NordVPN not connected

hansbl · 24 November 2020 10:23

Hello,

First of all, I’m really new on Raspberry Pi/Dietpi. So, forgive me my ignorance.
I have the following issue, which is also discussed in the following thread, but I can’t see a solution for me:

https://dietpi.com/forum/t/nordvpn-doesnt-seem-to-work/3790/10

I can see my Raspberry Pi (with Pi-Hole) is connected with a NordVPN server if I do: dietpi_nordvpn
If I check my ipaddress it is still showing my own ipaddress.
I don’t know what to do to find out what the problem is.

Can anyone help me?
Thanks in advance.
Hans

Joulinar · 24 November 2020 10:26

Hi, can you give some explanation what does this mean. Where do you check what IP address?

hansbl · 24 November 2020 10:34

Hi,

Thanks for your reaction.
I am checking it on:

https://watismijnip.nl/

Regards,
Hans

Joulinar · 24 November 2020 10:51

on which device you are doing this check. On you computer or the DietPi device?

trendy · 24 November 2020 11:14

On dietpi run the following:

ip -4 addr; ip -4 ro; ip -4 ru

and post here the output

hansbl · 24 November 2020 11:23

Hello,

I am doing the check on my PC. My PC is connected to my router which uses the Raspberry Pi, with Pi Hole, as DNS.

Output:

root@DietPi:~# ip -4 addr; ip -4 ro; ip -4 ru
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.178.27/24 brd 192.168.178.255 scope global dynamic eth0
       valid_lft 858491sec preferred_lft 858491sec
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    inet 10.8.2.9/24 brd 10.8.2.255 scope global tun0
       valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.8.2.1 dev tun0
default via 192.168.178.1 dev eth0
10.8.2.0/24 dev tun0 proto kernel scope link src 10.8.2.9
128.0.0.0/1 via 10.8.2.1 dev tun0
188.95.55.88 via 192.168.178.1 dev eth0
192.168.178.0/24 dev eth0 proto kernel scope link src 192.168.178.27
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

Regards,
Hans

Joulinar · 24 November 2020 11:25

On your computer, you would need to set your DietPi device as Gateway. Currently your computer is still using your router to access the Internet

hansbl · 24 November 2020 11:38

Thanks for your reaction, but that doesn’t help.
According to the instructions from Pi Hole, the DNS can also be set in the router so that it is not neccessary to change the settings in all the connected devices.

Regards,
Hans

Joulinar · 24 November 2020 11:41

keep away DNS pls. This has nothing to do on how you access the internet. DNS is just to perform name resolution.

hansbl · 24 November 2020 11:48

Setting the RPi as gateway doesn’t help. The problem still persists.

trendy · 24 November 2020 14:27

Make sure you have forwarding enabled in RPi.
In /etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

From the PC do a traceroute to the 8.8.8.8 and post here the result.

hansbl · 24 November 2020 15:23

Uncommented the line.

Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  fritz.box [192.168.178.1]
  2     1 ms     1 ms     1 ms  002-000-143-136.dynamic.caiway.nl [136.143.0.2]
  3     4 ms     3 ms     3 ms  cn-aml-vkw-cr15-be2002-2010.caiw.net [62.45.30.249]
  4     4 ms     3 ms     3 ms  72.14.223.133
  5     3 ms     3 ms     3 ms  108.170.241.129
  6     3 ms     3 ms     3 ms  108.170.236.223
  7     3 ms     3 ms     3 ms  dns.google [8.8.8.8]

Trace complete.

Joulinar · 25 November 2020 02:52

looks like your computer is going straight to your Fritz!Box and not to your DietPi system. Are you sure your computer is using the DietPi device as gateway?

trendy · 25 November 2020 08:11

You have not configured the default gateway on the PC properly. It is still using the router, instead of the dietpi.
Also you need to restart sysctl or reboot the dietpi to apply the changes in sysctl.

hansbl · 25 November 2020 08:12

If I set it up as shown in the attachment, I have no connection at all.
2020-11-25 09_03_14-Greenshot.png

Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  DietPi [192.168.178.27]
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9  ^C

Joulinar · 25 November 2020 08:47

pls can you check if following is set to 1

sysctl net.ipv4.ip_forward

hansbl · 25 November 2020 08:49

It is.

root@DietPi:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

trendy · 25 November 2020 09:52

You also need to nat the egress traffic of OpenVPN (NordVPN) interface. Add the following:

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

After it works, make sure that you add it in the up/down scripts of the OpenVPN tunnel.

Joulinar · 25 November 2020 10:01

trendy

In case of NordVPN, OpenVPN is used as VPN technology

trendy · 25 November 2020 10:23

Thanks for the reminder Joulinar, I have updated the instructions.