Connected to OpenVPN but no internet connection nor client to client












0














I just installed the following setup on a raspberry pi v3, its IP 192.168.1.2:




  1. First, I installed PiHole

  2. Then I installed PiVPN

  3. Made one adjustment to /etc/openvpn/server.conf: I commented out the existing dhcp-options and added push "dhcp-option DNS 192.168.1.2", where 192.168.1.2 is the PiHole_IP

  4. I created one cert for my phone


I am able to connect from my phone to my VPN but if I try to open any website I am not getting any response back. If I try to find any client on the LAN I am not getting any response either.



The following is the log, taken from my phone's open vpn app:



2018-02-10 14:02:41 1

2018-02-10 14:02:41 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04

2018-02-10 14:02:41 Frame=512/2048/512 mssfix-ctrl=1250

2018-02-10 14:02:41 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
10 [verify-x509-name] [server_HASH] [name]
14 [verb] [3]

2018-02-10 14:02:41 EVENT: RESOLVE

2018-02-10 14:02:41 Contacting [MY_EXTERNAL_IP]:1194/UDP via UDP

2018-02-10 14:02:41 EVENT: WAIT

2018-02-10 14:02:41 Connecting to [MY_DNS_NAME]:1194 (MY_EXTERNAL_IP) via UDPv4

2018-02-10 14:02:41 EVENT: CONNECTING

2018-02-10 14:02:41 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client

2018-02-10 14:02:41 Creds: UsernameEmpty/PasswordEmpty

2018-02-10 14:02:41 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1


2018-02-10 14:02:42 VERIFY OK : depth=1
cert. version : 3
serial number : A7:A9:F2:46:05:5B:BD:D8
issuer name : CN=ChangeMe
subject name : CN=ChangeMe
issued on : 2018-10-10 16:04:51
expires on : 2028-10-07 16:04:51
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign


2018-02-10 14:02:42 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : CN=ChangeMe
subject name : CN=server_HASH
issued on : 2018-10-10 16:05:10
expires on : 2028-10-07 16:05:10
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=false
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication


2018-02-10 14:02:42 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

2018-02-10 14:02:42 Session is ACTIVE

2018-02-10 14:02:42 EVENT: GET_CONFIG

2018-02-10 14:02:42 Sending PUSH_REQUEST to server...

2018-02-10 14:02:42 OPTIONS:
0 [dhcp-option] [DNS] [192.168.1.2]
1 [block-outside-dns]
2 [redirect-gateway] [def1]
3 [route-gateway] [10.8.0.1]
4 [topology] [subnet]
5 [ping] [1800]
6 [ping-restart] [3600]
7 [ifconfig] [10.8.0.2] [255.255.255.0]
8 [peer-id] [0]
9 [cipher] [AES-256-GCM]


2018-02-10 14:02:42 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA256
compress: COMP_STUB
peer ID: 0

2018-02-10 14:02:42 EVENT: ASSIGN_IP

2018-02-10 14:02:42 NIP: preparing TUN network settings

2018-02-10 14:02:42 NIP: init TUN network settings with endpoint: MY_EXTERNAL_IP

2018-02-10 14:02:42 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0

2018-02-10 14:02:42 NIP: adding (included) IPv4 route 10.8.0.0/24

2018-02-10 14:02:42 NIP: redirecting all IPv4 traffic to TUN interface

2018-02-10 14:02:42 NIP: adding DNS 192.168.1.2

2018-02-10 14:02:42 Connected via NetworkExtensionTUN

2018-02-10 14:02:42 LZO-ASYM init swap=0 asym=1

2018-02-10 14:02:42 Comp-stub init swap=1

2018-02-10 14:02:42 EVENT: CONNECTED MY_DNS_NAME.com:1194 (MY_EXTERNAL_IP) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]


This is the server.conf which I slightly modified by adding/removing dhcp-options as stated above:



dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_HASH.crt
key /etc/openvpn/easy-rsa/pki/private/server_HASH.key
dh none
ecdh-curve secp384r1
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
#push "dhcp-option DNS 1.1.1.1"
#push "dhcp-option DNS 1.0.0.1"
push "dhcp-option DNS 192.168.1.2"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
compress lz4
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io


