Connected to OpenVPN but no internet connection nor client to client












0














I just installed the following setup on a raspberry pi v3, its IP 192.168.1.2:




  1. First, I installed PiHole

  2. Then I installed PiVPN

  3. Made one adjustment to /etc/openvpn/server.conf: I commented out the existing dhcp-options and added push "dhcp-option DNS 192.168.1.2", where 192.168.1.2 is the PiHole_IP

  4. I created one cert for my phone


I am able to connect from my phone to my VPN but if I try to open any website I am not getting any response back. If I try to find any client on the LAN I am not getting any response either.



The following is the log, taken from my phone's open vpn app:



2018-02-10 14:02:41 1



2018-02-10 14:02:41 ----- OpenVPN Start -----

OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct  3 2018 06:35:04



2018-02-10 14:02:41 Frame=512/2048/512 mssfix-ctrl=1250



2018-02-10 14:02:41 UNUSED OPTIONS

4 [resolv-retry] [infinite] 

5 [nobind] 

6 [persist-key] 

7 [persist-tun] 

10 [verify-x509-name] [server_HASH] [name] 

14 [verb] [3] 



2018-02-10 14:02:41 EVENT: RESOLVE



2018-02-10 14:02:41 Contacting [MY_EXTERNAL_IP]:1194/UDP via UDP



2018-02-10 14:02:41 EVENT: WAIT



2018-02-10 14:02:41 Connecting to [MY_DNS_NAME]:1194 (MY_EXTERNAL_IP) via UDPv4



2018-02-10 14:02:41 EVENT: CONNECTING



2018-02-10 14:02:41 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client



2018-02-10 14:02:41 Creds: UsernameEmpty/PasswordEmpty



2018-02-10 14:02:41 Peer Info:

IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894

IV_VER=3.2

IV_PLAT=ios

IV_NCP=2

IV_TCPNL=1

IV_PROTO=2

IV_LZO_STUB=1

IV_COMP_STUB=1

IV_COMP_STUBv2=1

IV_AUTO_SESS=1





2018-02-10 14:02:42 VERIFY OK : depth=1

cert. version     : 3

serial number     : A7:A9:F2:46:05:5B:BD:D8

issuer name       : CN=ChangeMe

subject name      : CN=ChangeMe

issued  on        : 2018-10-10 16:04:51

expires on        : 2028-10-07 16:04:51

signed using      : RSA with SHA-256

RSA key size      : 4096 bits

basic constraints : CA=true

key usage         : Key Cert Sign, CRL Sign





2018-02-10 14:02:42 VERIFY OK : depth=0

cert. version     : 3

serial number     : 01

issuer name       : CN=ChangeMe

subject name      : CN=server_HASH

issued  on        : 2018-10-10 16:05:10

expires on        : 2028-10-07 16:05:10

signed using      : RSA with SHA-256

RSA key size      : 4096 bits

basic constraints : CA=false

key usage         : Digital Signature, Key Encipherment

ext key usage     : TLS Web Server Authentication





2018-02-10 14:02:42 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384



2018-02-10 14:02:42 Session is ACTIVE



2018-02-10 14:02:42 EVENT: GET_CONFIG



2018-02-10 14:02:42 Sending PUSH_REQUEST to server...



2018-02-10 14:02:42 OPTIONS:

0 [dhcp-option] [DNS] [192.168.1.2] 

1 [block-outside-dns] 

2 [redirect-gateway] [def1] 

3 [route-gateway] [10.8.0.1] 

4 [topology] [subnet] 

5 [ping] [1800] 

6 [ping-restart] [3600] 

7 [ifconfig] [10.8.0.2] [255.255.255.0] 

8 [peer-id] [0] 

9 [cipher] [AES-256-GCM] 





2018-02-10 14:02:42 PROTOCOL OPTIONS:

  cipher: AES-256-GCM

  digest: SHA256

  compress: COMP_STUB

  peer ID: 0



2018-02-10 14:02:42 EVENT: ASSIGN_IP



2018-02-10 14:02:42 NIP: preparing TUN network settings



2018-02-10 14:02:42 NIP: init TUN network settings with endpoint: MY_EXTERNAL_IP



2018-02-10 14:02:42 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0



2018-02-10 14:02:42 NIP: adding (included) IPv4 route 10.8.0.0/24



2018-02-10 14:02:42 NIP: redirecting all IPv4 traffic to TUN interface



2018-02-10 14:02:42 NIP: adding DNS 192.168.1.2



2018-02-10 14:02:42 Connected via NetworkExtensionTUN



2018-02-10 14:02:42 LZO-ASYM init swap=0 asym=1



2018-02-10 14:02:42 Comp-stub init swap=1



2018-02-10 14:02:42 EVENT: CONNECTED MY_DNS_NAME.com:1194 (MY_EXTERNAL_IP) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]


