Question
Why is the traffic does not go through the VPN connection?
I installed openvpn server on Ubuntu 14 droplet and i'm trying to connect through it on my Fedora 20 home computer.
There is a connection (according to the log below), but my IP didn't change.
ANY IDEA WHY?
I re-install the server several time (tried different distributions) from several guide i found on the internet, and i'm starting to think the problem is with the client and not with the server.
SERVER: UBUNTU 14
CLIENT: FEDORA 20
(I changed the public ip in the logs blow to X.X.X.X)
SERVER.CONF CONTENT:
root@vpn2:~# grep -vE '^#|^;|^$' /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert vpn2.crt
key vpn2.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
CLIENT.CONF CONTENT:
[e@localhost ~]$ grep -vE '^#|^;|^$' /etc/openvpn/client.conf
client
dev tun
proto udp
remote X.X.X.X 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client1.crt
key /etc/openvpn/client1.key
ns-cert-type server
comp-lzo
verb 3
CLIENT VPN CONNECTION OUTPUT:
[e@localhost ~]$ sudo openvpn --config /etc/openvpn/client.conf
Sun Apr 20 15:01:01 2014 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013
Sun Apr 20 15:01:01 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sun Apr 20 15:01:01 2014 UDPv4 link local: [undef]
Sun Apr 20 15:01:01 2014 UDPv4 link remote: [AF_INET]X.X.X.X:1194
Sun Apr 20 15:01:02 2014 TLS: Initial packet from [AF_INET]X.X.X.X:1194, sid=45cdb38f f3323d6e
Sun Apr 20 15:01:23 2014 VERIFY OK: depth=1, C=NL, ST=HM, L=Amsterdam, O=blabla, OU=blablabla, CN=blabla CA, name=EasyRSA, emailAddress=bla1@1bla.bla
Sun Apr 20 15:01:23 2014 VERIFY OK: nsCertType=SERVER
Sun Apr 20 15:01:23 2014 VERIFY OK: depth=0, C=NL, ST=HM, L=Amsterdam, O=blabla, OU=blablabla, CN=vpn2, name=EasyRSA, emailAddress=bla1@1bla.bla
Sun Apr 20 15:01:52 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Apr 20 15:01:52 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 20 15:01:52 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Apr 20 15:01:52 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 20 15:01:52 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Apr 20 15:01:52 2014 [vpn2] Peer Connection Initiated with [AF_INET]X.X.X.X:1194
Sun Apr 20 15:01:54 2014 SENT CONTROL [vpn2]: 'PUSH_REQUEST' (status=1)
Sun Apr 20 15:01:55 2014 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sun Apr 20 15:01:55 2014 OPTIONS IMPORT: timers and/or timeouts modified
Sun Apr 20 15:01:55 2014 OPTIONS IMPORT: --ifconfig/up options modified
Sun Apr 20 15:01:55 2014 OPTIONS IMPORT: route options modified
Sun Apr 20 15:01:55 2014 ROUTE_GATEWAY 10.0.0.138/255.255.255.0 IFACE=p3p1 HWADDR=d8:50:e6:ba:a3:44
Sun Apr 20 15:01:55 2014 TUN/TAP device tun0 opened
Sun Apr 20 15:01:55 2014 TUN/TAP TX queue length set to 100
Sun Apr 20 15:01:55 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Apr 20 15:01:55 2014 /usr/sbin/ip link set dev tun0 up mtu 1500
Sun Apr 20 15:01:55 2014 /usr/sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Sun Apr 20 15:01:55 2014 /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Sun Apr 20 15:01:55 2014 Initialization Sequence Completed
CLIENT NETSTAT OUTPUT:
[e@localhost ~]$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.0.138 0.0.0.0 UG 0 0 0 p3p1
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 p3p1
10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0
10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
CLIENT IFCONFIG OUTPUT:
[e@localhost ~]$ ifconfig
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 227 bytes 18188 (17.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 227 bytes 18188 (17.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
p3p1: flags=4163 mtu 1500
inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::da50:e6ff:feba:a344 prefixlen 64 scopeid 0x20
ether d8:50:e6:ba:a3:44 txqueuelen 1000 (Ethernet)
RX packets 4846734 bytes 5998970353 (5.5 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2985059 bytes 592853394 (565.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305 mtu 1500
inet 10.8.0.6 netmask 255.255.255.255 destination 10.8.0.5
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
SERVER LOG (TAIL):
Apr 20 08:01:53 localhost ovpn-server[2181]: X.X.X.X:60561 [client1] Peer Connection Initiated with [AF_INET]X.X.X.X:60561
Apr 20 08:01:53 localhost ovpn-server[2181]: MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Apr 20 08:01:53 localhost ovpn-server[2181]: MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Apr 20 08:01:53 localhost ovpn-server[2181]: MULTI: Learn: 10.8.0.6 -> client1/X.X.X.X:60561
Apr 20 08:01:53 localhost ovpn-server[2181]: MULTI: primary virtual IP for client1/X.X.X.X:60561: 10.8.0.6
Apr 20 08:01:55 localhost ovpn-server[2181]: client1/X.X.X.X:60561 PUSH: Received control message: 'PUSH_REQUEST'
Apr 20 08:01:55 localhost ovpn-server[2181]: client1/X.X.X.X:60561 send_push_reply(): safe_cap=940
Apr 20 08:01:55 localhost ovpn-server[2181]: client1/X.X.X.X:60561 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Apr 20 08:13:57 localhost ovpn-server[2181]: client1/X.X.X.X:60561 [client1] Inactivity timeout (--ping-restart), restarting
Apr 20 08:13:57 localhost ovpn-server[2181]: client1/X.X.X.X:60561 SIGUSR1[soft,ping-restart] received, client-instance restarting
SERVER NETSTAT OUTPUT:
root@vpn2:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 X.X.X.X.1 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
X.X.X.X.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
SERVER IFCONFIG OUTPUT:
root@vpn2:~# ifconfig
eth0 Link encap:Ethernet HWaddr 04:01:16:e1:87:01
inet addr:X.X.X.X Bcast:X.X.X.255 Mask:255.255.240.0
inet6 addr: fe80::601:16ff:fee1:8701/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:589782 errors:0 dropped:0 overruns:0 frame:0
TX packets:39230 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:82987986 (82.9 MB) TX bytes:6037129 (6.0 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:527 errors:0 dropped:0 overruns:0 frame:0
TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:36693 (36.6 KB) TX bytes:2940 (2.9 KB)
Add a comment
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.