LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-22-2016, 06:22 AM   #1
hututri
LQ Newbie
 
Registered: Mar 2016
Distribution: raspbian
Posts: 2

Rep: Reputation: Disabled
No internet on VPN client on RPi


Hi,
i have a problem to connect to my vpn provider, i can start openvpn and all, but i can't connect to the interwebs.

I'm on raspbian (raspberry pi), it's a debian distro. I want to make it connect to the internet in general, and have the RPi ready upon start. I tried to follow several tutorials, but still cannot connect.
I have no rule on my router, the RPi firewall doesn't seem to exist.

Here's my RPi status after startup (i'm booting on CLI, and copy these from SSH connection over LAN).


ifconfig
eth0 Link encap:Ethernet HWaddr b8:27:eb:00:0x:5c
inet adr:192.168.0.15 Bcast:192.168.0.255 Masque:255.255.255.0
adr inet6: fg80::3678:d9ac:680d:dcce/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4959 errors:0 dropped:0 overruns:0 frame:0
TX packets:1768 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:879347 (858.7 KiB) TX bytes:341052 (333.0 KiB)

lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
adr inet6: ::1/128 Scope:Hôte
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:260 errors:0 dropped:0 overruns:0 frame:0
TX packets:260 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:23304 (22.7 KiB) TX bytes:23304 (22.7 KiB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 -00
inet adr:128.127.109.143 P-t-P:128.127.109.143 Masque:255.255.255.19 2
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:587 errors:0 dropped:0 overruns:0 frame:0
TX packets:1024 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:100
RX bytes:153095 (149.5 KiB) TX bytes:137407 (134.1 KiB)


----------------------------------

route -n
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
0.0.0.0 128.127.109.129 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 128.127.109.129 0.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.0.254 0.0.0.0 UG 202 0 0 eth0
0.0.0.0 128.127.109.129 0.0.0.0 UG 1024 0 0 tun0
128.0.0.0 128.127.109.129 128.0.0.0 UG 0 0 0 tun0
128.127.109.128 0.0.0.0 255.255.255.192 U 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
213.5.69.130 192.168.0.254 255.255.255.255 UGH 0 0 0 eth0

----------------------

ip route show
0.0.0.0/1 via 128.127.109.129 dev tun0
default via 128.127.109.129 dev tun0
default via 192.168.0.254 dev eth0 metric 202
default via 128.127.109.129 dev tun0 proto static metric 1024
128.0.0.0/1 via 128.127.109.129 dev tun0
128.127.109.128/26 dev tun0 proto kernel scope link src 128.127.109.137
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.15 metric 202
213.5.69.130 via 192.168.0.254 dev eth0

-----------------------

Syslog

Mar 22 11:46:21 raspberrypi ovpn-LUXEMBOURG-UDP[501]: TUN/TAP device tun0 opened
Mar 22 11:46:21 raspberrypi ovpn-LUXEMBOURG-UDP[501]: TUN/TAP TX queue length set to 100
Mar 22 11:46:21 raspberrypi ovpn-LUXEMBOURG-UDP[501]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 22 11:46:21 raspberrypi ovpn-LUXEMBOURG-UDP[501]: /sbin/ip link set dev tun0 up mtu 1500
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> (tun0): carrier is OFF
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> (tun0): new Tun device (driver: 'unknown' ifindex: 3)
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> (tun0): exported as /org/freedesktop/NetworkManager/Devices/2
Mar 22 11:46:21 raspberrypi ovpn-LUXEMBOURG-UDP[501]: /sbin/ip addr add dev tun0 128.127.109.137/26 broadcast 128.127.109.191
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> (tun0): link connected
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> (tun0): device state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> (tun0): device state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> Activation (tun0) starting connection 'tun0'
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> Activation (tun0) Stage 1 of 5 (Device Prepare) scheduled...
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> Activation (tun0) Stage 1 of 5 (Device Prepare) started...
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> (tun0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> (tun0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> Activation (tun0) Stage 5 of 5 (IPv4 Commit) complete.
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> (tun0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> (tun0): device state change: secondaries -> activated (reason 'none') [90 100 0]
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> NetworkManager state is now CONNECTED_LOCAL
Mar 22 11:46:21 raspberrypi NetworkManager[428]: <info> Activation (tun0) successful, device activated.
Mar 22 11:46:21 raspberrypi dbus[440]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Mar 22 11:46:21 raspberrypi dbus[440]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Mar 22 11:46:21 raspberrypi nm-dispatcher: Dispatching action 'up' for tun0
Mar 22 11:46:22 raspberrypi ntpd[658]: Listen normally on 6 tun0 128.127.109.137 UDP 123
Mar 22 11:46:22 raspberrypi ntpd[658]: peers refreshed
Mar 22 11:46:23 raspberrypi ovpn-LUXEMBOURG-UDP[501]: /sbin/ip route add 213.5.69.130/32 via 192.168.0.254
Mar 22 11:46:23 raspberrypi ovpn-LUXEMBOURG-UDP[501]: /sbin/ip route add 0.0.0.0/1 via 128.127.109.129
Mar 22 11:46:23 raspberrypi ovpn-LUXEMBOURG-UDP[501]: /sbin/ip route add 128.0.0.0/1 via 128.127.109.129
Mar 22 11:46:23 raspberrypi ovpn-LUXEMBOURG-UDP[501]: /sbin/ip route add 0.0.0.0/0 via 128.127.109.129
Mar 22 11:46:23 raspberrypi ovpn-LUXEMBOURG-UDP[501]: Initialization Sequence Completed
Mar 22 11:46:23 raspberrypi NetworkManager[428]: <info> NetworkManager state is now CONNECTED_GLOBAL
Mar 22 11:46:23 raspberrypi NetworkManager[428]: <info> Policy set 'tun0' (tun0) as default for IPv4 routing and DNS.
Mar 22 11:47:09 raspberrypi rsyslogd-2007: action 'action 17' suspended, next retry is Tue Mar 22 11:47:39 2016 [try http://www.rsyslog.com/e/2007 ]