This is the server.conf which I slightly modified by adding/removing dhcp-options as stated above:



dev tun

proto udp

port 1194

ca /etc/openvpn/easy-rsa/pki/ca.crt

cert /etc/openvpn/easy-rsa/pki/issued/server_HASH.crt

key /etc/openvpn/easy-rsa/pki/private/server_HASH.key

dh none

ecdh-curve secp384r1

topology subnet

server 10.8.0.0 255.255.255.0

# Set your primary domain name server address for clients

#push "dhcp-option DNS 1.1.1.1"

#push "dhcp-option DNS 1.0.0.1"

push "dhcp-option DNS 192.168.1.2"

# Prevent DNS leaks on Windows

push "block-outside-dns"

# Override the Client default gateway by using 0.0.0.0/1 and

# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of

# overriding but not wiping out the original default gateway.

push "redirect-gateway def1"

client-to-client

keepalive 1800 3600

remote-cert-tls client

tls-version-min 1.2

tls-crypt /etc/openvpn/easy-rsa/pki/ta.key

cipher AES-256-CBC

auth SHA256

compress lz4

user nobody

group nogroup

persist-key

persist-tun

crl-verify /etc/openvpn/crl.pem

status /var/log/openvpn-status.log 20

status-version 3

syslog

verb 3

#DuplicateCNs allow access control on a less-granular, per user basis.

#Remove # if you will manage access by user instead of device. 

#duplicate-cn

# Generated for use by PiVPN.io


Furthermore, I can see that PiHole is getting requests from IP 10.0.8.2, which are not being blocked. I am not sure where to start troubleshooting and am looking forward for any hints and directions :-)






vpn openvpn raspberry-pi







share|improve this question



























    0














    I just installed the following setup on a raspberry pi v3, its IP 192.168.1.2:




    1. First, I installed PiHole

    2. Then I installed PiVPN

    3. Made one adjustment to /etc/openvpn/server.conf: I commented out the existing dhcp-options and added push "dhcp-option DNS 192.168.1.2", where 192.168.1.2 is the PiHole_IP

    4. I created one cert for my phone


    I am able to connect from my phone to my VPN but if I try to open any website I am not getting any response back. If I try to find any client on the LAN I am not getting any response either.



    The following is the log, taken from my phone's open vpn app:



    2018-02-10 14:02:41 1
    

    
2018-02-10 14:02:41 ----- OpenVPN Start -----
    
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct  3 2018 06:35:04
    

    
2018-02-10 14:02:41 Frame=512/2048/512 mssfix-ctrl=1250
    

    
2018-02-10 14:02:41 UNUSED OPTIONS
    
4 [resolv-retry] [infinite] 
    
5 [nobind] 
    
6 [persist-key] 
    
7 [persist-tun] 
    
10 [verify-x509-name] [server_HASH] [name] 
    
14 [verb] [3] 
    

    
2018-02-10 14:02:41 EVENT: RESOLVE
    

    
2018-02-10 14:02:41 Contacting [MY_EXTERNAL_IP]:1194/UDP via UDP
    

    
2018-02-10 14:02:41 EVENT: WAIT
    

    
2018-02-10 14:02:41 Connecting to [MY_DNS_NAME]:1194 (MY_EXTERNAL_IP) via UDPv4
    

    
2018-02-10 14:02:41 EVENT: CONNECTING
    

    
2018-02-10 14:02:41 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client
    

    
2018-02-10 14:02:41 Creds: UsernameEmpty/PasswordEmpty
    

    
2018-02-10 14:02:41 Peer Info:
    
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
    
IV_VER=3.2
    
IV_PLAT=ios
    
IV_NCP=2
    
IV_TCPNL=1
    
IV_PROTO=2
    
IV_LZO_STUB=1
    
IV_COMP_STUB=1
    
IV_COMP_STUBv2=1
    
IV_AUTO_SESS=1
    

    