Furthermore, I can see that PiHole is getting requests from IP 10.0.8.2, which are not being blocked. I am not sure where to start troubleshooting and am looking forward for any hints and directions :-)










share|improve this question



























    0














    I just installed the following setup on a raspberry pi v3, its IP 192.168.1.2:




    1. First, I installed PiHole

    2. Then I installed PiVPN

    3. Made one adjustment to /etc/openvpn/server.conf: I commented out the existing dhcp-options and added push "dhcp-option DNS 192.168.1.2", where 192.168.1.2 is the PiHole_IP

    4. I created one cert for my phone


    I am able to connect from my phone to my VPN but if I try to open any website I am not getting any response back. If I try to find any client on the LAN I am not getting any response either.



    The following is the log, taken from my phone's open vpn app:



    2018-02-10 14:02:41 1

    2018-02-10 14:02:41 ----- OpenVPN Start -----
    OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04

    2018-02-10 14:02:41 Frame=512/2048/512 mssfix-ctrl=1250

    2018-02-10 14:02:41 UNUSED OPTIONS
    4 [resolv-retry] [infinite]
    5 [nobind]
    6 [persist-key]
    7 [persist-tun]
    10 [verify-x509-name] [server_HASH] [name]
    14 [verb] [3]

    2018-02-10 14:02:41 EVENT: RESOLVE

    2018-02-10 14:02:41 Contacting [MY_EXTERNAL_IP]:1194/UDP via UDP

    2018-02-10 14:02:41 EVENT: WAIT

    2018-02-10 14:02:41 Connecting to [MY_DNS_NAME]:1194 (MY_EXTERNAL_IP) via UDPv4

    2018-02-10 14:02:41 EVENT: CONNECTING

    2018-02-10 14:02:41 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client

    2018-02-10 14:02:41 Creds: UsernameEmpty/PasswordEmpty

    2018-02-10 14:02:41 Peer Info:
    IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
    IV_VER=3.2
    IV_PLAT=ios
    IV_NCP=2
    IV_TCPNL=1
    IV_PROTO=2
    IV_LZO_STUB=1
    IV_COMP_STUB=1
    IV_COMP_STUBv2=1
    IV_AUTO_SESS=1


    2018-02-10 14:02:42 VERIFY OK : depth=1
    cert. version : 3
    serial number : A7:A9:F2:46:05:5B:BD:D8
    issuer name : CN=ChangeMe
    subject name : CN=ChangeMe
    issued on : 2018-10-10 16:04:51
    expires on : 2028-10-07 16:04:51
    signed using : RSA with SHA-256
    RSA key size : 4096 bits
    basic constraints : CA=true
    key usage : Key Cert Sign, CRL Sign


    2018-02-10 14:02:42 VERIFY OK : depth=0
    cert. version : 3
    serial number : 01
    issuer name : CN=ChangeMe
    subject name : CN=server_HASH
    issued on : 2018-10-10 16:05:10
    expires on : 2028-10-07 16:05:10
    signed using : RSA with SHA-256
    RSA key size : 4096 bits
    basic constraints : CA=false
    key usage : Digital Signature, Key Encipherment
    ext key usage : TLS Web Server Authentication


    2018-02-10 14:02:42 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

    2018-02-10 14:02:42 Session is ACTIVE

    2018-02-10 14:02:42 EVENT: GET_CONFIG

    2018-02-10 14:02:42 Sending PUSH_REQUEST to server...

