You are not logged in.

#1 2016-01-24 17:35:32

GeneralFailer
Member
Registered: 2013-11-18
Posts: 21

Blockage by IP doesn't get bypassed by OpenVPN

Hello, all. I've posted this on OpenVPN forums a week ago but those are pretty dead and I still haven't received a response,

I can't get OpenVPN to bypass an IP blockage on an Arch Linux client via Ubuntu 14.04 server (OpenVPN version on it is 2.3.10). It seems to connect fine and IP determination websites indicate change of browser's IP but I can't access any blocked resources. It worked well on a Windows client with analogous settings I've been using until recently.

Here's the configuration used:

server.conf wrote:

port snip
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server snip snip
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem

client.conf wrote:

client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote snip snip
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
<ca>
snip
</ca>
<cert>
snip
</cert>
<key>
snip
</key>

Last edited by GeneralFailer (2016-01-24 17:35:51)

Offline

#2 2016-01-24 17:43:28

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: Blockage by IP doesn't get bypassed by OpenVPN

GeneralFailer wrote:

I can't get OpenVPN to bypass an IP blockage on an Arch Linux client via Ubuntu 14.04 server (OpenVPN version on it is 2.3.10). It seems to connect fine and IP determination websites indicate change of browser's IP but I can't access any blocked resources. It worked well on a Windows client with analogous settings I've been using until recently.

I honestly have no clue what you are trying to tell me sad

What is an IP blockage?  What is blocking it?  I am assuming a firewall someplace.  Where is the firewall?  Where is the Arch Linux client relative to the firewall?
Where is the Ubuntu server relative to the firewall?   
Are these physical machines, or are dealing with a virtual machine here?

Also, who owns / who imposed this blockage?  Are all of these machine yours?  Do you have the administrative rights to see the logs an all of the machines?

In general, tell us a lot more about your network architecture.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#3 2016-01-24 18:20:03

GeneralFailer
Member
Registered: 2013-11-18
Posts: 21

Re: Blockage by IP doesn't get bypassed by OpenVPN

It's a website server blockage imposed by the ISP of the client. I'm currently posting from the client and the server is basically an exterior VPS.

I have administrative rights on both but I don't see anything unusual in any OpenVPN logs.

Offline

#4 2016-01-24 18:29:43

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: Blockage by IP doesn't get bypassed by OpenVPN

So, the client is on some ISP.  The server is on the internet someplace and has unrestricted access to the Internet..  The ISP is blocking some third party website for the client, but the client can reach the Ubuntu server -- clearly that server is not on the same ISP.  You want to bounce off the server to get around the blocking of the third party website? 

Before we go any further, what is the nature of this ISP and why are they blocking?  Is this a corporate or educational system?  Is it a parent's router? Is it a government censorship?


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#5 2016-01-24 18:32:05

GeneralFailer
Member
Registered: 2013-11-18
Posts: 21

Re: Blockage by IP doesn't get bypassed by OpenVPN

Yes, you are correct.

It's a government censorship.

Last edited by GeneralFailer (2016-01-24 18:33:04)

Offline

#6 2016-01-24 18:55:25

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: Blockage by IP doesn't get bypassed by OpenVPN

Is this going to cause you any legal issues?

Have you considered other techniques besides OpenVPN?  I find ssh SOCKS to be a much easier/reliable system.
I don't know much about OpenVPN.  I must admit that my initial interest in this thread was as a moderator -- I needed to ensure this was not a school or business.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#7 2016-01-24 19:36:48

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: Blockage by IP doesn't get bypassed by OpenVPN

Maybe you are not using the DNS servers you think you are using. Apart from that you could try with "redirect-gateway bypass-dhcp" as it is more aggressive when changing the default route.

Given that you fully control both machines ssh dynamic port forwarding is probably much easier to test/use. If you plan to go the socks tunnel route you have a couple of alternatives to ssh if you don't want to use it or can't use it, you can use stunnel which uses ssl instead of the ssh protocol or you can use shadowsocks-libev.

That said, given that it is a government block I suppose you might get in trouble if you get caught.


R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

#8 2016-01-24 21:21:53

GeneralFailer
Member
Registered: 2013-11-18
Posts: 21

Re: Blockage by IP doesn't get bypassed by OpenVPN

This is legal here, at least currently.

I knew I should've bothered to use the DNS wiki page section, now it works properly. The SOCKS method will probably also be useful to me. Thanks for the help, everyone!

Offline

Board footer

Powered by FluxBB