OpenVPN - no internet
Can anyone solve this puzzle:
I can connect to VPN so that side is sorted with keys authentication etc
However connecting to the vpn loses me my internet access.
Running route on my client gets me gateway 10.8.0,0 which doesnt respond to ping from client, nor does 10.8.0.1 which does from the server end.
The server cant ping the client at 10.8.0.6 either, so looks like there is no communcation between the two?
It looks like i get this
me -> wan -> openvpn server | openvpn server internal network 10.8.0.1 -> wan internet.
where '|' indicates a break
I have followed every tutorial on the net and am getting nowhere, have set up ip forwarding, and have tried the zillion nat rules.
Is there a log on the server i can see to check where its dropping packets? Im using a rackspace cloud vps, I dont know if that changes anything...
Also, how does one enter NAT rules into the iptables file? Im having to enter them with command iptables -t nat .... and they are gone if you do an iptables restart. (I take it they are in effect after the command though right? changing the file itself doesnt seem to take effect until you do a restart of the service.)
turns out the network manager gui for using openvpn doesnt work, if you use the command line on the client.conf file, that works. (dont forget to add the remove servers ip in the conf file)
It would be good for you to provide a little more detail, perhaps and example, for those who come behind you.
Originally Posted by stu2000
Note that many VPN targets, Cisco concentrators in particular, are configured not to allow "split tunnelling", so your Internet access would depend on the network/gateway/proxy setup on the target end.
Apologies for not giving more detail originally,
This was an OpenVPN server I set up with first a CentOS and then a Ubuntu server. Both had exactly the same problem (could connect but not get internet). I didnt try copying across and using the conf file until I was experimenting with using ubuntu instead of CentOS and just left it there once I got it working. I was not using someone elses VPN service. Had set up on VPS's from rackspace cloud (256mb). On Centos i had tried opening up all ports so it definitely wasnt the fact that Centos comes with iptables rules by default whereas ubuntu doesn't (there werent any on rackspace as far as I could see, maybe if you install ubuntu-server yourself it does?).
The openvpn client functionality was added to the network manager in ubuntu / xubuntu by running this command:
If you have any more questions I will be happy to answer. I spent days on this and dont wany anyone else to have to go through the same hasstle.
sudo apt-get install network-manager-openvpn-gnome
Originally Posted by stu2000
I have many more question. I tried to set OpenVPN up in Ubuntu and trying to understand the instructions was not possible for me so I'm not using it. If I knew how to edit the conf file correctly then I'd probably be good to go. Also, as I dual boot Win7 and Ubuntu, I was able to make a connection in Win7 with the gui for OpenVPN but when I go to the website it says there is no connection and does not create one - it just tries and fails. It's all Greek to me. In addition I have my router reconfigured for OpenDNS and that works fine. Could there be a conflict?
I would seriously recommend re-connecting with ubuntu it will work if you edit the client.conf file. If you managed to edit all the other files, like server.conf for th push commands then I dont see why you cant edit and copy across the clients conf file.
It is possible for you to have the openvpn connection connected correctly AND have internet access but not be able to resolve websites. I had this and it was fixed by manually setting my dns to 188.8.131.52 on my normall lan connection. Next time you connect but dont have internet. try just doing a ping to 184.108.40.206 if you get a response then you DO have internet access, your DNS (domain name servers thing that translate addresses like Yahoo! to ip addresses such as 220.127.116.11) just isnt set up correctly, which is fixed by manually setting it like I did.
In trying to set this up I never lost connection. I just don't understand how to edit the conf file in Ubuntu so that never happened. Also, I don't understand what the gui wants so I can't use it to make Open VPN work. This whole thing is over my simple head and I've been a Linux user for at least 7 years. If I could get this to work how would I know anyway? The thing that really embarrasses me is that all the help files I've read and tried to understand say that getting this to work is as simple as can be! That makes me feel like an idiot!
It is pretty easy, i have only heavily been using linx for about 3-4 months now. Hardest bit for me was getting my head around iptables and NAT so i bought a book from oreilly called 'linux networking' which made me understand it, though iptables turned out not to be the problem as mentioned earlier. You have used vi or nano before right? that is how you edit these files mentioned in the command line
here are some centos tutorials (you install openvpn on server then copy across files)
OpenVPN Server On CentOS 5.2 | HowtoForge - Linux Howtos and Tutorials
Ubuntu tutorial video (strain to see but works)
OpenVPN Install How To - YouTube