    2018-02-10 14:02:42 OPTIONS:
    0 [dhcp-option] [DNS] [192.168.1.2]
    1 [block-outside-dns]
    2 [redirect-gateway] [def1]
    3 [route-gateway] [10.8.0.1]
    4 [topology] [subnet]
    5 [ping] [1800]
    6 [ping-restart] [3600]
    7 [ifconfig] [10.8.0.2] [255.255.255.0]
    8 [peer-id] [0]
    9 [cipher] [AES-256-GCM]


    2018-02-10 14:02:42 PROTOCOL OPTIONS:
    cipher: AES-256-GCM
    digest: SHA256
    compress: COMP_STUB
    peer ID: 0

    2018-02-10 14:02:42 EVENT: ASSIGN_IP

    2018-02-10 14:02:42 NIP: preparing TUN network settings

    2018-02-10 14:02:42 NIP: init TUN network settings with endpoint: MY_EXTERNAL_IP

    2018-02-10 14:02:42 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0

    2018-02-10 14:02:42 NIP: adding (included) IPv4 route 10.8.0.0/24

    2018-02-10 14:02:42 NIP: redirecting all IPv4 traffic to TUN interface

    2018-02-10 14:02:42 NIP: adding DNS 192.168.1.2

    2018-02-10 14:02:42 Connected via NetworkExtensionTUN

    2018-02-10 14:02:42 LZO-ASYM init swap=0 asym=1

    2018-02-10 14:02:42 Comp-stub init swap=1

    2018-02-10 14:02:42 EVENT: CONNECTED MY_DNS_NAME.com:1194 (MY_EXTERNAL_IP) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]


    This is the server.conf which I slightly modified by adding/removing dhcp-options as stated above:



    dev tun
    proto udp
    port 1194
    ca /etc/openvpn/easy-rsa/pki/ca.crt
    cert /etc/openvpn/easy-rsa/pki/issued/server_HASH.crt
    key /etc/openvpn/easy-rsa/pki/private/server_HASH.key
    dh none
    ecdh-curve secp384r1
    topology subnet
    server 10.8.0.0 255.255.255.0
    # Set your primary domain name server address for clients
    #push "dhcp-option DNS 1.1.1.1"
    #push "dhcp-option DNS 1.0.0.1"
    push "dhcp-option DNS 192.168.1.2"
    # Prevent DNS leaks on Windows
    push "block-outside-dns"
    # Override the Client default gateway by using 0.0.0.0/1 and
    # 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
    # overriding but not wiping out the original default gateway.
    push "redirect-gateway def1"
    client-to-client
    keepalive 1800 3600
    remote-cert-tls client
    tls-version-min 1.2
    tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
    cipher AES-256-CBC
    auth SHA256
    compress lz4
    user nobody
    group nogroup
    persist-key
    persist-tun
    crl-verify /etc/openvpn/crl.pem
    status /var/log/openvpn-status.log 20
    status-version 3
    syslog
    verb 3
    #DuplicateCNs allow access control on a less-granular, per user basis.
    #Remove # if you will manage access by user instead of device.
    #duplicate-cn
    # Generated for use by PiVPN.io


    Furthermore, I can see that PiHole is getting requests from IP 10.0.8.2, which are not being blocked. I am not sure where to start troubleshooting and am looking forward for any hints and directions :-)










    share|improve this question

























      0












      0








      0







      I just installed the following setup on a raspberry pi v3, its IP 192.168.1.2:




      1. First, I installed PiHole

      2. Then I installed PiVPN

      3. Made one adjustment to /etc/openvpn/server.conf: I commented out the existing dhcp-options and added push "dhcp-option DNS 192.168.1.2", where 192.168.1.2 is the PiHole_IP

      4. I created one cert for my phone


      I am able to connect from my phone to my VPN but if I try to open any website I am not getting any response back. If I try to find any client on the LAN I am not getting any response either.



      The following is the log, taken from my phone's open vpn app:



      2018-02-10 14:02:41 1

      2018-02-10 14:02:41 ----- OpenVPN Start -----
      OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04

      2018-02-10 14:02:41 Frame=512/2048/512 mssfix-ctrl=1250

      2018-02-10 14:02:41 UNUSED OPTIONS
      4 [resolv-retry] [infinite]
      5 [nobind]
      6 [persist-key]
      7 [persist-tun]
      10 [verify-x509-name] [server_HASH] [name]
      14 [verb] [3]