    
2018-02-10 14:02:42 VERIFY OK : depth=1
    
cert. version     : 3
    
serial number     : A7:A9:F2:46:05:5B:BD:D8
    
issuer name       : CN=ChangeMe
    
subject name      : CN=ChangeMe
    
issued  on        : 2018-10-10 16:04:51
    
expires on        : 2028-10-07 16:04:51
    
signed using      : RSA with SHA-256
    
RSA key size      : 4096 bits
    
basic constraints : CA=true
    
key usage         : Key Cert Sign, CRL Sign
    

    

    
2018-02-10 14:02:42 VERIFY OK : depth=0
    
cert. version     : 3
    
serial number     : 01
    
issuer name       : CN=ChangeMe
    
subject name      : CN=server_HASH
    
issued  on        : 2018-10-10 16:05:10
    
expires on        : 2028-10-07 16:05:10
    
signed using      : RSA with SHA-256
    
RSA key size      : 4096 bits
    
basic constraints : CA=false
    
key usage         : Digital Signature, Key Encipherment
    
ext key usage     : TLS Web Server Authentication
    

    

    
2018-02-10 14:02:42 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
    

    
2018-02-10 14:02:42 Session is ACTIVE
    

    
2018-02-10 14:02:42 EVENT: GET_CONFIG
    

    
2018-02-10 14:02:42 Sending PUSH_REQUEST to server...
    

    
2018-02-10 14:02:42 OPTIONS:
    
0 [dhcp-option] [DNS] [192.168.1.2] 
    
1 [block-outside-dns] 
    
2 [redirect-gateway] [def1] 
    
3 [route-gateway] [10.8.0.1] 
    
4 [topology] [subnet] 
    
5 [ping] [1800] 
    
6 [ping-restart] [3600] 
    
7 [ifconfig] [10.8.0.2] [255.255.255.0] 
    
8 [peer-id] [0] 
    
9 [cipher] [AES-256-GCM] 
    

    

    
2018-02-10 14:02:42 PROTOCOL OPTIONS:
    
  cipher: AES-256-GCM
    
  digest: SHA256
    
  compress: COMP_STUB
    
  peer ID: 0
    

    
2018-02-10 14:02:42 EVENT: ASSIGN_IP
    

    
2018-02-10 14:02:42 NIP: preparing TUN network settings
    

    
2018-02-10 14:02:42 NIP: init TUN network settings with endpoint: MY_EXTERNAL_IP
    

    
2018-02-10 14:02:42 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
    

    
2018-02-10 14:02:42 NIP: adding (included) IPv4 route 10.8.0.0/24
    

    
2018-02-10 14:02:42 NIP: redirecting all IPv4 traffic to TUN interface
    

    
2018-02-10 14:02:42 NIP: adding DNS 192.168.1.2
    

    
2018-02-10 14:02:42 Connected via NetworkExtensionTUN
    

    
2018-02-10 14:02:42 LZO-ASYM init swap=0 asym=1
    

    
2018-02-10 14:02:42 Comp-stub init swap=1
    

    
2018-02-10 14:02:42 EVENT: CONNECTED MY_DNS_NAME.com:1194 (MY_EXTERNAL_IP) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]


    This is the server.conf which I slightly modified by adding/removing dhcp-options as stated above:



    dev tun
    
proto udp
    
port 1194
    
ca /etc/openvpn/easy-rsa/pki/ca.crt
    
cert /etc/openvpn/easy-rsa/pki/issued/server_HASH.crt
    
key /etc/openvpn/easy-rsa/pki/private/server_HASH.key
    
dh none
    
ecdh-curve secp384r1
    
topology subnet
    
server 10.8.0.0 255.255.255.0
    
# Set your primary domain name server address for clients
    
#push "dhcp-option DNS 1.1.1.1"
    
#push "dhcp-option DNS 1.0.0.1"
    
push "dhcp-option DNS 192.168.1.2"
    
# Prevent DNS leaks on Windows
    
push "block-outside-dns"
    
# Override the Client default gateway by using 0.0.0.0/1 and
    
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
    
# overriding but not wiping out the original default gateway.
    
push "redirect-gateway def1"
    
client-to-client
    
keepalive 1800 3600
    
remote-cert-tls client
    
tls-version-min 1.2
    
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
    
cipher AES-256-CBC
    
auth SHA256
    
compress lz4
    
user nobody
    
group nogroup
    
persist-key
    
persist-tun
    
crl-verify /etc/openvpn/crl.pem
    
status /var/log/openvpn-status.log 20
    
status-version 3
    
syslog
    
verb 3
    
#DuplicateCNs allow access control on a less-granular, per user basis.
    
