Open vpn нет интернета

OpenVPN Support Forum

I can successfully connect my iphone to the openvpn server on a ddwrt router but I cant get internet on it. My goal is to configure OpenVPN server on my DD-WRT router and connect my iphone/laptop to it when not at home. Please check out this link which shows my current network.

I have port forwarded 1194 to 192.168.0.27 from my cisco modem/router.

Here is my server config file:

push «route 192.168.5.0 255.255.255.0»
push «route 192.168.0.0 255.255.255.0»
push «dhcp-option DNS 10.8.0.1»
push «redirect-gateway def1»
server 10.8.0.0 255.255.255.0
dev tun0
proto tcp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
management localhost 5001

Here is the client config file:

remote wanip 1194
client
remote-cert-tls server
dev tun0
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
float
route-delay 30
ca ca.crt
cert client.crt
key client.key

iptables -I INPUT 1 -p udp —dport 1194 -j ACCEPT
iptables -I INPUT 1 -p tcp —dport 1194 -j ACCEPT
iptables -I FORWARD 1 —source 192.168.5.0/24 -j ACCEPT
iptables -I FORWARD 1 —source 192.168.0.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

I used this website as a guide:

the problem is I cant get internet access on the phone. But I am able to access the router configs by typing in 192.168.5.1 on safari. I can also ping the router (192.168.5.1 and 192.168.0.27) and the Openvpn server (10.8.0.1) successfully.

If i remove push «redirect-gateway def1» from server config, then i can access internet but thats no use to me because I want my web browsing to be secured which goes through the VPN.

I have tried udp instead of tcp with no success. not sure what else too do.

Re: VPN connected but no internet

Post by shadoweyez » Sun Apr 28, 2013 3:02 am

Try a command like this in your firewall rules:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o -j MASQUERADE

Re: VPN connected but no internet

Post by azze » Sat Sep 21, 2013 9:46 am

I have exactly the same problem as darklord4real. I used the same guide to setup OpenVPN on my DD-WRT router as he did (see link in his post). When I found this thread I followed the recommendation to add

iptables -t nat -A POSTROUTING -s 192.168.66.0/24 -o tun0 -j MASQUERADE

to my firewall rules. But I still have no internet access. Any more ideas? Your help is really appreciated!

Читайте также:  Определить скорость своего интернет соединения

Re: VPN connected but no internet

Post by cbr954rr » Thu Oct 10, 2013 5:55 pm

I was in this same issue. In order for me to get it working so that my iPhone could connect to the OpenVPN server and be able to surf the internet, I had to do the following:

Add
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE — my VPN IP addressess

to what was already in my firewall which was

iptables -I INPUT 1 -p udp —dport 1194 -j ACCEPT
iptables -I FORWARD 1 —source 10.8.0.0/24 -j ACCEPT — my VPN IP addressess
iptables -I FORWARD -i br0 -o tun2 -j ACCEPT
iptables -I FORWARD -i tun2 -o br0 -j ACCEPT

and I had to add
push «route 192.168.5.0 255.255.255.0» — LAN IP of OpenVPN router
push «dhcp-option DNS xx.xx.xx.xx» —where x’s are the DNS IPs supplied by the ISP that my
push «dhcp-option DNS xx.xx.xx.xx» —OpenVPN router is connected to

to the Additional Config box under Services-VPN in my DD-WRT router. I used the GUI to set up the server side instead of using a script file.

Not sure if this is the correct way to do it and I am currently digging to see if there is a better way but it works for me at the moment.

Re: VPN connected but no internet

Post by mblmblmbl » Sun Nov 24, 2013 2:37 pm

The solution proposed by cbr954rr finally works also for me, thanks a lot .

It worked even without the
push «route 192.168.5.0 255.255.255.0» — LAN IP of OpenVPN router

But needed the POSTROUTING line and both the
push «dhcp-option DNS xx.xx.xx.xx» —where x’s are the DNS IPs supplied by the ISP that my
push «dhcp-option DNS xx.xx.xx.xx» —OpenVPN router is connected to

I use a WNDR3700 and an iPhone 4.

Re: VPN connected but no internet

Post by Chrisdr2001 » Fri May 01, 2015 4:53 am

cbr954rr wrote: I was in this same issue. In order for me to get it working so that my iPhone could connect to the OpenVPN server and be able to surf the internet, I had to do the following:

Add
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE — my VPN IP addressess

to what was already in my firewall which was

iptables -I INPUT 1 -p udp —dport 1194 -j ACCEPT
iptables -I FORWARD 1 —source 10.8.0.0/24 -j ACCEPT — my VPN IP addressess
iptables -I FORWARD -i br0 -o tun2 -j ACCEPT
iptables -I FORWARD -i tun2 -o br0 -j ACCEPT

Читайте также:  Безлимитный мобильный телефон интернет ростелеком

and I had to add
push «route 192.168.5.0 255.255.255.0» — LAN IP of OpenVPN router
push «dhcp-option DNS xx.xx.xx.xx» —where x’s are the DNS IPs supplied by the ISP that my
push «dhcp-option DNS xx.xx.xx.xx» —OpenVPN router is connected to

to the Additional Config box under Services-VPN in my DD-WRT router. I used the GUI to set up the server side instead of using a script file.