---------------------

iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

--------------------

Here's the default vpn conf file provided by the vpn provider

client
dev tun
proto udp
remote es1-ovpn-udp.purevpn.net 53
persist-key
persist-tun
ca /etc/openvpn/ca.crt
tls-auth /etc/openvpn/Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
auth-user-pass /etc/openvpn/user.txt
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache


-----------------

traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 * * *
...
30 * * *

traceroute www.google.com
www.google.com: Nom ou service inconnu
Cannot handle "host" cmdline arg `www.google.com' on position 1 (argc 1)


Here's some ping tests (in order, as 8.8.8.8 didn't respond the first time)

ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
108 packets transmitted, 0 received, 100% packet loss, time 107008ms

ping www.google.com
ping: unknown host www.google.com

ping 8.8.4.4
PING 8.8.4.4 (8.8.4.4) 56(84) bytes of data.
64 bytes from 8.8.4.4: icmp_seq=1 ttl=49 time=83.0 ms
64 bytes from 8.8.4.4: icmp_seq=2 ttl=49 time=69.0 ms
64 bytes from 8.8.4.4: icmp_seq=3 ttl=49 time=76.3 ms
64 bytes from 8.8.4.4: icmp_seq=4 ttl=49 time=101 ms
64 bytes from 8.8.4.4: icmp_seq=5 ttl=49 time=78.7 ms
^C
--- 8.8.4.4 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 69.027/81.790/101.757/10.974 ms


ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=48 time=60.7 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=48 time=62.6 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=48 time=60.2 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=48 time=61.2 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 60.255/61.217/62.679/0.959 ms

ping www.google.com
ping: unknown host www.google.com

traceroute 8.8.4.4 (THIS ONE WAS SLOW AS HELL)
traceroute to 8.8.4.4 (8.8.4.4), 30 hops max, 60 byte packets
1 128.127.109.129 (128.127.109.129) 54.870 ms 56.994 ms 56.903 ms
2 79.142.74.3 (79.142.74.3) 57.940 ms 63.270 ms 63.229 ms
3 37.46.123.249 (37.46.123.249) 63.156 ms 62.995 ms *
4 178.21.17.20 (178.21.17.20) 64.792 ms 65.967 ms 66.195 ms
5 80.249.208.247 (80.249.208.247) 72.547 ms 72.550 ms 72.544 ms
6 209.85.143.181 (209.85.143.181) 72.467 ms 59.326 ms 57.012 ms
7 216.239.43.120 (216.239.43.120) 60.002 ms 216.239.47.100 (216.239.47.100) 60.180 ms 209.85.253.242 (209.85.253.242) 61.750 ms
8 209.85.253.201 (209.85.253.201) 66.292 ms 66.907 ms


So what's my problem? DNS setting or routing configuration?


TIA
 
Old 03-22-2016, 03:01 PM   #2
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,861

Rep: Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152
Well, it looks like you are getting connected successfully, and you can ping by IP address. However, name resolution is not working, and for that you need to check /etc/resolv.conf for a valid name server assignment.

This may (or may not) be helpful (I don't know how Raspbian might differ)
http://askubuntu.com/questions/36843...ubuntu-13-10-s
 
Old 03-22-2016, 03:44 PM   #3
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,861

Rep: Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152
This OpenVPN blog is worth reading as well.
Quote:
Sometimes OpenVPN account connects but nothing is accessible. However, you are able to ping some remote IP address in terminal. It’s a DNS issue which may happen when you use DNS server, which isn’t located in your LAN. Here are several ways to resolve that.
 
Old 03-23-2016, 01:58 PM   #4
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,708
Blog Entries: 4

Rep: Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949
Start by noting what your DNS settings are, before and after you connect to the VPN. Also note whether all of your traffic is being diverted through the tunnel once you do connect.

Jot down the IP-address of a well-known server like, say, Google.

Then connect the tunnel, and verify that you can in fact ping a server on the other side. Verify that the route does go through the tun0 virtual interface.

Now, check what the DNS-server settings are, once you've connected. (The OpenVPN config file on your side, or commands "pushed" to you from the server, can change these.) Check the route to these DNS servers, and check the route to Google. If these are going through the tunnel, then you are effectively "located on the other side," such that the DNS requests are being originated on your behalf by the server on the other side. Some DNS servers restrict the range of IP-addresses that can use them. Slowdowns can also be caused by the ordering of DNS-server addresses, if one of these addresses is off-line and a timeout/retry loop occurs.