#Remove # if you will manage access by user instead of device. 
    
#duplicate-cn
    
# Generated for use by PiVPN.io


    Furthermore, I can see that PiHole is getting requests from IP 10.0.8.2, which are not being blocked. I am not sure where to start troubleshooting and am looking forward for any hints and directions :-)






    vpn openvpn raspberry-pi







    share|improve this question

























      0












      0








      0







      I just installed the following setup on a raspberry pi v3, its IP 192.168.1.2:




      1. First, I installed PiHole

      2. Then I installed PiVPN

      3. Made one adjustment to /etc/openvpn/server.conf: I commented out the existing dhcp-options and added push "dhcp-option DNS 192.168.1.2", where 192.168.1.2 is the PiHole_IP

      4. I created one cert for my phone


      I am able to connect from my phone to my VPN but if I try to open any website I am not getting any response back. If I try to find any client on the LAN I am not getting any response either.



      The following is the log, taken from my phone's open vpn app:



      2018-02-10 14:02:41 1
      

      
2018-02-10 14:02:41 ----- OpenVPN Start -----
      
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct  3 2018 06:35:04
      

      
2018-02-10 14:02:41 Frame=512/2048/512 mssfix-ctrl=1250
      

      
2018-02-10 14:02:41 UNUSED OPTIONS
      
4 [resolv-retry] [infinite] 
      
5 [nobind] 
      
6 [persist-key] 
      
7 [persist-tun] 
      
10 [verify-x509-name] [server_HASH] [name] 
      
14 [verb] [3] 
      

      
2018-02-10 14:02:41 EVENT: RESOLVE
      

      
2018-02-10 14:02:41 Contacting [MY_EXTERNAL_IP]:1194/UDP via UDP
      

      
2018-02-10 14:02:41 EVENT: WAIT
      

      
2018-02-10 14:02:41 Connecting to [MY_DNS_NAME]:1194 (MY_EXTERNAL_IP) via UDPv4
      

      
2018-02-10 14:02:41 EVENT: CONNECTING
      

      
2018-02-10 14:02:41 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client
      

      
2018-02-10 14:02:41 Creds: UsernameEmpty/PasswordEmpty
      

      
2018-02-10 14:02:41 Peer Info:
      
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
      
IV_VER=3.2
      
IV_PLAT=ios
      
IV_NCP=2
      
IV_TCPNL=1
      
IV_PROTO=2
      
IV_LZO_STUB=1
      
IV_COMP_STUB=1
      
IV_COMP_STUBv2=1
      
IV_AUTO_SESS=1
      

      

      
2018-02-10 14:02:42 VERIFY OK : depth=1
      
cert. version     : 3
      
serial number     : A7:A9:F2:46:05:5B:BD:D8
      
issuer name       : CN=ChangeMe
      
subject name      : CN=ChangeMe
      
issued  on        : 2018-10-10 16:04:51
      
expires on        : 2028-10-07 16:04:51
      
signed using      : RSA with SHA-256
      
RSA key size      : 4096 bits
      
basic constraints : CA=true
      
key usage         : Key Cert Sign, CRL Sign
      

      

      
2018-02-10 14:02:42 VERIFY OK : depth=0
      
cert. version     : 3
      
serial number     : 01
      
issuer name       : CN=ChangeMe
      
subject name      : CN=server_HASH
      
issued  on        : 2018-10-10 16:05:10
      
expires on        : 2028-10-07 16:05:10
      
signed using      : RSA with SHA-256
      
RSA key size      : 4096 bits
      
basic constraints : CA=false
      
key usage         : Digital Signature, Key Encipherment
      
ext key usage     : TLS Web Server Authentication
      

      

      
2018-02-10 14:02:42 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
      

      
2018-02-10 14:02:42 Session is ACTIVE
      

      
2018-02-10 14:02:42 EVENT: GET_CONFIG
      

      
2018-02-10 14:02:42 Sending PUSH_REQUEST to server...
      