      2018-02-10 14:02:41 EVENT: RESOLVE

      2018-02-10 14:02:41 Contacting [MY_EXTERNAL_IP]:1194/UDP via UDP

      2018-02-10 14:02:41 EVENT: WAIT

      2018-02-10 14:02:41 Connecting to [MY_DNS_NAME]:1194 (MY_EXTERNAL_IP) via UDPv4

      2018-02-10 14:02:41 EVENT: CONNECTING

      2018-02-10 14:02:41 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client

      2018-02-10 14:02:41 Creds: UsernameEmpty/PasswordEmpty

      2018-02-10 14:02:41 Peer Info:
      IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
      IV_VER=3.2
      IV_PLAT=ios
      IV_NCP=2
      IV_TCPNL=1
      IV_PROTO=2
      IV_LZO_STUB=1
      IV_COMP_STUB=1
      IV_COMP_STUBv2=1
      IV_AUTO_SESS=1


      2018-02-10 14:02:42 VERIFY OK : depth=1
      cert. version : 3
      serial number : A7:A9:F2:46:05:5B:BD:D8
      issuer name : CN=ChangeMe
      subject name : CN=ChangeMe
      issued on : 2018-10-10 16:04:51
      expires on : 2028-10-07 16:04:51
      signed using : RSA with SHA-256
      RSA key size : 4096 bits
      basic constraints : CA=true
      key usage : Key Cert Sign, CRL Sign


      2018-02-10 14:02:42 VERIFY OK : depth=0
      cert. version : 3
      serial number : 01
      issuer name : CN=ChangeMe
      subject name : CN=server_HASH
      issued on : 2018-10-10 16:05:10
      expires on : 2028-10-07 16:05:10
      signed using : RSA with SHA-256
      RSA key size : 4096 bits
      basic constraints : CA=false
      key usage : Digital Signature, Key Encipherment
      ext key usage : TLS Web Server Authentication


      2018-02-10 14:02:42 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

      2018-02-10 14:02:42 Session is ACTIVE

      2018-02-10 14:02:42 EVENT: GET_CONFIG

      2018-02-10 14:02:42 Sending PUSH_REQUEST to server...

      2018-02-10 14:02:42 OPTIONS:
      0 [dhcp-option] [DNS] [192.168.1.2]
      1 [block-outside-dns]
      2 [redirect-gateway] [def1]
      3 [route-gateway] [10.8.0.1]
      4 [topology] [subnet]
      5 [ping] [1800]
      6 [ping-restart] [3600]
      7 [ifconfig] [10.8.0.2] [255.255.255.0]
      8 [peer-id] [0]
      9 [cipher] [AES-256-GCM]


      2018-02-10 14:02:42 PROTOCOL OPTIONS:
      cipher: AES-256-GCM
      digest: SHA256
      compress: COMP_STUB
      peer ID: 0

      2018-02-10 14:02:42 EVENT: ASSIGN_IP

      2018-02-10 14:02:42 NIP: preparing TUN network settings

      2018-02-10 14:02:42 NIP: init TUN network settings with endpoint: MY_EXTERNAL_IP

      2018-02-10 14:02:42 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0

      2018-02-10 14:02:42 NIP: adding (included) IPv4 route 10.8.0.0/24

      2018-02-10 14:02:42 NIP: redirecting all IPv4 traffic to TUN interface

      2018-02-10 14:02:42 NIP: adding DNS 192.168.1.2

      2018-02-10 14:02:42 Connected via NetworkExtensionTUN

      2018-02-10 14:02:42 LZO-ASYM init swap=0 asym=1

      2018-02-10 14:02:42 Comp-stub init swap=1

      2018-02-10 14:02:42 EVENT: CONNECTED MY_DNS_NAME.com:1194 (MY_EXTERNAL_IP) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]


