VPN connects, but no internet access

Question

I'm running raspbian on my raspberry pi model B and I have a VPN account with Private Internet Access. I've used their openvpn settings to connect (I'm using the same ones on my ubuntu laptop and everything works ok), but I can't ping anything.

I'm using the following command to connect

sudo /usr/sbin/openvpn --status /var/run/openvpn.Switzerland.status 10 --cd /etc/openvpn --config /etc/openvpn/Switzerland.conf

My config file in /etc/openvpn/Switzerland.conf looks like:

client
dev tun
proto udp
remote swiss.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass login.conf
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.pem

The output I get is:

Sat Sep 19 14:55:25 2015 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec  1 2014
Sat Sep 19 14:55:25 2015 WARNING: file 'login.conf' is group or others accessible
Sat Sep 19 14:55:25 2015 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Sep 19 14:55:25 2015 LZO compression initialized
Sat Sep 19 14:55:25 2015 RESOLVE: NOTE: swiss.privateinternetaccess.com resolves to 4 addresses
Sat Sep 19 14:55:25 2015 UDPv4 link local: [undef]
Sat Sep 19 14:55:25 2015 UDPv4 link remote: [AF_INET]179.43.151.2:1194
Sat Sep 19 14:55:25 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Sep 19 14:55:26 2015 [Private_Internet_Access] Peer Connection Initiated with [AF_INET]179.43.151.2:1194
Sat Sep 19 14:55:28 2015 TUN/TAP device tun0 opened
Sat Sep 19 14:55:28 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Sep 19 14:55:28 2015 /sbin/ifconfig tun0 10.117.1.6 pointopoint 10.117.1.5 mtu 1500
Sat Sep 19 14:55:28 2015 Initialization Sequence Completed

It appears to connect, but the if I try to ping google.com or nslookup google.com in another terminal it fails. Any suggestions on anything I could have done wrong or change to get this working?

score 1 · Answer 1 · edited May 23 '17 at 12:37

I was having the same issue as the owner of the question. As per JorgeHortelano 's answer, this thread, and this thread, I figured out how to correct my version of the issue.

First, I created a shell script names firewall.sh in /etc/init.d with the following code:

#!/bin/sh
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE //These are the commands that fixed it for me
sudo su -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

Then, I enabled the above script to be run at startup using these commands:

sudo chmod 755 /etc/init.d/firewall.sh
sudo chmod +x /etc/init.d/firewall.sh

and optionally (if it still doesn't execute on startup):

sudo update-rc.d firewall.sh defaults

Hope this helps someone if they were having the same issue I was. Please keep in mind that I am very new to linux operating systems (~24 hrs.) and what I do may not be considered "good practice."

score 0 · Answer 2 · answered Sep 21 '15 at 12:03

I'm not an expert but I also had similar problems so will try and share. What happens if you run "sudo curl --interface tun0 freegeoip.net/json/"

This should force the command via the tun0 interface (your vpn tunnel).

If this returns according to the right country (eg. Switzrland in your case) then the VPN tunnel is working, and you probably have a routing issue so need to look at IPTABLES configuration.

But if it helps, this is the config I had for my vpn client on Rpi.

client
fast-io
dev tun
proto udp

nobind
remote YOUR_VPN_PROVIDER_IP 1194
route-method exe
route-delay 2
resolv-retry infinite

persist-key
persist-tun

auth-user-pass mypassword.txt
ca myca.crt
tls-auth ta.key 1

comp-lzo
verb 3

tun-mtu 1350

score 0 · Answer 3 · answered Oct 21 '16 at 13:46

Long time ago I have folloed up this good article to create a VPN in my raspbery pi (that I am just using now, therefore seems a good article).

Can be lot of things, but I first focus on:

Enable packet forwarding echo 1 > /proc/sys/net/ipv4/ip_forward.
Firewall issue: set forward policy as accept by default. For this, edit /etc/default/ufw and set DEFAULT_FORWARD_POLICY="ACCEPT".
DNS issue. In the openvpn server (server.conf), comment out push "dhcp-option DNS 8.8.8.8" but select a correct ip

As you can see, some of the proposed solutions are not related to the openvpn configuration itself, but are mandatory. Still I would recomend to take a look on the previous link. It has a real good explanation of how to solve your issue.

score 0 · Answer 4 · answered Nov 24 '16 at 14:21

My thoughts would be incorrect iptables, or dns server. You may wish to try 8.8.8.8 as your dns server. And be sure your iptables are configured correctly. This tutorial has iptables that worked well for me https://www.google.com/amp/s/sys.jonaharagon.com/2016/05/12/setting-up-an-openvpn-server-on-a-raspberry-pi-2-part-12/amp/

VPN connects, but no internet access

4 Answers4