      
2018-02-10 14:02:42 OPTIONS:
      
0 [dhcp-option] [DNS] [192.168.1.2] 
      
1 [block-outside-dns] 
      
2 [redirect-gateway] [def1] 
      
3 [route-gateway] [10.8.0.1] 
      
4 [topology] [subnet] 
      
5 [ping] [1800] 
      
6 [ping-restart] [3600] 
      
7 [ifconfig] [10.8.0.2] [255.255.255.0] 
      
8 [peer-id] [0] 
      
9 [cipher] [AES-256-GCM] 
      

      

      
2018-02-10 14:02:42 PROTOCOL OPTIONS:
      
  cipher: AES-256-GCM
      
  digest: SHA256
      
  compress: COMP_STUB
      
  peer ID: 0
      

      
2018-02-10 14:02:42 EVENT: ASSIGN_IP
      

      
2018-02-10 14:02:42 NIP: preparing TUN network settings
      

      
2018-02-10 14:02:42 NIP: init TUN network settings with endpoint: MY_EXTERNAL_IP
      

      
2018-02-10 14:02:42 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
      

      
2018-02-10 14:02:42 NIP: adding (included) IPv4 route 10.8.0.0/24
      

      
2018-02-10 14:02:42 NIP: redirecting all IPv4 traffic to TUN interface
      

      
2018-02-10 14:02:42 NIP: adding DNS 192.168.1.2
      

      
2018-02-10 14:02:42 Connected via NetworkExtensionTUN
      

      
2018-02-10 14:02:42 LZO-ASYM init swap=0 asym=1
      

      
2018-02-10 14:02:42 Comp-stub init swap=1
      

      
2018-02-10 14:02:42 EVENT: CONNECTED MY_DNS_NAME.com:1194 (MY_EXTERNAL_IP) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]


      This is the server.conf which I slightly modified by adding/removing dhcp-options as stated above:



      dev tun
      
proto udp
      
port 1194
      
ca /etc/openvpn/easy-rsa/pki/ca.crt
      
cert /etc/openvpn/easy-rsa/pki/issued/server_HASH.crt
      
key /etc/openvpn/easy-rsa/pki/private/server_HASH.key
      
dh none
      
ecdh-curve secp384r1
      
topology subnet
      
server 10.8.0.0 255.255.255.0
      
# Set your primary domain name server address for clients
      
#push "dhcp-option DNS 1.1.1.1"
      
#push "dhcp-option DNS 1.0.0.1"
      
push "dhcp-option DNS 192.168.1.2"
      
# Prevent DNS leaks on Windows
      
push "block-outside-dns"
      
# Override the Client default gateway by using 0.0.0.0/1 and
      
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
      
# overriding but not wiping out the original default gateway.
      
push "redirect-gateway def1"
      
client-to-client
      
keepalive 1800 3600
      
remote-cert-tls client
      
tls-version-min 1.2
      
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
      
cipher AES-256-CBC
      
auth SHA256
      
compress lz4
      
user nobody
      
group nogroup
      
persist-key
      
persist-tun
      
crl-verify /etc/openvpn/crl.pem
      
status /var/log/openvpn-status.log 20
      
status-version 3
      
syslog
      
verb 3
      
#DuplicateCNs allow access control on a less-granular, per user basis.
      
#Remove # if you will manage access by user instead of device. 
      
#duplicate-cn
      
# Generated for use by PiVPN.io


      Furthermore, I can see that PiHole is getting requests from IP 10.0.8.2, which are not being blocked. I am not sure where to start troubleshooting and am looking forward for any hints and directions :-)






      vpn openvpn raspberry-pi







      share|improve this question













      I just installed the following setup on a raspberry pi v3, its IP 192.168.1.2:




      1. First, I installed PiHole

      2. Then I installed PiVPN

      3. Made one adjustment to /etc/openvpn/server.conf: I commented out the existing dhcp-options and added push "dhcp-option DNS 192.168.1.2", where 192.168.1.2 is the PiHole_IP

      4. I created one cert for my phone


      I am able to connect from my phone to my VPN but if I try to open any website I am not getting any response back. If I try to find any client on the LAN I am not getting any response either.



      The following is the log, taken from my phone's open vpn app:



      2018-02-10 14:02:41 1
      

      
2018-02-10 14:02:41 ----- OpenVPN Start -----
      
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct  3 2018 06:35:04
      

      
2018-02-10 14:02:41 Frame=512/2048/512 mssfix-ctrl=1250
      

      
2018-02-10 14:02:41 UNUSED OPTIONS
      
4 [resolv-retry] [infinite] 
      
5 [nobind] 
      
6 [persist-key] 
      
7 [persist-tun] 
      
10 [verify-x509-name] [server_HASH] [name] 
      
14 [verb] [3] 
      

