Configuring OpenVPN for Secure Web Browsing?

Multi tool use
Multi tool use

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I can connect my client to the VPN (Ubuntu 15.10) and ping other clients but still can not browse the web. I can reach a few sites (youtube.com, example.com) but most give no response including askubuntu.com



UFW is not installed and there is no nat table in iptables:



sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.


server.conf:



port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;push "route 192.169.244.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 10.0.0.2"
;push "dhcp-option DNS 10.1.0.2"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
client-to-client
keepalive 1 3
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3


netstat -rn:



Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
192.169.169.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.169.169.254 0.0.0.0 UG 0 0 0 eth0

==============================================================================


client.conf:



client
dev tun
proto udp
remote pyfi.org 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
;remote-cert-tls server
;tls-auth ta.key 1
;cipher AES-256-CBC
comp-lzo
verb 3


netstat -rn:



Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 enp3s0
10.8.0.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0
10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
128.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 enp3s0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp3s0
192.169.169.10 192.168.0.1 255.255.255.255 UGH 0 0 0 enp3s0


Can anyone tell me why I'm not able to reach the internet?




iptables routing openvpn vpn netstat




share|improve this question
























    up vote
    0
    down vote

    favorite












    I can connect my client to the VPN (Ubuntu 15.10) and ping other clients but still can not browse the web. I can reach a few sites (youtube.com, example.com) but most give no response including askubuntu.com



    UFW is not installed and there is no nat table in iptables:



    sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.


    server.conf:



    port 1194
    proto udp
    dev tun
    ca ca.crt
    cert server.crt
    key server.key
    dh dh2048.pem
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    ;push "route 192.169.244.0 255.255.255.0"
    push "redirect-gateway def1 bypass-dhcp"
    ;push "dhcp-option DNS 10.0.0.2"
    ;push "dhcp-option DNS 10.1.0.2"
    push "dhcp-option DNS 208.67.222.222"
    push "dhcp-option DNS 208.67.220.220"
    client-to-client
    keepalive 1 3
    comp-lzo
    user nobody
    group nogroup
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3


    netstat -rn:



    Kernel IP routing table
    Destination Gateway Genmask Flags MSS Window irtt Iface
    10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
    10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
    192.169.169.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    0.0.0.0 192.169.169.254 0.0.0.0 UG 0 0 0 eth0

    ==============================================================================


    client.conf:



    client
    dev tun
    proto udp
    remote pyfi.org 1194
    resolv-retry infinite
    nobind
    user nobody
    group nogroup
    persist-key
    persist-tun
    ca ca.crt
    cert client.crt
    key client.key
    ;remote-cert-tls server
    ;tls-auth ta.key 1
    ;cipher AES-256-CBC
    comp-lzo
    verb 3


    netstat -rn:



    Kernel IP routing table
    Destination Gateway Genmask Flags MSS Window irtt Iface
    0.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
    0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 enp3s0
    10.8.0.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0
    10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
    128.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
    169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 enp3s0
    192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp3s0
    192.169.169.10 192.168.0.1 255.255.255.255 UGH 0 0 0 enp3s0


    Can anyone tell me why I'm not able to reach the internet?




    iptables routing openvpn vpn netstat




    share|improve this question






















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I can connect my client to the VPN (Ubuntu 15.10) and ping other clients but still can not browse the web. I can reach a few sites (youtube.com, example.com) but most give no response including askubuntu.com



      UFW is not installed and there is no nat table in iptables:



      sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
      iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
      Perhaps iptables or your kernel needs to be upgraded.


      server.conf:



      port 1194
      proto udp
      dev tun
      ca ca.crt
      cert server.crt
      key server.key
      dh dh2048.pem
      server 10.8.0.0 255.255.255.0
      ifconfig-pool-persist ipp.txt
      ;push "route 192.169.244.0 255.255.255.0"
      push "redirect-gateway def1 bypass-dhcp"
      ;push "dhcp-option DNS 10.0.0.2"
      ;push "dhcp-option DNS 10.1.0.2"
      push "dhcp-option DNS 208.67.222.222"
      push "dhcp-option DNS 208.67.220.220"
      client-to-client
      keepalive 1 3
      comp-lzo
      user nobody
      group nogroup
      persist-key
      persist-tun
      status openvpn-status.log
      verb 3


      netstat -rn:



      Kernel IP routing table
      Destination Gateway Genmask Flags MSS Window irtt Iface
      10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
      10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
      192.169.169.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
      0.0.0.0 192.169.169.254 0.0.0.0 UG 0 0 0 eth0

      ==============================================================================


      client.conf:



      client
      dev tun
      proto udp
      remote pyfi.org 1194
      resolv-retry infinite
      nobind
      user nobody
      group nogroup
      persist-key
      persist-tun
      ca ca.crt
      cert client.crt
      key client.key
      ;remote-cert-tls server
      ;tls-auth ta.key 1
      ;cipher AES-256-CBC
      comp-lzo
      verb 3


      netstat -rn:



      Kernel IP routing table
      Destination Gateway Genmask Flags MSS Window irtt Iface
      0.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
      0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 enp3s0
      10.8.0.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0
      10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
      128.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
      169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 enp3s0
      192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp3s0
      192.169.169.10 192.168.0.1 255.255.255.255 UGH 0 0 0 enp3s0


      Can anyone tell me why I'm not able to reach the internet?




      iptables routing openvpn vpn netstat




      share|improve this question












      I can connect my client to the VPN (Ubuntu 15.10) and ping other clients but still can not browse the web. I can reach a few sites (youtube.com, example.com) but most give no response including askubuntu.com



      UFW is not installed and there is no nat table in iptables:



      sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
      iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
      Perhaps iptables or your kernel needs to be upgraded.


      server.conf:



      port 1194
      proto udp
      dev tun
      ca ca.crt
      cert server.crt
      key server.key
      dh dh2048.pem
      server 10.8.0.0 255.255.255.0
      ifconfig-pool-persist ipp.txt
      ;push "route 192.169.244.0 255.255.255.0"
      push "redirect-gateway def1 bypass-dhcp"
      ;push "dhcp-option DNS 10.0.0.2"
      ;push "dhcp-option DNS 10.1.0.2"
      push "dhcp-option DNS 208.67.222.222"
      push "dhcp-option DNS 208.67.220.220"
      client-to-client
      keepalive 1 3
      comp-lzo
      user nobody
      group nogroup
      persist-key
      persist-tun
      status openvpn-status.log
      verb 3


      netstat -rn:



      Kernel IP routing table
      Destination Gateway Genmask Flags MSS Window irtt Iface
      10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
      10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
      192.169.169.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
      0.0.0.0 192.169.169.254 0.0.0.0 UG 0 0 0 eth0

      ==============================================================================


      client.conf:



      client
      dev tun
      proto udp
      remote pyfi.org 1194
      resolv-retry infinite
      nobind
      user nobody
      group nogroup
      persist-key
      persist-tun
      ca ca.crt
      cert client.crt
      key client.key
      ;remote-cert-tls server
      ;tls-auth ta.key 1
      ;cipher AES-256-CBC
      comp-lzo
      verb 3


      netstat -rn:



      Kernel IP routing table
      Destination Gateway Genmask Flags MSS Window irtt Iface
      0.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
      0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 enp3s0
      10.8.0.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0
      10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
      128.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
      169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 enp3s0
      192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp3s0
      192.169.169.10 192.168.0.1 255.255.255.255 UGH 0 0 0 enp3s0


      Can anyone tell me why I'm not able to reach the internet?





      iptables routing openvpn vpn netstat





      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 5 '17 at 3:21









      physiii

      11




      11

























          active

          oldest

          votes











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f402586%2fconfiguring-openvpn-for-secure-web-browsing%23new-answer', 'question_page');

          );

          Post as a guest






















          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f402586%2fconfiguring-openvpn-for-secure-web-browsing%23new-answer', 'question_page');

          );

          Post as a guest
































































          O7Wy0iSvOq18cf1,Ae5iyaQ8GNsf Tu4Jr,eeaq0vDs rMWscLc qF5HI3Ezhy0vwLuiw,x8YZuv6NBG xJC 1wbF2,OjIn
          -
          cZs2Sh4e7,jEhwqa

          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this questi...
          Read more

          How many registers does an x86_64 CPU actually have?

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite I am currently learning reverse engineering and am studying the flags register. I had in my mind that rflags was just another name for one of the 16 general purpose registers, for example rax or rbx . But it looks like rflags is actually an additional register. So that makes 17 registers in total... how many more could there be? I have spent at least an hour on this and found numerous different answers. The best answer so far is this, which says that there are 40 registers in total. 16 General Purpose Registers 2 Status Registers 6 Code Segment Registers 16 SSE Registers 8 FPU/MMX Registers But if I add that up, I get 48. Could anybody provide an official answer on how many registers an x86_64 CPU has (e.g. an Intel i7). Additionally, I have seen references to 'hardware' and 'architectural' registers. What are those registers and how many are there? register x86-64 share | improve this...
          Read more

          Displaying single band from multi-band raster using QGIS

          Image
          Clash Royale CLAN TAG #URR8PPP 1 How can I extract a single band from multi-band raster in QGIS? I have an remote sensed image which has 6 bands (including NDVI band), I want to display each band separately, but have no idea how to do. I have seen some questions similar here but none worked for me. The original image (has 6 bands) is: I want to display the band 6 which should be like this: But I tried gdal_translate, and couldn't get the correct result. What I have got is: qgis raster multi-band share | improve this question edited Mar 5 at 0:53 Summer asked Mar 4 at 6:42 Summer Summer 23 6 Is this any help gis.stackexchange.com/questions/220658/… ? if not gis.stackexchange.com/questions/62133/… might help. – Michael Stimson Mar 4 at 6:46 Thanks for answering but when I used gdal_translate, qgis showed that 'Error 4: Kayena.tif: No such file or directory". Would you know how to fi...
          Read more