Can't get internet by OpenVpn.

czarekplopl · 05-27-2018, 05:20 AM

Hello.
I configured OpenVPN on my server Centos 7 and I can establish the connection between the server and my location.
But I cannot get any ping except my server.
Can anybody help me how to find the problem??

Code:

[root@czaro ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
link-local      0.0.0.0         255.255.0.0     U     1002   0        0 venet0
default         0.0.0.0         0.0.0.0         U     0      0        0 venet0

Code:

[root@czaro ~]# ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 316  bytes 94955 (92.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 316  bytes 94955 (92.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.255  destination 10.8.0.2
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100                       (UNSPEC)
        RX packets 369  bytes 165615 (161.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

venet0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
        inet 127.0.0.1  netmask 255.255.255.255  broadcast 0.0.0.0  destination                      127.0.0.1
        inet6 2402:9e80:0:1000::1:fe7d  prefixlen 128  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (U                     NSPEC)
        RX packets 196263  bytes 104333355 (99.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 144084  bytes 27527442 (26.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

venet0:0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
        inet xx.xx.xx.xx  netmask 255.255.255.255  broadcast xx.xx.xx.xx  dest                     ination 45.124.64.31
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (U                     NSPEC)

Code:

client-to-client
persist-key
persist-tun
ca /etc/openvpn/ssl/ca.crt
cert /etc/openvpn/ssl/czaro.crt
comp-lzo adaptive
dev tun
dh /etc/openvpn/ssl/dh.pem
ifconfig-pool-persist server-ipp.txt 0
keepalive 10 120
key /etc/openvpn/ssl/czaro.key
tls-auth /etc/openvpn/ssl/ta.key 0
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
log /var/log/openvpn/server.log
port 1194
proto udp
server 10.8.0.0  255.255.255.0
verb 3
crl-verify /etc/openvpn/ssl/crl.pem
route 10.8.0.0 255.255.255.0
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

Code:

client
dev tun
proto udp
port 1194
remote xx.xx.xx.xx 1194 udp
remote-cert-tls server
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
auth-nocache
redirect-gateway def1
<ca>
-----BEGIN CERTIFICATE-----
XtRrE
LS7PN4+Ae3w6hV/77kr6/I38pybtph9MuTINPBlQnUY7WAOZXQ==
-----END CERTIFICATE-----

</ca>
<cert>
             
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----

+Ts=
-----END ENCRYPTED PRIVATE KEY-----

</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----

62dc6cfff761986ade803a1ba7dcf2c5
-----END OpenVPN Static key V1-----



</tls-auth>

jlinkels · 05-27-2018, 07:57 AM

I assume your intention is to route all traffic to the outside world through your VPN server?

Can you check the second answer in this post: https://askubuntu.com/questions/4625...hrough-openvpn It is about configuring IPTables on the OpenVPN server.

jlinkels

czarekplopl · 05-28-2018, 03:05 AM

I use all these directives but it still does not work.

AwesomeMachine · 05-29-2018, 03:22 PM

Are you able to ping ip addresses? If you try to ping a domain, does it resolve to an IP?

czarekplopl · 05-29-2018, 07:31 PM

I can ping only my server. I cannot ping any outer IP.

voleg · 05-30-2018, 04:08 AM

Mine:

Code:

# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.0.0.254    0.0.0.0         UG        0 0          0 eth0

Shows default gateway defined. Your output show no DG defined.
That is why you cannot go out.

czarekplopl · 05-30-2018, 07:46 AM

Quote:

Originally Posted by voleg

Mine:

Code:

# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.0.0.254    0.0.0.0         UG        0 0          0 eth0

Shows default gateway defined. Your output show no DG defined.
That is why you cannot go out.

Thanks a lot. Can you tell me how to define DG??