      
2018-02-10 14:02:41 EVENT: RESOLVE
      

      
2018-02-10 14:02:41 Contacting [MY_EXTERNAL_IP]:1194/UDP via UDP
      

      
2018-02-10 14:02:41 EVENT: WAIT
      

      
2018-02-10 14:02:41 Connecting to [MY_DNS_NAME]:1194 (MY_EXTERNAL_IP) via UDPv4
      

      
2018-02-10 14:02:41 EVENT: CONNECTING
      

      
2018-02-10 14:02:41 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client
      

      
2018-02-10 14:02:41 Creds: UsernameEmpty/PasswordEmpty
      

      
2018-02-10 14:02:41 Peer Info:
      
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
      
IV_VER=3.2
      
IV_PLAT=ios
      
IV_NCP=2
      
IV_TCPNL=1
      
IV_PROTO=2
      
IV_LZO_STUB=1
      
IV_COMP_STUB=1
      
IV_COMP_STUBv2=1
      
IV_AUTO_SESS=1
      

      

      
2018-02-10 14:02:42 VERIFY OK : depth=1
      
cert. version     : 3
      
serial number     : A7:A9:F2:46:05:5B:BD:D8
      
issuer name       : CN=ChangeMe
      
subject name      : CN=ChangeMe
      
issued  on        : 2018-10-10 16:04:51
      
expires on        : 2028-10-07 16:04:51
      
signed using      : RSA with SHA-256
      
RSA key size      : 4096 bits
      
basic constraints : CA=true
      
key usage         : Key Cert Sign, CRL Sign
      

      

      
2018-02-10 14:02:42 VERIFY OK : depth=0
      
cert. version     : 3
      
serial number     : 01
      
issuer name       : CN=ChangeMe
      
subject name      : CN=server_HASH
      
issued  on        : 2018-10-10 16:05:10
      
expires on        : 2028-10-07 16:05:10
      
signed using      : RSA with SHA-256
      
RSA key size      : 4096 bits
      
basic constraints : CA=false
      
key usage         : Digital Signature, Key Encipherment
      
ext key usage     : TLS Web Server Authentication
      

      

      
2018-02-10 14:02:42 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
      

      
2018-02-10 14:02:42 Session is ACTIVE
      

      
2018-02-10 14:02:42 EVENT: GET_CONFIG
      

      
2018-02-10 14:02:42 Sending PUSH_REQUEST to server...
      

      
2018-02-10 14:02:42 OPTIONS:
      
0 [dhcp-option] [DNS] [192.168.1.2] 
      
1 [block-outside-dns] 
      
2 [redirect-gateway] [def1] 
      
3 [route-gateway] [10.8.0.1] 
      
4 [topology] [subnet] 
      
5 [ping] [1800] 
      
6 [ping-restart] [3600] 
      
7 [ifconfig] [10.8.0.2] [255.255.255.0] 
      
8 [peer-id] [0] 
      
9 [cipher] [AES-256-GCM] 
      

      

      
2018-02-10 14:02:42 PROTOCOL OPTIONS:
      
  cipher: AES-256-GCM
      
  digest: SHA256
      
  compress: COMP_STUB
      
  peer ID: 0
      

      
2018-02-10 14:02:42 EVENT: ASSIGN_IP
      

      
2018-02-10 14:02:42 NIP: preparing TUN network settings
      

      
2018-02-10 14:02:42 NIP: init TUN network settings with endpoint: MY_EXTERNAL_IP
      

      
2018-02-10 14:02:42 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
      

      
2018-02-10 14:02:42 NIP: adding (included) IPv4 route 10.8.0.0/24
      

      
2018-02-10 14:02:42 NIP: redirecting all IPv4 traffic to TUN interface
      

      
2018-02-10 14:02:42 NIP: adding DNS 192.168.1.2
      

      
2018-02-10 14:02:42 Connected via NetworkExtensionTUN
      

      
2018-02-10 14:02:42 LZO-ASYM init swap=0 asym=1
      

      
2018-02-10 14:02:42 Comp-stub init swap=1
      

      
2018-02-10 14:02:42 EVENT: CONNECTED MY_DNS_NAME.com:1194 (MY_EXTERNAL_IP) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]


      This is the server.conf which I slightly modified by adding/removing dhcp-options as stated above:



      dev tun
      
proto udp
      
port 1194
      
ca /etc/openvpn/easy-rsa/pki/ca.crt
      
cert /etc/openvpn/easy-rsa/pki/issued/server_HASH.crt
      
key /etc/openvpn/easy-rsa/pki/private/server_HASH.key
      
dh none
      
ecdh-curve secp384r1
      
topology subnet
      
server 10.8.0.0 255.255.255.0
      
# Set your primary domain name server address for clients
      
#push "dhcp-option DNS 1.1.1.1"
      
