Closed Patlol closed 7 years ago
Salut Patlol ;)
ping google.com don't work ping 79.137.33.190 work (ip of google.com)
If think you have a problem with your DNS resolver. You can check the servers set on your client (Mint) in /etc/resolv.conf
.
I have an error in running openvpn client1.ovpn : Unrecognized option or missing parameter(s) in client1.ovpn:15: block-outside-dns (2.3.10)
Can you paste line 15 of your client1.ovpn ?
You can use -vn
option of iptables for more visibility and if your rules match, -v
for verbose and -n
for numeric.
Look like this exemple:
# iptables -L INPUT
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere /* loopback */
ACCEPT icmp -- anywhere anywhere /* ping */
[...]
ACCEPT tcp -- AMontsouris-652-1-152-129.w86-212.abo.wanadoo.fr anywhere tcp dpt:8083 /* toshi influxdb */
[...]
# iptables -L INPUT -vn --line
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 3087M 1479G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 5866K 311M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 /* loopback */
3 3139K 110M ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 /* ping */
[...]
12 0 0 ACCEPT tcp -- * * 86.212.15.129 0.0.0.0/0 tcp dpt:8083 /* toshi influxdb */
[...]
My ICMP (ping) rule have accepted 3139K packets and 0 for "toshi influxdb".
And if you want to verify that there is traffic on your vpn tunnel, use the tcpdump tool.
mint $ ping 79.137.33.190
debian # tcpdump -ni tun0 src 10.8.0.0/24
Bonjour Doc. Thank for your reply.
If think you have a problem with your DNS resolver.
I use a box "free box v6". Cat of the local file:
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
On my box I have that
serveur DNS 1 : 80.67.169.12
serveur DNS 2 : 80.67.169.40
Can you paste line 15 of your client1.ovpn ?
$ sed -n "15 p" client.ovpn setenv opt block-outside-dns
And if you want to verify that there is traffic on your vpn tunnel, use the tcpdump tool.
local:
sudo openvpn --config client.ovpn
ping 79.137.33.190
# end of the test:
98 packets transmitted, 98 received, 0% packet loss, time 97141ms
remote:
$ sudo tcpdump -ni tun0 src 10.8.0.0/24
tcpdump: Mask syntax for networks only
$ sudo tcpdump -ni tun0 src 10.8.0.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
$
This is not surprising
Patlol,
Replace your nameserver IP by your freebox lan IP ;)
nameserver 192.168.1.1
Comment setenv opt block-outside-dns
and add this line block-outside-dns
. Restart your client and tell me if you have error.
Try this ;)
$ sudo tcpdump -ni tun0 net 10.8.0.0/24
$ # or
$ sudo tcpdump -ni tun0 icmp
Bonjour Patlol,
After up your tunnel, can you check route table on your client?
$ sudo route -n
I think your default route is not set for use openvpn server in next hop.
Comment setenv opt block-outside-dns and add this line block-outside-dns. Restart your client and tell me if you have error.
# setenv opt block-outside-dns
There is no longer an error message, but the problem is still there
Replace your nameserver IP by your freebox lan IP ;)
By modifying resolv.conf it works !!! The great mystery is that I do not remember modified this file ...
sudo nohup openvpn --config pat.ovpn &
:+1:
Uncommenting the line setenv opt block-outside-dns
I have the error message in nohup.out, but the vpn is working
Thank you very much DrXala With all the tests that you have given me, I hope I can fend for myself next time !!! :)
J'ai bon espoir! Si besoin, n'hésites pas à me demander en mp ;)
PS: tu peux fermer cet issue :)
The right procedure for posterity I remind you that these manipulations are on the local station
If I modify the file /etc/resolv.conf
manually, I lose the changes to the reboot!
It is also specified in comment on the file :)
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
and resolvconf
does not change anything in my case
The correct procedure is as follows (on root or with sudo):
# ifconfig
To find the right network interface, for me enp5s0
Add or edit in /etc/network/interfaces
auto lo
iface lo inet loopback
auto enp5s0
iface enp5s0 inet dhcp
dns-nameservers 192.168.0.254
with 192.168.0.254 the box lan ip on my config, to adapt to your configuration Cut and then restart the interface
# ifdown --force enp5s0
# ifup --force enp5s0
The file resolv.conf
is always the same, but the vpn work.
After a reboot we have:
# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.0.254
nameserver 80.67.169.12
nameserver 80.67.169.40
Where do the ip 80.67.169.xx come from? I do not know .. It is the dns servers parameterized on my box
And the vpn work !!!!
Hello, I have installed openVpn with Angristan's script on a ovh vps server under debian 8.7 (same thing on Ubuntu 16.04.2 LTS) After launching the client locally (linux mint 18), I no longer have access from the local post to the url, only to IP ie
ping google.com
don't workping 79.137.33.190
work (ip of google.com) My ip is not modified by the vpn I have an error in runningopenvpn client1.ovpn
:Unrecognized option or missing parameter(s) in client1.ovpn:15: block-outside-dns (2.3.10)
but in the end i haveInitialization Sequence Completed
ping 10.8.0.1
on local works,ping 10.8.0.2
on the server does not receive any packets. ok vu #17 On remote It's ok for both ping. And i havelocal firewall cut, is ok on the server on the filter and nat tables:
This script worked perfectly a few weeks ago on my previous tests.