search

Nyr / openvpn-install

OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
MIT License
19.24k stars 4.91k forks source link

CentOS 7 unable to access internet after connecting to VPN #469

Closed JMoVS closed 6 years ago

JMoVS commented 6 years ago

Hi,

(thank you for this amazing script first!). I have the problem that I deleted a working version of this script, downloaded a new one and removed the openvpn server, installed it again and now when I connect with a client, get connected to the VPS but no traffic goes through to the internet. Any ideas what might be the culprit?

apoleo88 commented 6 years ago

Hi,

After some routine updates to my centos 7 I had the same issue: Connected but without internet access. I run again the script on the server, removed and reinstalled, nothing changed.

During the installation this errors show up:

3973 Error: COMMAND_FAILED Error: COMMAND_FAILED success success Error: COMMAND_FAILED success 102

Nyr commented 6 years ago

@JMoVS if you uninstalled using a different version of the script of what you used for the initial setup, unexpected behaviour could happen. That said, nothing should break, only some components could not be removed.

Take a look at your firewall rules and see that they are configured correctly. The script uses this:

firewall-cmd --zone=public --add-port=$PORT/$PROTOCOL
firewall-cmd --zone=trusted --add-source=10.8.0.0/24
firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
# To make them persistent just add --permanent:
firewall-cmd --permanent --zone=public --add-port=$PORT/$PROTOCOL
firewall-cmd --permanent --zone=trusted --add-source=10.8.0.0/24
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP

@apoleo88 did those routine updates change the kernel? Anyway you need to check the firewalld log, there is an issue there.

I am closing this issue because in both situations you guys are not using a clean system, which makes it very likely that the issue is not with the script but elsewhere. But please, report if you manage to troubleshoot this.

JMoVS commented 6 years ago

this was a super weird bug. Turns out Tunnelblick on my Mac somehow acted up and I got a bad version. After updating to a beta version, it worked again. I realised this while trying out the mobile client on iOS (which works flawelessly)

JMoVS commented 6 years ago

@Nyr Any plans to tackle more items on the "future" list bug? Eg new compression etc?

Nyr commented 6 years ago

@JMoVS probably soon, but not yet, because they break compatibility with old OpenVPN versions. There are some things in the works, but the direction of this project has always been relatively conservative towards stability and compatibility, not towards the newest and shiniest.

JMoVS commented 6 years ago

did you ever consider having a different branch for new stuff? Eg IPv6 (which doesn't even show up on the future list but could be useful for people with IPv4 network to tunnel through to a VPS to have IPv6 internet)?

Nyr commented 6 years ago

@JMoVS bleeding edge branch - no, too much work and everyone would want some different feature not already included.

IPv6 - no promises but is one of the most common requests and it is crystal clear to me that a decent amount of users want it. Nothing more to announce at the moment, but it is something which I'm taking into account for the future.