Broken wordpress/web server after setting up openVPN

Posted November 26, 2015 10.4k views

I had a functioning wordpress multisite droplet (IP: and installed openVPN following the instructions in this page:

Now I realized that my webserver is not responding (I cannot open any page). Same thing has happened to the wordpress, it is either broken or not repsonding.

My main concern is to have my webserver&wordpress back to life. I do not mind to disable or undo the openVPN installation.

I did not find much information about conflict between openVPN and wordpress instalation. I am even not sure if I understand what has gone wrong. Can anyone advice please?

  • I can’t really say for sure what your solution is, but I can try to make poor assumptions about your problem. Is SSH even working? If not, it sounds as if your OpenVPN installation totally boned your firewall settings and locked out all traffic. You’ll probably need to use your console to fix it.

  • I can connect via SSH, and I guess you are right about the possible firewall issue.

  • I’m having the same problem!

  • Its your ufw rules causing that issue. There is a good chance that you just copy pasted this code in your

    # rules.before
    # Rules that should be run before the ufw command line added rules. Custom
    # rules should be added to one of these chains:
    #   ufw-before-input
    #   ufw-before-output
    #   ufw-before-forward
    # NAT table rules
    # Allow traffic from OpenVPN client to wlp11s0 (change to the interface you discovered!)
    -A POSTROUTING -s -o wlp11s0 -j MASQUERADE
    # Don't delete these required lines, otherwise there will be errors

    but if u see clearly -A POSTROUTING line has wlp11s0 but if your droplet is probably using eth0. change that and it will work. I did the same thing. I didn’t notice it at the first time.

    you can check the correct value by

    ip route | grep default

    which gives something like

    default via dev eth0onlink

    the interface name is eth0 in my case.

  • I’ve this problem exactly.
    my problem solved via typing sudo ufw allow 80/tcp
    you can use this code for every port you want

    by Shaun Lewis
    Learn how to setup a firewall with UFW on an Ubuntu / Debian cloud server.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer


You’re still able to SSH in to the Droplet, correct? If so, login to the CLI and run:

sudo killall -9 openvpn

and then restart Apache. What the above command does is simply terminate all OpenVPN processes that may be running, effectively shutting it down.

You can confirm this by issuing the command:


and then pressing SHIFT+M followed by C (as in the letter) on your keyboard. This sorts processes by RAM usage and then expands the process in the far right column so that you can see everything that’s running in detail. If it’s running, you’ll either see the user associated with your OpenVPN config in the far left column or the OpenVPN process in the far right.

If you see OpenVPN still running, while still in top, press k and find the ID of the process in the far left column, type it in and hit enter. You’ll be asked how to kill it off, simply hit enter (leaving it blank). If that doesn’t work, run the same again and enter -9 or 15.

Once you run the above and restart Apache, let me know if you’re up and running. If not, please run top, press SHIFT+M followed by C and upload a screenshot to imgur or another image hosting service and link to it in your reply.

  • Really thanks. Your comment helped to learn this useful command (top). I figured out that my firewall was blocking web communication. After sudo ufw disable my web server is working.

    I wonder if it is possible to have a nice configuration in my firewall which allows having the VPN on some ports, while keeping the normal web server/wordpress open.

    • @roozfeiz No problem :-).

      You can use ufw to add and remove ports freely, you just need to know what ports you need to allow public access to. To help you out, I’d need to know a little more about the setup you’re running.

      Other than OpenVPN, Apache, MySQL and PHP, what other software are you running?

      To get you started, ideally we’d want to allow HTTP, HTTPS and SSH through as we need the first two to serve your WordPress site and SSH, of course, to login to the CLI and SFTP :-).

      So to start:

      sudo ufw allow 80/tcp
      sudo ufw allow 443/tcp
      sudo ufw allow 53/udp
      sudo ufw allow 22/tcp

      That allows, in order from top to bottom, HTTP, HTTPS, DNS and SSH, through ufw. You can run these commands while ufw is disabled (it won’t turn it on).

      The /tcp & /udp portion of the command simply allows us to specify our preferred protocol.

      Connections over Port 80, 443 and 22 are most always going to be TCP. Port 53 should be udp and if you turn the firewall on and do not allow this port through, you may run in to issues with package updates and outside connections.

      Why not use sudo ufw allow 53/tcp? You can, though unless you’re physically running a DNS server on your Droplet (i.e. Bind, for example), it’s pointless :-).

      With that in mind, to allow OpenVPN through, you’d simply use the same command and swap out the port.

      sudo ufw allow PORT/tcp

      Where PORT = your OpenVPN port.

      To test things out, you would then simply issue the command below, but FIRST, make sure your SSH Port is actually 22 and if it’s not, change it. Why? Once you start ufw, if your SSH port isn’t allowed in, you won’t be allowed back in :-):

      sudo ufw start
      • @jtittle I did as you said and now I have a functioning firewall with openVPN running. I have not managed to make the VPN really working, however, the main problem is solved, thanks to you. For getting the VPN to work, I will do some research and try to figure it out myself before asking this wonderful community again.

        • @roozfeiz

          Always happy to help and I’m glad that we’ve taken care of one issue, though leaving you with something not working bugs me :-).

          Would you mind running the following:

          tail -50 /var/log/syslog

          and pasting the output in to a Pastebin (and posting that link here - just to keep the reply clean)? What this command does out output the last (and newest) data logged to the syslog.

          The -50 tells tail how many lines we’d like to output, so you could change this to any reasonable number (though normally, we keep it relatively low to prevent filling up the screen).

          • Thanks for the follow up question.

            My wordpress multisite installation is now working, after a bit of struggling with changing it from IP-installation to domain (because I was waiting for my DNS to change, I had installed it with IP). The firewall is ON (thanks to your advise) and shows no conflict with WP and the normal starting up of openVPN.

            However, the VPN is not functioning properly. My client openVPN can successfully connect to my droplet. However, after the connection is established, in my client system I can only browse my own droplet sites. Any other website cannot be opened. If I disconnect my openVPN client, the internet is just fine.

            I have placed here the result for tail -100 /var/log/syslog.

            By the way, Pastebin is a nice idea. I like it.