OpenVPN connects to internet, but internet does not work

Kernels & Hardware, configuring network, installing services

OpenVPN connects to internet, but internet does not work

Postby michael_a » 2017-11-11 03:22

I'm trying to connect to a VPN server using OpenVPN on Debian stretch/stable. The documentation for this company's VPN say to run

Code: Select all
sudo openvpn [file name]

where the file is an authentication file for one of their servers, e.g. us1020.nordvpn.com.tcp.ovpn. However, once I do this, my internet doesn't connect. On Windows, their VPN client works, so I'm fairly confident it's not my router or their servers. After searching online for a while, I couldn't find any solution, but I'm including information that might be helpful to debug this, per other forum posts.


Routing table without the VPN:
Code: Select all
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 enp0s31f6
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 enp0s31f6


Routing table with the VPN:
Code: Select all
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.7.7.1        128.0.0.0       UG        0 0          0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 enp0s31f6
10.7.7.0        0.0.0.0         255.255.255.0   U         0 0          0 tun0
38.132.111.195  192.168.1.1     255.255.255.255 UGH       0 0          0 enp0s31f6
128.0.0.0       10.7.7.1        128.0.0.0       UG        0 0          0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 enp0s31f6


ifconfig on my ethernet interface, with the VPN running
Code: Select all
enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.108  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::529a:4cff:fe51:2904  prefixlen 64  scopeid 0x20<link>
        ether 50:9a:4c:51:29:04  txqueuelen 1000  (Ethernet)
        RX packets 311291  bytes 369763756 (352.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 225890  bytes 64590566 (61.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xf7100000-f7120000


ifconfig on the tunnel, with the VPN running
Code: Select all
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.7.7.213  netmask 255.255.255.0  destination 10.7.7.213
        inet6 fe80::6f6e:4807:2bb8:3a9d  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100
 (UNSPEC)
        RX packets 24  bytes 1872 (1.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 150  bytes 33452 (32.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0




I ran the following commands, shamelessly stolen from an Ubuntu forums post (that didn't solve the problem)
Code: Select all
ifconfig
route -n
cat /etc/resolv.conf
ping -c3 91.189.94.186
ping -c3 ubuntuforums.com


with the VPN running:
Code: Select all
user@workstation:~$ sudo ifconfig
enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.108  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::529a:4cff:fe51:2904  prefixlen 64  scopeid 0x20<link>
        ether 50:9a:4c:51:29:04  txqueuelen 1000  (Ethernet)
        RX packets 311492  bytes 369786355 (352.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 226082  bytes 64646658 (61.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xf7100000-f7120000 

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 254  bytes 12964 (12.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 254  bytes 12964 (12.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.7.7.213  netmask 255.255.255.0  destination 10.7.7.213
        inet6 fe80::6f6e:4807:2bb8:3a9d  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 48  bytes 3640 (3.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 211  bytes 43492 (42.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Code: Select all
user@workstation:~$ sudo route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.7.7.1        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 enp0s31f6
10.7.7.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
38.132.111.195  192.168.1.1     255.255.255.255 UGH   0      0        0 enp0s31f6
128.0.0.0       10.7.7.1        128.0.0.0       UG    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 enp0s31f6

Code: Select all
user@workstation:~$ cat /etc/resolv.conf
domain hsd1.il.comcast.net.
search hsd1.il.comcast.net.
nameserver 75.75.75.75
nameserver 75.75.76.76

Code: Select all
user@workstation:~$ ping -c3 91.189.94.186
PING 91.189.94.186 (91.189.94.186) 56(84) bytes of data.
From 91.189.88.5 icmp_seq=1 Destination Host Unreachable
From 91.189.88.5 icmp_seq=2 Destination Host Unreachable
From 91.189.88.5 icmp_seq=3 Destination Host Unreachable

--- 91.189.94.186 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2026ms
pipe 3

Code: Select all
user@workstation:~$ ping -c3 ubuntuforums.com
ping: ubuntuforums.com: Temporary failure in name resolution

Code: Select all
user@workstation:~$ sudo iptables-save -c


and without the VPN running:
Code: Select all
user@workstation:~$ sudo ifconfig
enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.108  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::529a:4cff:fe51:2904  prefixlen 64  scopeid 0x20<link>
        ether 50:9a:4c:51:29:04  txqueuelen 1000  (Ethernet)
        RX packets 312106  bytes 369851244 (352.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 226685  bytes 64736218 (61.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xf7100000-f7120000 

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 254  bytes 12964 (12.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 254  bytes 12964 (12.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Code: Select all
user@workstation:~$ sudo route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 enp0s31f6
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 enp0s31f6