I see a lot of routes being added, including some fairly-universal ones, which strongly implies that everything's going through the tunnel. Is ".129" the address of your connected VPN? I surmise the TUN's at ".137."

In general, I'm a bit puzzled by those route directives, and by the routes that I see being issued by OpenVPN on connect.

You also need to confirm that everything's okay on the remote side, so to speak "once you get there." Although WireShark will only show encrypted packets (and can't decrypt them or see what kind of traffic they are), you [u]can[/u ] use it for simple traffic-analysis to see if requests are going out and responses are timely being returned.

Once an OpenVPN connection is established, it is fast.

Last edited by sundialsvcs; 03-23-2016 at 02:01 PM.
 
Old 03-24-2016, 11:59 AM   #5
hututri
LQ Newbie
 
Registered: Mar 2016
Distribution: raspbian
Posts: 2

Original Poster
Rep: Reputation: Disabled
Hi, thanks for your answers.
I forced some changes on my resolv.conf, as i suspected my ISP DNS wouldn't answer to requests made through my VPN. That didn't work.
I hoped TCP connection would be better than UDP connections i used before. Fail.

When i connect to a VPN, i just have no connection, and i'm not able to ping anything outside, URL or IP, so i think it's not a DNS issue. Also, my resolv.conf uses opendns servers, so this should be ok.

Just... no traffic, and not a DNS issue. :/


Here are some info whithout vpn, then with vpn.
============================================================

route -n
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.0.254 0.0.0.0 UG 202 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0

ifconfig
eth0 Link encap:Ethernet HWaddr b8:27:00:00:03:5c
inet adr:192.168.0.15 Bcast:192.168.0.255 Masque:255.255.255.0
adr inet6: 2a01:e35:2e96:af90:5988:0000:a78e:db86/64 Scope:Global
adr inet6: 2a01:e35:2e96:af90:0000:ebff:fe42:35c/64 Scope:Global
adr inet6: fe80::ba27:ebff:fe42:35c/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2383135 errors:0 dropped:0 overruns:0 frame:0
TX packets:2095875 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:2934191410 (2.7 GiB) TX bytes:266883580 (254.5 MiB)

lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
adr inet6: ::1/128 Scope:Hôte
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1653 errors:0 dropped:0 overruns:0 frame:0
TX packets:1653 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:215016 (209.9 KiB) TX bytes:215016 (209.9 KiB)

GNU nano 2.2.6 Fichier*: /etc/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
#nameserver 208.67.222.222
#nameserver 208.67.220.220
#nameserver 8.8.8.8
#nameserver 8.8.4.4
nameserver 208.67.222.222
nameserver 208.67.220.220
nameserver 8.8.8.8

======================================================

route -n
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
0.0.0.0 46.243.147.193 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.0.254 0.0.0.0 UG 202 0 0 eth0
46.243.147.4 192.168.0.254 255.255.255.255 UGH 0 0 0 eth0
46.243.147.192 0.0.0.0 255.255.255.192 U 0 0 0 tun0
128.0.0.0 46.243.147.193 128.0.0.0 UG 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0


ifconfig
eth0 Link encap:Ethernet HWaddr b8:00:00:00:03:5c
inet adr:192.168.0.15 Bcast:192.168.0.255 Masque:255.255.255.0
adr inet6: 2a01:e35:2e96:af90:5988:bb56:a78e:db86/64 Scope:Global
adr inet6: 2a01:e35:2e96:af90:ba27:ebff:fe42:35c/64 Scope:Global
adr inet6: fe80::ba27:ebff:fe42:35c/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2477175 errors:0 dropped:0 overruns:0 frame:0
TX packets:2181328 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:3051045592 (2.8 GiB) TX bytes:277310614 (264.4 MiB)

lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
adr inet6: ::1/128 Scope:Hôte
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1677 errors:0 dropped:0 overruns:0 frame:0
TX packets:1677 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:218976 (213.8 KiB) TX bytes:218976 (213.8 KiB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet adr:46.243.147.194 P-t-P:46.243.147.194 Masque:255.255.255.192
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:618 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:100
RX bytes:72 (72.0 B) TX bytes:54412 (53.1 KiB)

Last edited by hututri; 03-24-2016 at 12:01 PM. Reason: add comment
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I can browse internet, but no access to names or addresses on lan. Rpi mike.adams Linux - Networking 15 07-26-2015 11:50 AM
LXer: Mini-PC taps RPi Compute Module and supports RPi 2 LXer Syndicated Linux News 0 02-22-2015 03:03 PM
PPTP Packets from the VPN Client Cannot Reach the VPN server SubZeroJake Linux - Networking 1 05-14-2012 06:52 PM
VPN Client can't access Internet Whiskerz Linux - Networking 7 04-20-2007 04:20 PM
What VPN client under debian is stopping me from accessing the internet? shodekiagari Linux - Networking 5 01-07-2005 07:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration