search

Nyr / openvpn-install

OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
MIT License
19.24k stars 4.91k forks source link

VPN connects but do not transfer any data #357

Closed slrslr closed 7 years ago

slrslr commented 7 years ago

Hello, i have: CentOS release 6.9 (Final) OpenVPN 2.4.3 x86_64-redhat-linux-gnu The openvpn-install.sh was downloaded and used yesterday: 2017-09-08

I used generated .ovpn file and i can connect vpnserver both on my windows client and on my android client too. BUT i can not ping or load any website when connected via openvpn on my clients (windows and android)

The server side log:

# service openvpn restart;sleep 5;cat /var/log/messages
Shutting down openvpn:                                     [  OK  ]
Starting openvpn:                                          [  OK  ]
Sep  9 03:09:23 hostname openvpn[22599]: event_wait : Interrupted system call (code=4)
Sep  9 03:09:23 hostname openvpn[22599]: Closing TUN/TAP interface
Sep  9 03:09:23 hostname openvpn[22599]: /sbin/ip addr del dev tun0 10.8.0.1/24
Sep  9 03:09:23 hostname openvpn[22599]: Linux ip addr del failed: external program exited with error status: 2
Sep  9 03:09:24 hostname openvpn[22599]: SIGTERM[hard,] received, process exiting
Sep  9 03:09:25 hostname openvpn[22798]: OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 21 2017
Sep  9 03:09:25 hostname openvpn[22798]: library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.03
Sep  9 03:09:25 hostname openvpn[22799]: Diffie-Hellman initialized with 2048 bit key
Sep  9 03:09:25 hostname openvpn[22799]: Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
Sep  9 03:09:25 hostname openvpn[22799]: ECDH curve secp384r1 added
Sep  9 03:09:25 hostname openvpn[22799]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sep  9 03:09:25 hostname openvpn[22799]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sep  9 03:09:25 hostname openvpn[22799]: TUN/TAP device tun0 opened
Sep  9 03:09:25 hostname openvpn[22799]: TUN/TAP TX queue length set to 100
Sep  9 03:09:25 hostname openvpn[22799]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sep  9 03:09:25 hostname openvpn[22799]: /sbin/ip link set dev tun0 up mtu 1500
Sep  9 03:09:25 hostname openvpn[22799]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Sep  9 03:09:25 hostname openvpn[22799]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Sep  9 03:09:25 hostname openvpn[22799]: Socket Buffers: R=[133120->133120] S=[133120->133120]
Sep  9 03:09:25 hostname openvpn[22799]: UDPv4 link local (bound): [AF_INET][undef]:4430
Sep  9 03:09:25 hostname openvpn[22799]: UDPv4 link remote: [AF_UNSPEC]
Sep  9 03:09:25 hostname openvpn[22799]: GID set to nobody
Sep  9 03:09:25 hostname openvpn[22799]: UID set to nobody
Sep  9 03:09:25 hostname openvpn[22799]: MULTI: multi_init called, r=256 v=256
Sep  9 03:09:25 hostname openvpn[22799]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Sep  9 03:09:25 hostname openvpn[22799]: ifconfig_pool_read(), in='client,10.8.0.2', TODO: IPv6
Sep  9 03:09:25 hostname openvpn[22799]: succeeded -> ifconfig_pool_set()
Sep  9 03:09:25 hostname openvpn[22799]: IFCONFIG POOL LIST
Sep  9 03:09:25 hostname openvpn[22799]: client,10.8.0.2
Sep  9 03:09:25 hostname openvpn[22799]: Initialization Sequence Completed
[root@hostname ~]# netstat -tlnp|grep 4430

Client side log (windows client): https://pastebin.com/Kx562wVY

ovpn file: https://pastebin.com/SXymswFT

Please which commands to do to discover cause?

t014y88 commented 7 years ago

I just downloaded today and I'm seeing the same issue.

Nyr commented 7 years ago

This often happens when the server is behind NAT and it was set up incorrectly.

See here.

slrslr commented 7 years ago

@Nyr Thx for reply. Indeed, i uninstalled openvpn using your script (bash openvpn-install.sh) and then installed again, selecting IP as "127.0.0.1" and then at the end, script said:

Looks like your server is behind a NAT! If your server is NATed (e.g. LowEndSpirit), I need to know the external IP If that's not the case, just ignore this and leave the next field blank External IP:

So i entered my server public facing IP. Then it worked! It would be good if the script somehow auto detect correct IP/NAT, because not everyone is network experienced enough to know his network interface IP is 127.0.0.1, not the already pre-filled public facing IP.

PS: i have OpenVZ VPS which have not eth0 but venet0:0 thank you

PS: for other VPS (OpenVZ, venet0:0 too) this does not work. During openvpn installation using your script, i tried 127.0.0.1 and then public IP, or public IP and then no IP, i also tried to install with just public IP entered. Not one configuration works. It login VPN server, Initialization sequence completed, shows success, but can not browse any web sites or ping from terminal. Here is the client side log: https://p@stebin.com/2W2PymTG . I tried also not only on my Ubuntu 17.04 but also on Android. But same result, connect, but do not transfer any data. @Nyr , if you can advice any command/s or want more info, please let me know.

Nyr commented 7 years ago

It would be good if the script somehow auto detect correct IP/NAT, because not everyone is network experienced enough to know his network interface IP

Not possible to do reliably.

network interface IP is 127.0.0.1

Well, 127.0.0.1 is just the loopback IP. If set up on a server behind a NAT, OpenVPN would need to listen on whatever private IP address the server has assigned, not 127.0.0.1. This IP address is usually the one auto-detected by the script in the first step and doesn't need to be changed.

PS: i have OpenVZ VPS which have not eth0 but venet0:0

Not an issue, the script doesn't care about the kind of interface you have available.

for other VPS (OpenVZ, venet0:0 too) this does not work. During openvpn installation using your script, i tried 127.0.0.1 and then public IP, or public IP and then no IP, i also tried to install with just public IP entered. Not one configuration works. It login VPN server, Initialization sequence completed, shows success, but can not browse any web sites or ping from terminal

As I explained, you need to select the private IP address assigned to the server (assuming that it is behind a NAT too). Usually this IP address is automatically filled by the script and you can just press enter, then specify the public IP at the end.

As this is not an issue with the script itself, I'd like to ask you to use the OpenVPN forums if you need further assistance.