#push "dhcp-option DNS 1.0.0.1"
      
push "dhcp-option DNS 192.168.1.2"
      
# Prevent DNS leaks on Windows
      
push "block-outside-dns"
      
# Override the Client default gateway by using 0.0.0.0/1 and
      
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
      
# overriding but not wiping out the original default gateway.
      
push "redirect-gateway def1"
      
client-to-client
      
keepalive 1800 3600
      
remote-cert-tls client
      
tls-version-min 1.2
      
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
      
cipher AES-256-CBC
      
auth SHA256
      
compress lz4
      
user nobody
      
group nogroup
      
persist-key
      
persist-tun
      
crl-verify /etc/openvpn/crl.pem
      
status /var/log/openvpn-status.log 20
      
status-version 3
      
syslog
      
verb 3
      
#DuplicateCNs allow access control on a less-granular, per user basis.
      
#Remove # if you will manage access by user instead of device. 
      
#duplicate-cn
      
# Generated for use by PiVPN.io


      Furthermore, I can see that PiHole is getting requests from IP 10.0.8.2, which are not being blocked. I am not sure where to start troubleshooting and am looking forward for any hints and directions :-)






      vpn openvpn raspberry-pi




      vpn openvpn raspberry-pi






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Oct 10 at 19:03









      jrn

      11419




      11419






















          1 Answer
          1






          active

          oldest

          votes


















          3














          In addition to removing the default Google DNS servers and the push "dhcp-option DNS 192.168.1.2" in server.conf, which you have already done, do the following:





          • Go to /etc/dnsmasq.d and create a new file, for example custom.conf (sudo nano custom.conf), with the following content:



            listen-address=127.0.0.1, 192.168.1.2, 10.8.0.1


            where 192.168.1.2 is the address of your Pi-hole DNS and 10.8.0.1 is the PiVPN Gateway.



            This ensures that if Pi-hole is updated, the changes to the other conf files would not be overwritten.




          • Restart the OpenVPN Service by running



            sudo service openvpn restart



          Now when you connect to the PiVPN from your clients, you should be able to access the Internet and the Pi-hole should filter all the ads.






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1365639%2fconnected-to-openvpn-but-no-internet-connection-nor-client-to-client%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            3














            In addition to removing the default Google DNS servers and the push "dhcp-option DNS 192.168.1.2" in server.conf, which you have already done, do the following:





            • Go to /etc/dnsmasq.d and create a new file, for example custom.conf (sudo nano custom.conf), with the following content:



              listen-address=127.0.0.1, 192.168.1.2, 10.8.0.1


              where 192.168.1.2 is the address of your Pi-hole DNS and 10.8.0.1 is the PiVPN Gateway.



              This ensures that if Pi-hole is updated, the changes to the other conf files would not be overwritten.




            • Restart the OpenVPN Service by running



              sudo service openvpn restart



            Now when you connect to the PiVPN from your clients, you should be able to access the Internet and the Pi-hole should filter all the ads.






            share|improve this answer




























              3














              In addition to removing the default Google DNS servers and the push "dhcp-option DNS 192.168.1.2" in server.conf, which you have already done, do the following:





              • Go to /etc/dnsmasq.d and create a new file, for example custom.conf (sudo nano custom.conf), with the following content:



                listen-address=127.0.0.1, 192.168.1.2, 10.8.0.1


                where 192.168.1.2 is the address of your Pi-hole DNS and 10.8.0.1 is the PiVPN Gateway.



                This ensures that if Pi-hole is updated, the changes to the other conf files would not be overwritten.




              • Restart the OpenVPN Service by running



                sudo service openvpn restart



              Now when you connect to the PiVPN from your clients, you should be able to access the Internet and the Pi-hole should filter all the ads.






              share|improve this answer


























                3












                3








                3






                In addition to removing the default Google DNS servers and the push "dhcp-option DNS 192.168.1.2" in server.conf, which you have already done, do the following:





                • Go to /etc/dnsmasq.d and create a new file, for example custom.conf (sudo nano custom.conf), with the following content:



                  listen-address=127.0.0.1, 192.168.1.2, 10.8.0.1


                  where 192.168.1.2 is the address of your Pi-hole DNS and 10.8.0.1 is the PiVPN Gateway.



