OpenVPN not connecting to internet... DNS issues?

openvpn

#1

That might not be best topic name but not sure what else to call it. I have OpenVPN installed on my box and it’s worked great up until yesterday. Last time I used it fine was Monday and every day before that.

I connect to it just fine on my laptop and phone, connection is successful. Just nothing will load. like websites or anything. Odd thing is that with the VPN connected, i can still use my quickbox dashboard and torrent webui’s in browser. which guess makes sense as it’s local?

Disconnect and site loads instantly. It takes it about 30 secs of thinking to load a page before browser says cannot be reached.
I have deleted my VPN profile and created a new one through dashboard and same issues. This is on all devices I have tried. Try uninstalling it or what might be issue that can’t reach internet or resolve sites?


DNS not working for VPN after CSF installed
#2

We should really be cutting over to this:

I havent had time to do it on my box yet.


#3

I had a problem a long time ago with open VPN not adding the correct rules to IPTables after a reboot.

If you don’t have too many users. Try the following troubleshooting steps.

Run the quickVPN script
Uninstall OpenVPN
Restart
Reinstall OpenVPN
test

If that works.
Reboot
Test again

If it doesn’t work after the reboot it’ll confirm you’re having the same issue I was and I’ll update with the fix


#4

I’ll give this a go shortly and see what I get.


#5

I’m now at a computer.

If after reboot you are having trouble it’s prbably to do with the routing set up.

if you add the following lines to /etc/rc.local you can fix the issue after reboots:

iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to SERVERIPADDRESS

replace SERVERIPADDRESS with your quickbox IP (e.g. 195.145.234.12)
Also, these rules assume you’re using the 10.8.0.x subnet

Hope these help


#6

Uninstall and reinstall worked. Is working as normal now. I don’t feel like messing with it at moment since it is working but will keep your post in mind if it crashes if i ever have to reboot.

Thanks for help!


#7

It’ll be the IP tables rules.

The OpenVPN script you’re using runs those IP Tables commands but they don’t persist after reboot

Before your next reboot,

run the following:

sudo nano /etc/rc.local

at the very top of the file before all the # comments insert:

iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to SERVERIPADDRESS

(remember to replace SERVERIPADDRESS with your IP)
CTRL O to save

reboot freely :slight_smile:


#8

That last line you have that ends in your serveripaddress, was already in the file, so I added the other 3 lines above it. Rebooted and did not work. So i uninstalled openVPN to start over. this is what it looks like now,

it seems to have put it under it now. As i said when i went to edit that line with youripadddress here was already in that spot. is there where the other 3 lines should be added

thanks so much for help!


#9

So is that it fixed or is it still messing about after reboots?


#10

Not working. i tried adding those lines and rebooted and did not work. Uninstalled and installed OpenVPN again and that screenshot above is what my rc.local file looks like right now when i got to edit it.


#11

There’s an app that writes the IP tables rules permanently without having to mess with rc.local

This guide is for making a VPN router with a Raspberry Pi.


The lines you’re interested in are:

sudo apt-get install iptables-persistent
The installer will ask if you want to save current rules, select Yes

If you don’t select yes, that’s fine, you can save the rules later with sudo netfilter-persistent save

Make the rules apply at startup:
sudo systemctl enable netfilter-persistent

Good luck!


#12

My complete lack of knowledge for Linux is showing as i can’t get this to work. I only have to reboot when something crashes or that. So maybe every few weeks. so will get by for now just uninstalling and installing again to get a new cert.
Really appreciate you taking time to try and help with this!


#13

Hey @Gerbil, is ipv4 ip forwarding enabled?

cat /proc/sys/net/ipv4/ip_forward

The value of this should be 1. If it is 0:

echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf
sysctl -p

#14

yes the value is one for that


#15

Hi again!

just checking how you got on with your VPN - is it still giving trouble after reboots?


#16

after checking the items above. it still does not work after reboot. so just have re-installed OpenVPN and it is good for now


#17

How do i uninstall OpenVPN, so i cant reinstall it?


#18

run the same script that you used to install it, there’s an option to remove OpenVPN :slight_smile:


#19

Thanks mate.