Menu
I have set up a openVPN tunnel using the following server side configuration:
port 1194
proto udp
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
client-to-client
log-append /var/log/openvpn
group daemon
daemon
verb 3
and client configuration file as following:
client
remote ******* 1194
dev tun
comp-lzo
ca ca.crt
cert client1.crt
key client1.key
route-delay 2
route-method exe
redirect-gateway def1
verb 3
However, upon connection, I can ping 10.8.0.1 with no problem, but I can not even visit Google.
I am running Open VPN 2.1.4, in Windows 7 Ultimate with admin rights. The server is a Ubuntu 10.04 installation with TUN enabled by default.
The only suspicious part I can find in the log is like this:
Mon Feb 21 20:44:33 2011 C:\WINDOWS\system32\route.exe ADD ********* MASK 255.255.255.255 192.168.1.1
OK!
Mon Feb 21 20:44:33 2011 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
OK!
Mon Feb 21 20:44:34 2011 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
OK!
Mon Feb 21 20:44:34 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
OK!
Mon Feb 21 20:44:34 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
The route addition failed: The object already exists.
Mon Feb 21 20:44:34 2011 Initialization Sequence Completed
Not sure if that would help.
Please help!
Thanks!
991
The solution is to set up a proper DNS name and configure that and save settings. Then uninstall, redownload, and reinstall the connection profile or OpenVPN Connect Client program and to try again. Another common mistake is to forget to open the 3 ports required for OpenVPN Access Server to be reachable properly.
The lockout expires after 15 minutes. You can modify these default settings. You can also manually lift the lockout if you don't want to wait 15 minutes.
It's simple. Just install Access Server on the network, and then connect your device with our Connect client. Access Server will accept incoming connections from internet only if that device and user has the correct access code and certifications necessary.
Our Verdict. If your VPN keeps disconnecting and reconnecting, it's likely that data packets are being lost or blocked between your device and the VPN server. This could be due to issues with the VPN client, your router, or your network connection.
You are using the flag redirect-gateway def1 and since are redirecting all your traffic through the VPN.
I can't see from your post if you have configured NAT or any other adresse translation on your server, but my guess is, that the packets are just being routed through your VPN and then have no way to get back to your client.
If your VPN client is 10.8.0.2 and your server is 10.8.0.1 and has an internet ip that is 12.12.12.12:
your call to google will be send from 10.8.0.2 routed through the VPN and then send from there to Google. The problem is, that the originating adress will stay as 10.8.0.2 and therefore the answer packets never can find back to you. You must add some means of translation that takes the packets and translates the origin from 10.8.0.2 to 12.12.12.12 and back:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
This is also explained in OpenVPN Manual. I hope this solves your problem, but from the description I could not be sure if you have any NAT translation enabled, so maybe this is isn't helpfull at all :-)
98
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
