You are not logged in.

Pages: 1

#1 2016-01-04 22:04:10

caterpillar
Member
Registered: 2016-01-04
Posts: 5

OpenVPN to third party server, can ping but can not browse

Hi all, I can successfully connect to the vpn and I'm able to ping, but I'm not sure if I can do anything else. Browsing seemingly attempts to load forever (doesn't throw an error for as long as I had waited, up to ~10 minutes).

client.conf (provided by the server. I added the mtu-test after looking at the arch wiki, didn't help)

client
dev tun
proto udp
remote my.server.address 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
tls-client
# mtu-test
remote-cert-tls server
auth-user-pass /etc/openvpn/login.conf
comp-lzo
verb 1
reneg-sec 0
crl-verify /etc/openvpn/crl.pem

Without connecting to VPN:

% ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 116764  bytes 9023181 (8.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 116764  bytes 9023181 (8.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.29  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::e399:cc00:9483:a494  prefixlen 64  scopeid 0x20<link>
        inet6 2601:192:8300:60c7:e4d:2eab:27a3:647c  prefixlen 64  scopeid 0x0<global>
        ether 30:b5:c2:85:d9:86  txqueuelen 1000  (Ethernet)
        RX packets 71503  bytes 12400284 (11.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 99377  bytes 15847241 (15.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


% route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.1        0.0.0.0         UG    303    0        0 wlp3s0
10.0.0.0        0.0.0.0         255.255.255.0   U     303    0        0 wlp3s0


% ping -c3 archlinux.org
PING archlinux.org (66.211.214.131) 56(84) bytes of data.
64 bytes from gudrun.archlinux.org (66.211.214.131): icmp_seq=1 ttl=52 time=35.8 ms
64 bytes from gudrun.archlinux.org (66.211.214.131): icmp_seq=2 ttl=52 time=38.4 ms
64 bytes from gudrun.archlinux.org (66.211.214.131): icmp_seq=3 ttl=52 time=44.5 ms

--- archlinux.org ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 35.825/39.611/44.541/3.656 ms

Connected to VPN:

% ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 115704  bytes 8930163 (8.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 115704  bytes 8930163 (8.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.152.1.6  netmask 255.255.255.255  destination 10.152.1.5
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 4  bytes 1301 (1.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 528 (528.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.29  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::e399:cc00:9483:a494  prefixlen 64  scopeid 0x20<link>
        inet6 2601:192:8300:60c7:e4d:2eab:27a3:647c  prefixlen 64  scopeid 0x0<global>
        ether 30:b5:c2:85:d9:86  txqueuelen 1000  (Ethernet)
        RX packets 70793  bytes 12303770 (11.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 98560  bytes 15711079 (14.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


% route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.152.1.5      128.0.0.0       UG    0      0        0 tun0
0.0.0.0         10.0.0.1        0.0.0.0         UG    303    0        0 wlp3s0
10.0.0.0        0.0.0.0         255.255.255.0   U     303    0        0 wlp3s0
10.152.1.1      10.152.1.5      255.255.255.255 UGH   0      0        0 tun0
10.152.1.5      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
109.201.152.242 10.0.0.1        255.255.255.255 UGH   0      0        0 wlp3s0
128.0.0.0       10.152.1.5      128.0.0.0       UG    0      0        0 tun0


matdmin@sweetpotato ~ % ping -c3 archlinux.org
PING archlinux.org (66.211.214.131) 56(84) bytes of data.
64 bytes from gudrun.archlinux.org (66.211.214.131): icmp_seq=1 ttl=52 time=222 ms
64 bytes from gudrun.archlinux.org (66.211.214.131): icmp_seq=2 ttl=52 time=223 ms
64 bytes from gudrun.archlinux.org (66.211.214.131): icmp_seq=3 ttl=52 time=217 ms

--- archlinux.org ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 6606ms
rtt min/avg/max/mdev = 217.034/221.159/223.845/3.010 ms

Any ideas?

Offline

#2 2016-01-04 22:18:41

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,231
Website

Re: OpenVPN to third party server, can ping but can not browse

What's the output from `wget ipchimp.net`?