      This is the server.conf which I slightly modified by adding/removing dhcp-options as stated above:



      dev tun
      proto udp
      port 1194
      ca /etc/openvpn/easy-rsa/pki/ca.crt
      cert /etc/openvpn/easy-rsa/pki/issued/server_HASH.crt
      key /etc/openvpn/easy-rsa/pki/private/server_HASH.key
      dh none
      ecdh-curve secp384r1
      topology subnet
      server 10.8.0.0 255.255.255.0
      # Set your primary domain name server address for clients
      #push "dhcp-option DNS 1.1.1.1"
      #push "dhcp-option DNS 1.0.0.1"
      push "dhcp-option DNS 192.168.1.2"
      # Prevent DNS leaks on Windows
      push "block-outside-dns"
      # Override the Client default gateway by using 0.0.0.0/1 and
      # 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
      # overriding but not wiping out the original default gateway.
      push "redirect-gateway def1"
      client-to-client
      keepalive 1800 3600
      remote-cert-tls client
      tls-version-min 1.2
      tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
      cipher AES-256-CBC
      auth SHA256
      compress lz4
      user nobody
      group nogroup
      persist-key
      persist-tun
      crl-verify /etc/openvpn/crl.pem
      status /var/log/openvpn-status.log 20
      status-version 3
      syslog
      verb 3
      #DuplicateCNs allow access control on a less-granular, per user basis.
      #Remove # if you will manage access by user instead of device.
      #duplicate-cn
      # Generated for use by PiVPN.io


      Furthermore, I can see that PiHole is getting requests from IP 10.0.8.2, which are not being blocked. I am not sure where to start troubleshooting and am looking forward for any hints and directions :-)










      share|improve this question













      I just installed the following setup on a raspberry pi v3, its IP 192.168.1.2:




      1. First, I installed PiHole

      2. Then I installed PiVPN

      3. Made one adjustment to /etc/openvpn/server.conf: I commented out the existing dhcp-options and added push "dhcp-option DNS 192.168.1.2", where 192.168.1.2 is the PiHole_IP

      4. I created one cert for my phone


      I am able to connect from my phone to my VPN but if I try to open any website I am not getting any response back. If I try to find any client on the LAN I am not getting any response either.



      The following is the log, taken from my phone's open vpn app:



      2018-02-10 14:02:41 1

      2018-02-10 14:02:41 ----- OpenVPN Start -----
      OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04

      2018-02-10 14:02:41 Frame=512/2048/512 mssfix-ctrl=1250

      2018-02-10 14:02:41 UNUSED OPTIONS
      4 [resolv-retry] [infinite]
      5 [nobind]
      6 [persist-key]
      7 [persist-tun]
      10 [verify-x509-name] [server_HASH] [name]
      14 [verb] [3]

      2018-02-10 14:02:41 EVENT: RESOLVE

      2018-02-10 14:02:41 Contacting [MY_EXTERNAL_IP]:1194/UDP via UDP

      2018-02-10 14:02:41 EVENT: WAIT

      2018-02-10 14:02:41 Connecting to [MY_DNS_NAME]:1194 (MY_EXTERNAL_IP) via UDPv4

      2018-02-10 14:02:41 EVENT: CONNECTING

      2018-02-10 14:02:41 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client

      2018-02-10 14:02:41 Creds: UsernameEmpty/PasswordEmpty

      2018-02-10 14:02:41 Peer Info:
      IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
      IV_VER=3.2
      IV_PLAT=ios
      IV_NCP=2
      IV_TCPNL=1
      IV_PROTO=2
      IV_LZO_STUB=1
      IV_COMP_STUB=1
      IV_COMP_STUBv2=1
      IV_AUTO_SESS=1


      2018-02-10 14:02:42 VERIFY OK : depth=1
      cert. version : 3
      serial number : A7:A9:F2:46:05:5B:BD:D8
      issuer name : CN=ChangeMe
      subject name : CN=ChangeMe
      issued on : 2018-10-10 16:04:51
      expires on : 2028-10-07 16:04:51
      signed using : RSA with SHA-256
      RSA key size : 4096 bits
      basic constraints : CA=true
      key usage : Key Cert Sign, CRL Sign


      2018-02-10 14:02:42 VERIFY OK : depth=0
      cert. version : 3
      serial number : 01
      issuer name : CN=ChangeMe
      subject name : CN=server_HASH
      issued on : 2018-10-10 16:05:10
      expires on : 2028-10-07 16:05:10
      signed using : RSA with SHA-256
      RSA key size : 4096 bits
      basic constraints : CA=false
      key usage : Digital Signature, Key Encipherment
      ext key usage : TLS Web Server Authentication


      2018-02-10 14:02:42 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

      2018-02-10 14:02:42 Session is ACTIVE

      2018-02-10 14:02:42 EVENT: GET_CONFIG

      2018-02-10 14:02:42 Sending PUSH_REQUEST to server...

