 
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to XXX.XXX.XXX.XXX
 
yeah i forgot to ask , i have to enter these everytime my server boots up ,
adding both the lines to rc.local will solve the problem ??

also only these two lines makes the difference , not the venet0 one !!

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to XXX.XXX.XXX.XXX
Click to expand...

lol again confusion ..

what about rc.local

also i wanted to know , when i connect to 204.xx.xx.xx:9201
how does it connect ,
i mean if my isp blocks port 9201 then will i be able to connect ??
or can i do some port settings client side ??
will i have to change ports both the server and the client ??

Thanks !!
 
Yea, If that port is blocked by the ISP, then you will have to change it in the config files (both server & client) & simply restart the "openvpn" service.

If you do not have anything important on the server & don't mind wiping out everything, I would suggest to start afresh here. Reinstall the OS, remove the redundant packages & then install the VPN using the forum link I gave.

Could you please tell me, If you are using the VPS just for the VPN or for something else too?
 
a lot more other things than VPN !! cant reinstall the OS :( ..anyways the problem is solved , it works , no problem ....what about rc.localcan i inlude both the commands there ??or any startup scripts to include those lines ??
 
:clapping: :bleh: :clapping:

No idea, as I simply followed that tutorial. You may try it by adding those line in the file (or check out the tutorial you followed last time) & test it out by restarting the VPS. :evilgrin39:
 
Back
Top