Do you control the other end? Is there a firewall on it? Are you running a local firewall? Post `iptables-save` output.

Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?

BlueHackers // fscanary // resticctl

Offline

#3 2016-01-04 23:51:14

caterpillar
Member
Registered: 2016-01-04
Posts: 5

Re: OpenVPN to third party server, can ping but can not browse

I don't have control over the server.

% wget ipchimp.net
--2016-01-04 18:03:38--  http://ipchimp.net/
Resolving ipchimp.net (ipchimp.net)... 2400:8901::f03c:91ff:fe70:439b, 103.3.63.251
Connecting to ipchimp.net (ipchimp.net)|2400:8901::f03c:91ff:fe70:439b|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 38 [text/html]
Saving to: 'index.html'

index.html                   100%[================================================>]      38  --.-KB/s   in 0s     

2016-01-04 18:03:45 (2.65 MB/s) - 'index.html' saved [38/38]

The output of the index file is my ip address, not the one of the VPN.

Possibly worth noting, the command took a good number of seconds to do 

Resolving ipchimp.net (ipchimp.net)...

, so I ping'd the address followed by pinging the ip that it resolved to directly. When I ping the address it takes a few seconds to first get the address (PING ipchimp.net (103.3.63.251) 56(84) bytes of data.) then a few seconds for the first ping to actually go. There's no wait if I ping the IP address directly.

Offline

#4 2016-01-04 23:56:28

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,231
Website

Re: OpenVPN to third party server, can ping but can not browse

What is the output of `ip r g 103.3.63.251` and `cat /etc/resolv.conf`? And the other questions I asked about firewalls?

Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?

BlueHackers // fscanary // resticctl

Offline

#5 2016-01-05 01:07:15

caterpillar
Member
Registered: 2016-01-04
Posts: 5

Re: OpenVPN to third party server, can ping but can not browse

Sorry forgot about those. I'm not running any local firewall on the box, but apparently my router has one:

LAN-to-WAN: Allow all.
WAN-to-LAN: Block as per below and enable IDS
IDENT (port 113)

I disabled it for a moment, with no effect.

Not connected:

% ip r g 103.3.63.251
103.3.63.251 via 10.0.0.1 dev wlp3s0  src 10.0.0.29 
    cache

Connected:

% ip r g 103.3.63.251
103.3.63.251 via 10.174.1.5 dev tun0  src 10.174.1.6 
    cache

I just installed a package via pacman while connected, fwiw. It was able to connect/download just fine.

Thanks for taking your time!

Last edited by caterpillar (2016-01-05 01:07:27)

Offline

#6 2016-01-05 01:12:16

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,231
Website

Re: OpenVPN to third party server, can ping but can not browse

Well all your routing looks good.

caterpillar wrote:

I just installed a package via pacman while connected, fwiw. It was able to connect/download just fine.

So it's working now? pacman uses HTTP(s) to download packages. If not, what platform is the OpenVPN server running on? Do you (or can you) have tcpdump available on the server? Can you run the previous wget command on the server, or `curl -v ipchimp.net`?

Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?

BlueHackers // fscanary // resticctl

Offline

#7 2016-01-05 01:15:16

caterpillar
Member
Registered: 2016-01-04
Posts: 5

Re: OpenVPN to third party server, can ping but can not browse

Well, this is awkward.

I switched which browser I was using (aforementioned package) and it's working just fine. Firefox is not loading anything, where chromium is. Sorry about that! Still finding out why firefox won't load, but I was clearly looking in the wrong location.

Offline

#8 2016-01-05 01:16:07

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,231
Website

Re: OpenVPN to third party server, can ping but can not browse

Righteo smile

Perhaps proxy configuration or something in Firefox?

Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?

BlueHackers // fscanary // resticctl

Offline

#9 2016-01-05 01:25:07

caterpillar
Member
Registered: 2016-01-04
Posts: 5

Re: OpenVPN to third party server, can ping but can not browse

Proxy settings it was. It was attempting to use 'system proxy settings', which I changed to 'no proxy' (assumed that as long as it goes through the tun0 interface firefox doesn't need to know anything else), which now works. Thanks for your help, again!

Offline

Pages: 1

Board footer

Powered by FluxBB