Code: Select all
user@workstation:~$ cat /etc/resolv.conf
domain hsd1.il.comcast.net.
search hsd1.il.comcast.net.
nameserver 75.75.75.75
nameserver 75.75.76.76

Code: Select all
user@workstation:~$ ping -c3 91.189.94.186
PING 91.189.94.186 (91.189.94.186) 56(84) bytes of data.
From 91.189.88.5 icmp_seq=1 Destination Host Unreachable
From 91.189.88.5 icmp_seq=2 Destination Host Unreachable
From 91.189.88.5 icmp_seq=3 Destination Host Unreachable

--- 91.189.94.186 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2025ms
pipe 3

Code: Select all
user@workstation:~$ ping -c3 ubuntuforums.com
PING ubuntuforums.com (91.189.94.16) 56(84) bytes of data.
64 bytes from marula.canonical.com (91.189.94.16): icmp_seq=1 ttl=47 time=107 ms
64 bytes from marula.canonical.com (91.189.94.16): icmp_seq=2 ttl=47 time=107 ms
64 bytes from marula.canonical.com (91.189.94.16): icmp_seq=3 ttl=47 time=108 ms

--- ubuntuforums.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 107.151/107.931/108.934/0.791 ms

Code: Select all
user@workstation:~$ sudo iptables-save -c


What am I doing wrong? Are there other diagnostics I should run?
michael_a
 
Posts: 28
Joined: 2016-05-03 13:59

Re: OpenVPN connects to internet, but internet does not work

Postby gradinaruvasile » 2017-11-11 05:57

First of all you have to test the connectivity to your default gateway:
Code: Select all
ping 10.7.7.1

Does that work?
After that ping something from the net such as Google's DNS 8.8.8.8

Then ping your DNS servers.
And run DNS queries on them to see if they work:
Code: Select all
host www.google.com

Some providers restrict DNS queries to their own networks so if you go out via the vpn, the queries will come from whatever IP address the vpn provider NAT's your outgoing packets through.
User avatar
gradinaruvasile
 
Posts: 935
Joined: 2010-01-31 22:03
Location: Cluj, Romania

Re: OpenVPN connects to internet, but internet does not work

Postby michael_a » 2017-11-12 01:00

Pinging the default gateway does work
Code: Select all

user@workstation:~$ ping -c3 10.7.7.1
PING 10.7.7.1 (10.7.7.1) 56(84) bytes of data.
64 bytes from 10.7.7.1: icmp_seq=1 ttl=64 time=44.1 ms
64 bytes from 10.7.7.1: icmp_seq=2 ttl=64 time=44.1 ms
64 bytes from 10.7.7.1: icmp_seq=3 ttl=64 time=45.1 ms

--- 10.7.7.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 44.106/44.464/45.152/0.515 ms


as does pinging Google's DNS server
Code: Select all
user@workstation:~$ ping -c3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=44.3 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=114 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=58 time=46.6 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 44.324/68.342/114.095/32.366 ms


and the nameservers I have set in /etc/resolv.conf
Code: Select all
user@workstation:~$ ping -c3 75.75.75.75
PING 75.75.75.75 (75.75.75.75) 56(84) bytes of data.
64 bytes from 75.75.75.75: icmp_seq=1 ttl=55 time=82.3 ms
64 bytes from 75.75.75.75: icmp_seq=2 ttl=55 time=47.3 ms
64 bytes from 75.75.75.75: icmp_seq=3 ttl=55 time=60.9 ms

--- 75.75.75.75 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 47.345/63.579/82.394/14.426 ms


However, when I try to resolve a domain, I get an error
Code: Select all
user@workstation:~$ host www.google.com
Host www.google.com not found: 5(REFUSED)


Since it looked like the DNS servers were the problem, I contacted the VPN provider and they gave me DNS servers to use. Updating /etc/resolv.conf with those solves the problem. So, thank you!
michael_a
 
Posts: 28
Joined: 2016-05-03 13:59

Re: OpenVPN connects to internet, but internet does not work

Postby reinob » 2017-11-12 14:02

michael_a wrote:Since it looked like the DNS servers were the problem, I contacted the VPN provider and they gave me DNS servers to use. Updating /etc/resolv.conf with those solves the problem. So, thank you!


Most ISPs refuse to resolve DNS for random strangers (in your case, from your VPN provider).
As you found out, either your VPN provider lets you use their DNS (which makes sense if you want to avoid leaking DNS..), or you use a public DNS (such as 8.8.8.8), which informs google of all your (look-up) activities.

You may or may not trust google more or less than your VPN provider. That's up to you, of course.
reinob
 
Posts: 520
Joined: 2014-06-30 11:42


Return to System configuration

Who is online

Users browsing this forum: langrad and 8 guests

fashionable