OpenVPN not connecting to internet... DNS issues?

Gerbil · November 10, 2016, 10:21pm

That might not be best topic name but not sure what else to call it. I have OpenVPN installed on my box and it’s worked great up until yesterday. Last time I used it fine was Monday and every day before that.

I connect to it just fine on my laptop and phone, connection is successful. Just nothing will load. like websites or anything. Odd thing is that with the VPN connected, i can still use my quickbox dashboard and torrent webui’s in browser. which guess makes sense as it’s local?

Disconnect and site loads instantly. It takes it about 30 secs of thinking to load a page before browser says cannot be reached.
I have deleted my VPN profile and created a new one through dashboard and same issues. This is on all devices I have tried. Try uninstalling it or what might be issue that can’t reach internet or resolve sites?

RXWatcher · November 10, 2016, 10:37pm

We should really be cutting over to this:

I havent had time to do it on my box yet.

valkyre14 · November 11, 2016, 8:41am

I had a problem a long time ago with open VPN not adding the correct rules to IPTables after a reboot.

If you don’t have too many users. Try the following troubleshooting steps.

Run the quickVPN script
Uninstall OpenVPN
Restart
Reinstall OpenVPN
test

If that works.
Reboot
Test again

If it doesn’t work after the reboot it’ll confirm you’re having the same issue I was and I’ll update with the fix

Gerbil · November 11, 2016, 3:39pm

I’ll give this a go shortly and see what I get.

valkyre14 · November 11, 2016, 4:39pm

I’m now at a computer.

If after reboot you are having trouble it’s prbably to do with the routing set up.

if you add the following lines to /etc/rc.local you can fix the issue after reboots:

iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to SERVERIPADDRESS

replace SERVERIPADDRESS with your quickbox IP (e.g. 195.145.234.12)
Also, these rules assume you’re using the 10.8.0.x subnet

Hope these help

Gerbil · November 11, 2016, 11:58pm

Uninstall and reinstall worked. Is working as normal now. I don’t feel like messing with it at moment since it is working but will keep your post in mind if it crashes if i ever have to reboot.

Thanks for help!

valkyre14 · November 12, 2016, 12:07am

It’ll be the IP tables rules.

The OpenVPN script you’re using runs those IP Tables commands but they don’t persist after reboot

Before your next reboot,

run the following:

sudo nano /etc/rc.local

at the very top of the file before all the # comments insert:

iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to SERVERIPADDRESS

(remember to replace SERVERIPADDRESS with your IP)
CTRL O to save

reboot freely

Gerbil · November 28, 2016, 11:47pm

That last line you have that ends in your serveripaddress, was already in the file, so I added the other 3 lines above it. Rebooted and did not work. So i uninstalled openVPN to start over. this is what it looks like now,

it seems to have put it under it now. As i said when i went to edit that line with youripadddress here was already in that spot. is there where the other 3 lines should be added

thanks so much for help!

valkyre14 · November 29, 2016, 1:26am

So is that it fixed or is it still messing about after reboots?

Gerbil · November 29, 2016, 5:59am

Not working. i tried adding those lines and rebooted and did not work. Uninstalled and installed OpenVPN again and that screenshot above is what my rc.local file looks like right now when i got to edit it.

valkyre14 · November 29, 2016, 7:06am

There’s an app that writes the IP tables rules permanently without having to mess with rc.local

This guide is for making a VPN router with a Raspberry Pi.

gist.github.com

https://gist.github.com/superjamie/ac55b6d2c080582a3e64

raspberry-pi-vpn-router.md

# Raspberry Pi VPN Router

This is a quick-and-dirty guide to setting up a Raspberry Pi as a "[router on a stick](https://en.wikipedia.org/wiki/One-armed_router)" to [PrivateInternetAccess](http://privateinternetaccess.com/) VPN.

## Requirements

Install Raspbian Jessie (`2016-05-27-raspbian-jessie.img`) to your Pi's sdcard.

Use the **Raspberry Pi Configuration** tool or `sudo raspi-config` to:

This file has been truncated. show original

The lines you’re interested in are:

sudo apt-get install iptables-persistent
The installer will ask if you want to save current rules, select Yes

If you don’t select yes, that’s fine, you can save the rules later with sudo netfilter-persistent save

Make the rules apply at startup:
sudo systemctl enable netfilter-persistent

Good luck!

Gerbil · November 29, 2016, 10:49pm

My complete lack of knowledge for Linux is showing as i can’t get this to work. I only have to reboot when something crashes or that. So maybe every few weeks. so will get by for now just uninstalling and installing again to get a new cert.
Really appreciate you taking time to try and help with this!

liza · November 30, 2016, 12:44am

Hey @Gerbil, is ipv4 ip forwarding enabled?

cat /proc/sys/net/ipv4/ip_forward

The value of this should be 1. If it is 0:

echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf
sysctl -p

Gerbil · November 30, 2016, 1:32am

yes the value is one for that

valkyre14 · December 8, 2016, 9:47am

Hi again!

just checking how you got on with your VPN - is it still giving trouble after reboots?

Gerbil · December 10, 2016, 7:30pm

after checking the items above. it still does not work after reboot. so just have re-installed OpenVPN and it is good for now

From27501 · March 3, 2017, 2:17pm

How do i uninstall OpenVPN, so i cant reinstall it?

valkyre14 · March 3, 2017, 3:32pm

run the same script that you used to install it, there’s an option to remove OpenVPN

From27501 · March 3, 2017, 3:54pm

Thanks mate.