nycaleksey

OpenVPN does not work

32 posts in this topic

Hi,

I setup OpenVPN correctly as guided by Darren in the "Access Internal Networks" video and it works perfectly. I can access all the nodes in the victim LAN. However the victim computer on which the turtle is deployed cannot access Internet. If try to ping any host on the internet say 8.8.8.8, it says

172.16.84.1 Destination unreachable

Packets get rejected at the default gateway i.e. turtle

However if I SSH into the turtle then I can ping any host on the internet using turtle shell. Its as if the turtle and the openvpn module access the internet but the victim computer cannot. Kindly advice. I have also updated the DNS servers as mentioned in the previous post but to no avail.

0

Share this post


Link to post
Share on other sites

In this video I have described a problem that I have experienced with the openvpn access server, please watch this video, if you find a solution to the problem I have described please post it in this forum. 

0

Share this post


Link to post
Share on other sites

The problem is with the network config for uci. There are no default firewall rules for handling vpn traffic. Without them the turtle won't pass traffic from the vpn interface to the br-lan interface.

You can correct this by adding the following to /etc/config/firewall on the turtle. Put it in around line 26, before the lines that start with "config rule":

config zone
        option  name            'vpn'
        list    network         'vpn'
        option  input           ACCEPT
        option  output          ACCEPT
        option  forward         REJECT

config forwarding
        option  src             lan
        option  dest            vpn

config forwarding
        option  src             vpn
        option  dest            lan

After doing so, run the following:

/etc/init.d/network restart

This will bounce the interfaces and reset the firewall rules. With these instructions in place, you'll be able to reach the network on the far side of the turtle.

0

Share this post


Link to post
Share on other sites

A correction to my previous post: eth1 (the physical RJ45 port) is wan, not lan, so your config mods should only be:

config zone
        option  name            'vpn'
        list    network         'vpn'
        option  input           ACCEPT
        option  output          ACCEPT
        option  forward         REJECT

config forwarding
        option  src             vpn
        option  dest            wan

This was hidden in my earlier testing by some other direct iptables commands while I was trying to sort it out. I discovered today after rebooting the turtle that it no longer worked, and logging showed me that traffic was exiting the wan port.

0

Share this post


Link to post
Share on other sites

Hi 

I have followed all the instruction here and on Darrens video. 

Problem i am having is once the VPN opens i have no internet. But i can access the OpenVPN AS from the FQDN but nothing else. 

I am stumped on what is going on. 

0

Share this post


Link to post
Share on other sites
On 9/18/2016 at 6:05 AM, MartyRS1975 said:

Hi 

I have followed all the instruction here and on Darrens video. 

Problem i am having is once the VPN opens i have no internet. But i can access the OpenVPN AS from the FQDN but nothing else. 

I am stumped on what is going on. 

If your FQDN resolves to a public IP, and you can still reach that when the VPN is up, it sounds like all of your Internet traffic is being routed over the VPN. You probably don't want that (or maybe you do).

If you do, check that your OpenVPN AS system is configured to NAT traffic from your VPN network and that it has IP forwarding enabled. OVAS _should_ do this for you with its rules, but check anyway. You can use tcpdump to see if traffic from your client is leaving the VPN server without being NATted first, or if it's leaving at all.

On the other hand, if this is _not_ what you want, go into the admin area of AS and under VPN Settings / Routing select "No" for "Should client Internet traffic be routed through the VPN?"

If this doesn't resolve your issue, please create a new post with specific information about how you've set up the server, the client, and exactly what behavior you're experiencing. Include details like:

  • Is this with the Turtle or with your computer?
  • Can you ping by IP but not by hostname?
  • Have your DNS servers changed after connecting to the VPN?
  • Have you run the client in debug mode to get more information about the problem?
  • What client are you using, and on what OS?

The reason for creating a new post is because your problem is unique to you. We don't want a 400-page long thread about OpenVPN that answers 26 different questions. The reason for including details is because without them, we can only guess, and when we get into guessing, the quality of support drops rapidly.

/m

0

Share this post


Link to post
Share on other sites

Hello All!

I was having the same issue with the destination port unreachable until I made the following changes at the end of Darren's video. If you need help or need screenshots let me know! 

 

-Jeff

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.