OpenVPN connecting but no internet access on Ubuntu 16.04 / 18.04 / 20.04
I’m trying to connect to a VPN using OpenVPN. I tried using network-manager with OpenVPN plugin and tried too in terminal with ovpn.conf file. Everything connects (it says connection established ) in terminal, but no internet access. I can ping anything, not even the gateway of the tunnel.
Here is what I tried
Tried ticked the option under VPN configaration > IPv4 > routes > use this connection only for resources on its network . After this, the internet worked again and the VPN shows connected. But my traffic is not encrypted and IP and location still the same. At last, I tried —redirect-gateway option, still no use.
I’m out of my league now. Please help. Thanks for reading!
Please, put output in you question from command traceroute 8.8.8.8 when you are connected to vpn and also output form command route -n when you are connected.
10 Answers 10
I’m using the gnome network manager with OpenVPN Network Manager plugin.
sudo apt-get install network-manager-openvpn-gnome My connection is working fine if I try directly with OpenVPN. But if I try using Network Manager, it works, but no internet access.
To fix this, edit the OpenVPN connection configuration on Network Manager and click in IPv4 Settings tab, then click in Routes button:
Then mark Use this connection only for resources on its network .
Click Ok , then Save and reconnect.
While this allows internet access, your internet access won’t be encrypted if you do this, correct? I tried this and it was showing my actual IP in browser tests.
No. As far as I can tell it is an Ubuntu 18.04 issue. There is not one solution for all, Ive tried things that worked for others and didnt work for me.
i fixed the openvpn no internet issue also
first completely remove openvpn and autoremove after that then add ppa as shown in the link and execute the commands one by one then yu should be good to go .. and if no dns issue add opendns at resolv.conf its 202.67.222.222 and 208.67.220.220 the link
yup i never found a working thread for this . but nice to know my half assed meddling help somebody . much appreciated man :’)
If you don’t want to route normal traffic through vpn, then there is absolutely no need to install extra ppa’s and different builds. The current networkmanager plugin works fine via the GUI: myopenvpn -> Edit -> IPv4 Settings > Routes > enable «Use this connection only for resources on its network«. The answer from @Rael should be the accepted one.
@ccpizza The question and OP are deliberately asking for all network traffic to be routed through the VPN. Thus Rael’s answer should not be the accepted one here, even if it is what most people who land here are looking for.
Problem makes routes. To be precise, default route.
First, if you wish to route all traffic trough vpn in NM you do not check option «use this connection only for resources on its network».
Second problem is route about default gw
0.0.0.0 10.211.1.2 128.0.0.0 UG 0 0 0 tun0
Problem can fix with manual adding route or check configuration on vpn server.
To set manual route for all traffic go to tun0 after connecting to vpn put command
ip route add default via ip_address_of_vpn_server Wait, you can add default route aka default, if you wish traffic go to wlan0 with command
sudo ip route add default via 172.16.156.65
or for traffic routing through vpn
sudo ip route add default via 10.211.1.2
After that you can add more route
Example, if you wont to go to 106.158.15.233 via wlan0
ip route add 106.158.15.233/32 via 172.16.156.65 dev wlan0 ip route add 106.158.15.233/32 via 10.211.1.2 dev tun0 172.16.156.65 is address of your wifi router
10.211.1.2 is address of your vpn server
And now something completely different. Remove any configuration for vpn, client, config in NM . After that restart pc. This will back us on begining. We will get clear routing table. Try agan with NM . When you connected give me output from route -n .
did it and gave the output in EDIT 2 thanks for bearing with me .. just cant get internet through vpn and dont want to go back to windows .i should mention again it worked few times rather than that no connectivity
Ok, now we are clean. Your wifi router is on 172.16.156.65 . Now create connection to vpn server in NM . Go to NM then vpn then add vpn server address, user, pass. If work this is it if not. When you are connected do route -n We must see with route add vpn.
You can simply solve this issue by turning on your firewall. In Linux Mint, i went to Firewall Configuration and turned on the Firewall. After that I connected VPN and there was no problem. I hope that helps.
I know this is old but I dont have a working solve to this problem from this thread and have a similar problem.
Here is my problem. I downloaded my openVPN keys from my router. installed on Linuxmint Virtual machine and ElementaryOS both Virtual and Host OS on a laptop.. Both versions give the same problem. VPN connects but has absolutely no traffic through it. Enabling «use this connection only for resources on its network» is completely useless and i still don’t get access to the vpn network resources anyways. scratch that.
Here is what I did.. I noticed some said when they connected via command line vpn seemed to work. the problem must resides in the fact you can not import the openVPN configuration. so i pulled out my trusty text editor opened the openvpn .conf file. I noticed in the openvpn connection profile it had an «advanced» tab. with lots of various options. So I attempted to translate all the config options into the advanced tab and what do you know. it worked.
So i did it again on the laptop with a different distro.. I changed options One by One this time checking the vpn each time and the vpn started functioning after i configured the compression.
Under Connection Settings VPN > Advanced button > Check Use LZO Data Compression (I set to adaptive) and the tunnel started functioning no issues and «My IP» shows as the vpn router’s external IP.
