OpenVPN No Internet Access but DNS resolves

NethServer Version: 7.3 RC3
**Module:**OpenVPN

Folks, opening a new topic. Saw a related one but may not apply. We’ve setup nethserver, set up the VPN. Connects correctly, gives a separate subnet address and can resolve host names on the internal network and communicate with them. but when one tries to access the internet we cannot get data from Internet servers/sites. We can resolve, for example, google.com, but get no response from a ping or wget. Every computer on the Internal network can access the Internet no problem and since we can resolve DNS entries we seem to be good on everything except getting actual data from external sources once we connect to the VPN. This is kind of important potentially as we intent to let people from our team get into the network using VPN to get a resources and they should be able to access the Internet while getting at files, either through their own ISP (or ideally in some situations) going through our VPN for all traffice internal or external.

Here is our “config show openvpn@host-to-net” command results:
openvpn@host-to-net=service
AuthMode=certificate
BridgeEndIP=192.168.2.180
BridgeName=br0
BridgeStartIP=192.168.2.100
ClientToClient=disabled
Compression=enabled
Mode=routed
Netmask=255.255.255.0
Network=10.10.0.0
Remote=
RouteToVPN=enabled
TapInterface=tap0
UDPPort=1194
access=green,red
status=enabled

We have a router in between (for now before the change over) which is the gateway to the Internet. Again, all hosts in the internal network. The OpenVPN connection appears to not be assigned a gateway from looking at the connection results. any ideas folks?

Folks, discovered we had to apply a Firewall rule to all the VPN to contact the Internet. Makes sense when you think about it. It may be a good idea to add something in the OpenVPN options to pregenerate the rule IF the users asks. Also, any plans to expose more of the raw OpenVPN config options in the web interface. Think others would like that too.

What rule did you need?

Created rule with Filter Rules Web Interface:

Source: Role VPN
Destination: Any
Service: Any
Time Condition: Always

this was a rough rule to get the VPN working. Will refine, but for a proof of concept (for later refinement in production system) it gets the VPN connection to access Internet.

Route all traffic to vpn. Is this condition set on the configuration?

Btw, to just allow internet in a general way, just allow port(service http and https) 80 and 443. :wink:

1 Like

Yep, we did that and it worked.

That helped, thanks!