      2018-02-10 14:02:42 OPTIONS:
      0 [dhcp-option] [DNS] [192.168.1.2]
      1 [block-outside-dns]
      2 [redirect-gateway] [def1]
      3 [route-gateway] [10.8.0.1]
      4 [topology] [subnet]
      5 [ping] [1800]
      6 [ping-restart] [3600]
      7 [ifconfig] [10.8.0.2] [255.255.255.0]
      8 [peer-id] [0]
      9 [cipher] [AES-256-GCM]


      2018-02-10 14:02:42 PROTOCOL OPTIONS:
      cipher: AES-256-GCM
      digest: SHA256
      compress: COMP_STUB
      peer ID: 0

      2018-02-10 14:02:42 EVENT: ASSIGN_IP

      2018-02-10 14:02:42 NIP: preparing TUN network settings

      2018-02-10 14:02:42 NIP: init TUN network settings with endpoint: MY_EXTERNAL_IP

      2018-02-10 14:02:42 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0

      2018-02-10 14:02:42 NIP: adding (included) IPv4 route 10.8.0.0/24

      2018-02-10 14:02:42 NIP: redirecting all IPv4 traffic to TUN interface

      2018-02-10 14:02:42 NIP: adding DNS 192.168.1.2

      2018-02-10 14:02:42 Connected via NetworkExtensionTUN

      2018-02-10 14:02:42 LZO-ASYM init swap=0 asym=1

      2018-02-10 14:02:42 Comp-stub init swap=1

      2018-02-10 14:02:42 EVENT: CONNECTED MY_DNS_NAME.com:1194 (MY_EXTERNAL_IP) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]


      This is the server.conf which I slightly modified by adding/removing dhcp-options as stated above:



      dev tun
      proto udp
      port 1194
      ca /etc/openvpn/easy-rsa/pki/ca.crt
      cert /etc/openvpn/easy-rsa/pki/issued/server_HASH.crt
      key /etc/openvpn/easy-rsa/pki/private/server_HASH.key
      dh none
      ecdh-curve secp384r1
      topology subnet
      server 10.8.0.0 255.255.255.0
      # Set your primary domain name server address for clients
      #push "dhcp-option DNS 1.1.1.1"
      #push "dhcp-option DNS 1.0.0.1"
      push "dhcp-option DNS 192.168.1.2"
      # Prevent DNS leaks on Windows
      push "block-outside-dns"
      # Override the Client default gateway by using 0.0.0.0/1 and
      # 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
      # overriding but not wiping out the original default gateway.
      push "redirect-gateway def1"
      client-to-client
      keepalive 1800 3600
      remote-cert-tls client
      tls-version-min 1.2
      tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
      cipher AES-256-CBC
      auth SHA256
      compress lz4
      user nobody
      group nogroup
      persist-key
      persist-tun
      crl-verify /etc/openvpn/crl.pem
      status /var/log/openvpn-status.log 20
      status-version 3
      syslog
      verb 3
      #DuplicateCNs allow access control on a less-granular, per user basis.
      #Remove # if you will manage access by user instead of device.
      #duplicate-cn
      # Generated for use by PiVPN.io


      Furthermore, I can see that PiHole is getting requests from IP 10.0.8.2, which are not being blocked. I am not sure where to start troubleshooting and am looking forward for any hints and directions :-)







      vpn openvpn raspberry-pi






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Oct 10 at 19:03









      jrn

      11419




      11419






















          1 Answer
          1






          active

          oldest

          votes


















          3














          In addition to removing the default Google DNS servers and the push "dhcp-option DNS 192.168.1.2" in server.conf, which you have already done, do the following:





          • Go to /etc/dnsmasq.d and create a new file, for example custom.conf (sudo nano custom.conf), with the following content:



            listen-address=127.0.0.1, 192.168.1.2, 10.8.0.1


            where 192.168.1.2 is the address of your Pi-hole DNS and 10.8.0.1 is the PiVPN Gateway.