                  This ensures that if Pi-hole is updated, the changes to the other conf files would not be overwritten.




                • Restart the OpenVPN Service by running



                  sudo service openvpn restart



                Now when you connect to the PiVPN from your clients, you should be able to access the Internet and the Pi-hole should filter all the ads.






                share|improve this answer














                In addition to removing the default Google DNS servers and the push "dhcp-option DNS 192.168.1.2" in server.conf, which you have already done, do the following:





                • Go to /etc/dnsmasq.d and create a new file, for example custom.conf (sudo nano custom.conf), with the following content:



                  listen-address=127.0.0.1, 192.168.1.2, 10.8.0.1


                  where 192.168.1.2 is the address of your Pi-hole DNS and 10.8.0.1 is the PiVPN Gateway.



                  This ensures that if Pi-hole is updated, the changes to the other conf files would not be overwritten.




                • Restart the OpenVPN Service by running



                  sudo service openvpn restart



                Now when you connect to the PiVPN from your clients, you should be able to access the Internet and the Pi-hole should filter all the ads.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Dec 15 at 23:24

























                answered Dec 15 at 1:08









                Angel

                463




                463






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1365639%2fconnected-to-openvpn-but-no-internet-connection-nor-client-to-client%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

                    Image
                    0 I recently upgraded an Ubuntu 16.04 virtual machine to 18.04. I regularly use this VM to run apt-mirror at school on their high-speed internet, then rsync these files to my rack-mount server at home for updating multiple computers at home without wasting the tiny amount of bandwidth I have there. Since updating I can't get apt-mirror to run on my VM. It keeps giving the error: flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror line 214 immediately followed by: apt-mirror is already running, exiting at /usr/bin/apt-mirror line 217 apt-mirror is NOT running, and does not have a cron job. I've tried rebooting, and even looked for the old-style lockfile to delete, but I guess that method is no longer used. Is there some way to force unlock this so I can run apt-mirror? UPDATE: So... I f...
                    Read more

                    Mangá

                    Image
                      Nota:  Não confundir com Manga. Mangás e Animes Mangá Mangaká • Tankōbon Film comic La nouvelle manga Mangá original em inglês Anime História Animação influenciada por animes • Filler • OVA • Seiyū Públicos Kodomo • Shōjo • Shōnen Josei • Seinen Gêneros Mahō shōjo • Mecha • Harém Ecchi • Hentai ( Yaoi • Yuri Futanari • Shotacon • Lolicon Toddlercon ) Termos Bishōjo • Chibi • Fan service Gaiden • Kawaii • Kaitō • Light novel Mahō shōnen • Moe (antropomorfismo • Kemonomimi Nekomimi ) • Super deformed Omake • Tsundere • Yonkoma Listas Mangás • Animes • Ecchi • Mangaka • Estúdios • Revistas Fãs ( otaku ) Anime Music Video Convenções • Cosplay Dōjinshi • Fansub • Fandub • Fujoshi OS-tan • Scanlation Portal de Anime e mangá v d e O mangá (português brasileiro) ou manga (português europeu) [ 1 ] (em japonês: 漫画 , manga ? , lit. “história em quadrinhos”) , é a ...
                    Read more

                    Eduardo VII do Reino Unido

                    Image
                    Eduardo VII Rei do Reino Unido da Grã-Bretanha e Irlanda e dos Domínios Britânicos de Além-mar Imperador da Índia Rei do Reino Unido e Imperador da Índia Reinado 22 de janeiro de 1901 a 6 de maio de 1910 Coroação 9 de agosto de 1902 Delhi Durbar 1 de janeiro de 1903 Predecessora Vitória Sucessor Jorge V   Esposa Alexandra da Dinamarca Descendência Alberto Vitor, Duque de Clarence e Avondale Jorge V do Reino Unido Luísa, Princesa Real Vitória de Gales Maud de Gales Alexandre João de Gales Casa Saxe-Coburgo-Gota Nome completo Alberto Eduardo Nascimento 9 de novembro de 1841   Palácio de Buckingham, Londres, Reino Unido Morte 6 de maio de 1910 (68 anos)   Palácio de Buckingham, Londres, Reino Unido Enterro Capela de São Jorge, Windsor, Berkshire, Reino Unido 20 de maio de 1910 Pai Alberto de Saxe-Coburgo-Gota Mãe Vitória do Reino Unido Assinatura ...
                    Read more