Not sure if this is the correct way to do it and I am currently digging to see if there is a better way but it works for me at the moment.

I know I may be late, but its an issue I am having right now with my iphone. I am a little confused where you say «push «dhcp-option DNS xx.xx.xx.xx» —OpenVPN router is connected to», please allow me to understand what you mean? Is that my 192.168.1.1 because its connected to that. or ?

Re: VPN connected but no internet

Post by notoriousdds » Mon Jun 01, 2015 3:32 pm

For what it’s worth, I had to configure my firewall a little differently than cbr954rr’s recommendation to gain access to the internet.

My router’s firewall (although allowing access to my LAN), wouldn’t forward packets onto the internet.

I had no problem resolving domain names, so I was able to simply leave «dhcp-option DNS» set to the IP of my OpenVPN server as was done here . (You can test if DNS is an issue simply by pinging «google.com» at the command line. Even if you get no response, you should see the IP being ping’ed if your domain name resolution is working. )

However, I had to replace the lines:

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -j ACCEPT

Re: VPN connected but no internet

Post by brissont » Tue Sep 08, 2015 4:09 pm

Hello all — first post here so please forgive me if I unknowingly violate any forum rules.

I’ve been having the same issue — I can access my VPN and internal LAN without any difficulty (SSH and SFTP work), but no matter what I try I can’t get Internet working while connected. NOTE: I am not using DD-WRT, but the openvpn package available through the standard Raspbian (DietPi respin) repos on a Raspberry Pi 2. I have gone through every sample configuration and tutorial I can find. Pi-specific, OpenVPN tutorials/How-To documentation, and even the DD-WRT tutorial linked earlier. I believe my config files are correct and suspect that the issue lies in my iptables configuration since everything works except Internet — can anyone spot the weak link here? I left some commented lines to indicate other options I have tried.

Читайте также:  Нью нет интернет личный кабинет

Config files are as follows:

local 192.168.1.103 dev tun proto udp port 1194 ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/.crt key /etc/openvpn/easy-rsa/keys/.key dh /etc/openvpn/easy-rsa/keys/dh2048.pem server 10.8.0.0 255.255.255.0 push "route 192.168.1.0 255.255.255.0" push "dhcp-option DNS 192.168.1.103" #push "dhcp-option DNS 8.8.8.8" #push "dhcp-option DNS 8.8.4.4" push "redirect-gateway def1" #push "remote-gateway vpn_server_ip" client-to-client duplicate-cn keepalive 10 60 tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 cipher AES-128-CBC comp-lzo user nobody group nogroup persist-key persist-tun status /var/log/openvpn-status.log 20 log /var/log/openvpn.log verb 6 
client dev tun proto udp remote resolv-retry infinite redirect-gateway def1 nobind persist-key persist-tun mute-replay-warnings ns-cert-type server key-direction 1 cipher AES-128-CBC comp-lzo verb 9 mute 20 
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:openvpn Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- 10.8.0.0/24 anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination
#!/bin/sh # Allow traffic initiated from VPN to access LAN #iptables -I FORWARD -i tun0 -o eth0 \ # -s 10.8.0.0/24 192.168.1.0/24 \ # -m conntrack --ctstate NEW -j ACCEPT # Allow traffic initiated from VPN to access "the world" # iptables -I FORWARD -i tun0 -o eth1 \ # -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT # Allow traffic initiated from LAN to access "the world" # iptables -I FORWARD -i eth0 -o eth1 \ # -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT # Allow established traffic to pass back and forth #iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED \ # -j ACCEPT # Notice that -I is used, so when listing it (iptables -vxnL) it # will be reversed. This is intentional in this demonstration. # Masquerade traffic from VPN to "the world" -- done in the nat table iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE #-o eth0 iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT iptables -I FORWARD 1 --source 10.8.0.0/24 -j ACCEPT iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT # Masquerade traffic from LAN to "the world" #iptables -t nat -I POSTROUTING -o eth0 \ # -s 192.168.1.0/24 -j MASQUERADE 

Any help/thoughts will be enormously appreciated. Let me know if I can provide anything else, and many thanks in advance to all!

Источник

Оцените статью
Adblock
detector