            This ensures that if Pi-hole is updated, the changes to the other conf files would not be overwritten.




          • Restart the OpenVPN Service by running



            sudo service openvpn restart



          Now when you connect to the PiVPN from your clients, you should be able to access the Internet and the Pi-hole should filter all the ads.






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1365639%2fconnected-to-openvpn-but-no-internet-connection-nor-client-to-client%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            3














            In addition to removing the default Google DNS servers and the push "dhcp-option DNS 192.168.1.2" in server.conf, which you have already done, do the following:





            • Go to /etc/dnsmasq.d and create a new file, for example custom.conf (sudo nano custom.conf), with the following content:



              listen-address=127.0.0.1, 192.168.1.2, 10.8.0.1


              where 192.168.1.2 is the address of your Pi-hole DNS and 10.8.0.1 is the PiVPN Gateway.



              This ensures that if Pi-hole is updated, the changes to the other conf files would not be overwritten.




            • Restart the OpenVPN Service by running



              sudo service openvpn restart



            Now when you connect to the PiVPN from your clients, you should be able to access the Internet and the Pi-hole should filter all the ads.






            share|improve this answer




























              3














              In addition to removing the default Google DNS servers and the push "dhcp-option DNS 192.168.1.2" in server.conf, which you have already done, do the following:





              • Go to /etc/dnsmasq.d and create a new file, for example custom.conf (sudo nano custom.conf), with the following content:



                listen-address=127.0.0.1, 192.168.1.2, 10.8.0.1


                where 192.168.1.2 is the address of your Pi-hole DNS and 10.8.0.1 is the PiVPN Gateway.



                This ensures that if Pi-hole is updated, the changes to the other conf files would not be overwritten.




              • Restart the OpenVPN Service by running



                sudo service openvpn restart



              Now when you connect to the PiVPN from your clients, you should be able to access the Internet and the Pi-hole should filter all the ads.






              share|improve this answer


























                3












                3








                3






                In addition to removing the default Google DNS servers and the push "dhcp-option DNS 192.168.1.2" in server.conf, which you have already done, do the following:





                • Go to /etc/dnsmasq.d and create a new file, for example custom.conf (sudo nano custom.conf), with the following content:



                  listen-address=127.0.0.1, 192.168.1.2, 10.8.0.1


                  where 192.168.1.2 is the address of your Pi-hole DNS and 10.8.0.1 is the PiVPN Gateway.



                  This ensures that if Pi-hole is updated, the changes to the other conf files would not be overwritten.




                • Restart the OpenVPN Service by running



                  sudo service openvpn restart



                Now when you connect to the PiVPN from your clients, you should be able to access the Internet and the Pi-hole should filter all the ads.






                share|improve this answer














                In addition to removing the default Google DNS servers and the push "dhcp-option DNS 192.168.1.2" in server.conf, which you have already done, do the following:





                • Go to /etc/dnsmasq.d and create a new file, for example custom.conf (sudo nano custom.conf), with the following content:



                  listen-address=127.0.0.1, 192.168.1.2, 10.8.0.1


                  where 192.168.1.2 is the address of your Pi-hole DNS and 10.8.0.1 is the PiVPN Gateway.



                  This ensures that if Pi-hole is updated, the changes to the other conf files would not be overwritten.




                • Restart the OpenVPN Service by running



                  sudo service openvpn restart



                Now when you connect to the PiVPN from your clients, you should be able to access the Internet and the Pi-hole should filter all the ads.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Dec 15 at 23:24

























                answered Dec 15 at 1:08









                Angel

                463




                463






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1365639%2fconnected-to-openvpn-but-no-internet-connection-nor-client-to-client%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Probability when a professor distributes a quiz and homework assignment to a class of n students.

                    Aardman Animations

                    Are they similar matrix