There is no special configs or firewall or anything in my experience. Just need to set all the options the same as the config file and you can use the built in network manager to handle it.
pptpd VPN: No internet access after connecting
I’ve followed the instructions in this tutorial to set up a vpn server, so that I can connect to that and surf the internet virtually from another location. So far from windows, I can connect to it but there is no internet access. The ip addresses that I used in the conf file is exactly the same as in the tutorial
localip 192.168.0.1 remoteip 192.168.0.100-200 Same for the DNS which is 8.8.8.8. (Everything you need to know about what I’ve done is already in that link) What do you think could be the problem ?
@meccooll: Sorry for my previous comment, that netstat worked like a magic. I’m through now but HTTPS websites not getting opened, the browser says SSL Connection Problem, do you have any idea ?
3 Answers 3
If your main purpose of setting up the VPN server is to access website, So traffic has to be forwarded out of the VPN server’s public network interface.Thus, kindly enable port forwarding by editing the sysctl.conf file. I assume “net.ipv4.ip_forward” is commented in the /etc/sysctl.conf file:
Add or find and comment out the following line
Save, close the file and run the following command to make the changes take effect.
The following iptables firewall rules allow port 1723, GRE and perform NAT
iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT iptables -I INPUT -p gre -j ACCEPT iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE In the last rule replace “eth0″ with the interface connecting to the internet on your VPN server. Finally the following rule is required to ensure websites load properly
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s 172.20.1.0/24 -j TCPMSS --clamp-mss-to-pmtu Replace 172.20.1.0/24 with the IP address range used in the “remoteip” option in the /etc/pptpd.conf this firewall rule is used to ensure a proper MTU value is used to prevent fragmentation.
The following command solved my problem (No internet) using PPTPD on Ubuntu 14.x
iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT iptables -I INPUT -p gre -j ACCEPT iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s 10.0.0.0/24 -j TCPMSS --clamp-mss-to-pmtu sudo iptables-save sudo iptables -P FORWARD ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables-save Please note: I used this IP address range 10.0.0.0/24 in my /etc/pptpd.conf use the range that matches your config as well.
We had identical symptoms, but all the Iptables where set as above. It was possible to connect, the connection was stable, it did allow to login to the pptp server via ssh and, in the remote machine, even to resolve DNS (noticeable via browers and ping — as it did resolve correctly the IP), but webpages did not load, neither was possible to connect to other severs via ssh. This made clear that the tunnel was ok to the pptp server.
The problem was the fact that I had in this machine two independent up-links exposed to internet (ie. mainInf and support), both configured via netplan (no problem with that) but, despite connecting to the pptp server using the IP address of the 1st up-link (i-face called mainInf), my default gateway was running in the seccond up-link (support).
The solution was to adjust the NAT to the correct output gateway and that allowed packets to reach other servers it was initially (not working)
iptables -t nat -I POSTROUTING -o mainInf -j MASQUERADE (have in your mind that, in our case, the connection to the pptp server is via an IP allocated in the mainInf adapter/uplink) and after changing to the same adapter/uplink as the default gateway (support), it worked:
iptables -t nat -I POSTROUTING -o support -j MASQUERADE Hence, if you can stability the VPN connection, ping or connect the pptp server (via ssh in our case), but cannot reach any IP that is not in that server, you probably have a routing/forwarding issue.
4 helpful commands for troubleshoting:
- watch iptables -t nat -L -nv
- watch iptables -L -nv
- route -n
- tcpdump -i -s 0 tcp port 1723 or proto 47 (read more here)
Как настроить доступ к интернету после подключения VPN на Linux?
Доброго времени суток!
Столкнулся с такой проблемой, на работе для удаленного доступа используется vpn с протоколом PPTP. После подключения к сети по vpn на компьютере пропадает интернет. На винде эта проблема решается, если убрать галочку у пункта «Использовать основной шлюз удаленной сети», но как на Linux исправить данную ситуацию?
Указать основной шлюз на Linux.
Обычно это 192.168.1.1 в подавляющем большинстве случаев.
Короче, default gw выставить ваш обычный, не от VPN.
Если настраиваете через GUI, то отметить «Использовать только для ресурсов этой сети» (Use this connection only for resources on its network)
Если сами в конфиги залезли, то убрать defaultroute/replacedefaultroute
LVitA, как выглядят адреса офиса? Что показывает ip r?
Похоже нужно добавить маршрут для офисной сети. Вероятно вам проще будет выяснить какой это должен быть маршрут у вашего системного администратора.
neol, адрес офиса 192.168.0.3
выхлоп ip r:
default via 192.168.1.1 dev wlp2s0 proto dhcp metric 600
109.167.215.39 via 192.168.1.1 dev wlp2s0 src 192.168.1.4
109.167.215.39 via 192.168.1.1 dev wlp2s0 proto static metric 600
169.254.0.0/16 dev docker0 scope link metric 1000 linkdown
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-9d5f5fed16e8 proto kernel scope link src 172.18.0.1
172.21.0.0/16 via 192.168.1.1 dev wlp2s0
192.168.0.254 dev ppp0 proto kernel scope link src 192.168.0.230 metric 50
192.168.1.0/24 dev wlp2s0 proto kernel scope link src 192.168.1.4 metric 600
192.168.1.1 dev wlp2s0 proto static scope link metric 600