Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Can anyone explain why traffic is blocked as soon as I run openvpn on contabo server?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Can anyone explain why traffic is blocked as soon as I run openvpn on contabo server?

lowendguy7lowendguy7 Member
edited May 2019 in Help

In the past I had openvpn issues on new servers but these were usually due to the tun/tap thing but when that was the case openvpn won't start at all but openvpn initiates fine but once it starts no traffic will go through. Tun also shows active on ip addr show

I thought some firewall issue but I disabled ufw and it still doesn't work.

Openvpn is showing successful initialization in the terminal output.

I tried both opening a webpage and wget webpage and neither will work until I turn off the vpn and then it immediately works again.

So what can be causing the blockage?

I often see debugging networking to use traceroute/tracepath but these don't even work for me when the internet is working fine- either on my desktop or the server- it just hangs no reply even though the internet connection is working perfectly well (when openvpn isn't running of course); so I don't find that a good diagnostic when it won't even work reliably when the internet is fine.

Comments

  • netomxnetomx Moderator, Veteran

    Have you enabled ip forwarding?

    Thanked by 1lowendguy7
  • psb777psb777 Member

    Sounds like a routing issue.

    Assuming you're running OpenVPN as a client on the server, it will probably change the default route, and thus appears unreachable from its "real" IP address.

    Thanked by 1lowendguy7
  • lowendguy7lowendguy7 Member
    edited May 2019

    @netomx said:
    Have you enabled ip forwarding?

    No.

    @psb777 said:
    Sounds like a routing issue.

    Assuming you're running OpenVPN as a client on the server, it will probably change the default route, and thus appears unreachable from its "real" IP address.

    Are these both the same issue? And so how to go about solving? Never remember doing these extra steps with other servers, just saying since I have no experience with that thus far. And yest talking about running as client; forgot about that distinction.

    Ah I see there is documentation on openvpn website on ip forwarding, I will read that now.

    EDIT: I just did

    # sysctl -a | grep forward

    and it was disabled

    and then

    # sysctl net.ipv4.ip_forward=1

    as per advised in the arch wiki (I am using arch) but still didn't work. I presume you don't need a reboot for that? since the article didn't say so. I am rushing things now anyway as I have to go out in a sec. I will take more time on this a little later.

  • solairesolaire Member

    Did you setup iptables, particularly the MASQUERADE?

  • netomxnetomx Moderator, Veteran

    solaire said: Did you setup iptables, particularly the MASQUERADE?

    or the SNAT

  • lowendguy7lowendguy7 Member
    edited May 2019

    @solaire said:
    Did you setup iptables, particularly the MASQUERADE?

    No I didn't so far I have only set a systemd unit saved to allow ssh over openvpn

    [Install]
WantedBy=multi-user.target

[Unit]
Requires=network-online.target
After=network-online.target

[Service]
Type=oneshot
ExecStart=/usr/bin/ip rule add from *ADD-SERVER-IP* table 128
ExecStart=/usr/bin/ip route add table 128 to *SUBNET* dev *DEVICE*
ExecStart=/usr/bin/ip route add table 128 default via *GATEWAY*

    That is all I have set so far. I seem to remember some settings I set on other servers in the past about masquerade but would have no idea how to set them again and I haven't found them saved on my computer.

  • lowendguy7lowendguy7 Member

    EDIT: ah I see this seems to have all I want. I will work through it properly tommorow.

  • netomxnetomx Moderator, Veteran
    edited May 2019 
    iptables -t nat -A POSTROUTING -s YOURVPNSUBNET/24 -j SNAT --to-source [YOUR VPS IP ADDRESS]
  • lowendguy7lowendguy7 Member

    @netomx said:

    iptables -t nat -A POSTROUTING -s YOURVPNSUBNET/24 -j SNAT --to-source [YOUR VPS IP ADDRESS]

    But the vps IP address changes every time so how does that work? The address will change every time you use another config file won't it so surely you don't have to edit that every single time you run openvpn?

    So I am not sure what you mean by '

    I am using ufw so I added that line like so (going by what other postrouting rules I saw in there) and it reloaded without errors but didn't seem to have any effect.

    -A POSTROUTING -s 255.255.255.0/24 -j SNAT --to-source <server-ip>

    I also followed the recommendations in the archwiki I linked above the part about allowing it in ufw I thought would be just the ticket though it still isn't working.

  • lowendguy7lowendguy7 Member

    Please help I am desperate for some loving kindness

  • TimboJonesTimboJones Member

    You should install from a script on github. Like https://github.com/StreisandEffect/streisand

  • YmpkerYmpker Member

    If you have used https://github.com/Angristan/OpenVPN-install , which DNS Servers did you select. Selecting "Use system/local DNS" sometimes (with various providers) resulted for me in my traffic not going through even though that appears to be odd. Re-install and select Cloudflare/Google DNS and it should work like a charm.

  • BardulfBardulf Member

    you can use softether, it support multi protocol and easy to use.
    https://github.com/icoexist/softether-autoinstall

Sign In or Register to comment.