[Not Solved]
Aug 10, 2017, 03:29 PM
(This post was last modified: Aug 10, 2017, 05:11 PM by psyko_chewbacca.)
Hi,
I'm new to this VPN thingy. I found the Split tunnel setup guide on this site. I followed it to the letter and on first try it worked. I've then had some issues with reverse proxy stuff which made me do a bunch of modification on my Ubuntu 16.04 server. Long story story short, after a reboot, the vpn tunnel opens up but I cannot ping anything aside from my own IP on tun0...
I tried remove all openvpn stuff:
And resintalling it from scratch following the Split tunneling guide. The issue still persists.
here's my openvpn.conf:
Syslog when starting openvpn@openvpn.service
At that point, doing "sudo -u vpn ping -c 3 10.35.0.21" will not do anything. Same goes for trying to ping 184.75.220.74 or 8.8.8.8 from the same user. Pinging 10.35.0.22 obviously works.
I don't know if my routes are set up properly:
Iptables rules looks OK:
Yes my if is "enp3s0" and my local IP is 192.168.0.254. "vpn" user uid is indeed 1002.
Starting a VPN session with the default config file supplied by Torguard works. I have full internet access.
I don't know what to do... Please help!
I'm new to this VPN thingy. I found the Split tunnel setup guide on this site. I followed it to the letter and on first try it worked. I've then had some issues with reverse proxy stuff which made me do a bunch of modification on my Ubuntu 16.04 server. Long story story short, after a reboot, the vpn tunnel opens up but I cannot ping anything aside from my own IP on tun0...
I tried remove all openvpn stuff:
Quote:sudo apt-get remove --purge openvpn
sudo apt-get autoremove
sudo rm -rf /etc/openvpn
sudo systemctl disable openvpn@openvpn.service
sudo systemctl daemon-reload
And resintalling it from scratch following the Split tunneling guide. The issue still persists.
here's my openvpn.conf:
Quote:client
dev tun
proto udp
remote ca.torguardvpnaccess.com 1912
remote-cert-tls server
auth SHA256
key-direction 1
setenv CLIENT_CERT 0
resolv-retry infinite
nobind
persist-key
persist-tun
tls-version-min 1.2
tls-auth /etc/openvpn/tls-auth.torguard
cipher AES-128-CBC
auth-user-pass /etc/openvpn/pass.torguard
comp-lzo adaptive
tun-mtu-extra 32
verb 1
reneg-sec 0
disable-occ
ca ca.torguard.crt
# Split tunneling stuff
route-noexec
auth-nocache
script-security 2
# up and down scripts to be executed when VPN starts or stops
up /etc/openvpn/iptables.sh
down /etc/openvpn/update-resolv-conf
Syslog when starting openvpn@openvpn.service
Quote:Aug 10 11:20:19 server systemd[1]: Started OpenVPN connection to openvpn.
Aug 10 11:20:19 server ovpn-openvpn[2627]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 10 11:20:19 server ovpn-openvpn[2627]: Control Channel Authentication: tls-auth using INLINE static key file
Aug 10 11:20:19 server ovpn-openvpn[2627]: UDPv4 link local: [undef]
Aug 10 11:20:19 server ovpn-openvpn[2627]: UDPv4 link remote: [AF_INET]184.75.220.74:1912
Aug 10 11:20:19 server ovpn-openvpn[2627]: [TG-OVPN-CA] Peer Connection Initiated with [AF_INET]184.75.220.74:1912
Aug 10 11:20:21 server ovpn-openvpn[2627]: TUN/TAP device tun0 opened
Aug 10 11:20:21 server ovpn-openvpn[2627]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Aug 10 11:2010.35.0.21:21 server ovpn-openvpn[2627]: /sbin/ip link set dev tun0 up mtu 1500
Aug 10 11:20:21 server ovpn-openvpn[2627]: /sbin/ip addr add dev tun0 local 10.35.0.22 peer 10.35.0.21
Aug 10 11:20:21 server ovpn-openvpn[2627]: /etc/openvpn/iptables.sh tun0 1500 1602 10.35.0.22 10.35.0.21 init
Aug 10 11:20:21 server ovpn-openvpn[2627]: Initialization Sequence Completed
At that point, doing "sudo -u vpn ping -c 3 10.35.0.21" will not do anything. Same goes for trying to ping 184.75.220.74 or 8.8.8.8 from the same user. Pinging 10.35.0.22 obviously works.
I don't know if my routes are set up properly:
Quote:sudo route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 enp3s0
10.35.0.21 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp3s0
Iptables rules looks OK:
Quote:sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-A INPUT -i tun0 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i tun0 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -m owner --uid-owner 1002 -j ACCEPT
-A OUTPUT -o tun0 -m owner --uid-owner 1002 -j ACCEPT
-A OUTPUT ! -s 192.168.0.254/32 -o enp3s0 -j REJECT --reject-with icmp-port-unreachable
Yes my if is "enp3s0" and my local IP is 192.168.0.254. "vpn" user uid is indeed 1002.
Starting a VPN session with the default config file supplied by Torguard works. I have full internet access.
I don't know what to do... Please help!