Hi,
I have a problem with my setup on OrangePi Zero + with lovely DietPi. I have PiVPN server and few other services, like Pihole. But I have a problem with VPN. I am able to connect without any problems, but there is no internet or LAN on connected devices. Only address, that is accessible or pingable is IP of DietPi itself (192.168.29.4). It doesnt look like DNS problem, because I cant ping ips as well.
On a DietPi, I can ping anywhere i want to, also DNS resolution works fine.
I changed DNS to 8.8.8.8 to eliminate possible problems with Pihole. I am suspecting it has something to do with routing and iptables, but I am not skilled in unix enough to troubleshoot it on myself.
Before I had Armbian installed, with PiVPN installed with script and everything worked out of the box, even with Pihole.
Bellow are some configurations, I can post more, if you tell which.
Thanks a million!
dietpi@DietPi:~$ pivpn -d
::: Generating Debug Output
::: :::
:: PiVPN Debug ::
::: :::
:: Latest Commit ::
::: :::
commit 84cd315a522d99717cc4f103c5870b8d014bf846
Author: redfast00 <redfast00@gmail.com>
Date: Tue Jan 29 11:16:48 2019 +0100
So long and thanks for all the fish
::: :::
:: Recursive list of files in ::
:: /etc/openvpn/easy-rsa/pki ::
::: :::
/etc/openvpn/easy-rsa/pki/:
ca.crt
crl.pem
Default.txt
ecparams
Holdaxy.ovpn
index.txt
index.txt.attr
index.txt.attr.old
index.txt.old
issued
private
serial
serial.old
ta.key
/etc/openvpn/easy-rsa/pki/ecparams:
prime256v1.pem
/etc/openvpn/easy-rsa/pki/issued:
Holdaxy.crt
server_znyzUOYI8NRpbnxG.crt
/etc/openvpn/easy-rsa/pki/private:
ca.key
Holdaxy.key
server_znyzUOYI8NRpbnxG.key
::: :::
:: Output of /etc/pivpn/* ::
::: :::
:: START /etc/pivpn/DET_PLATFORM ::
Debian
:: END /etc/pivpn/DET_PLATFORM ::
:: START /etc/pivpn/INSTALL_PORT ::
1194
:: END /etc/pivpn/INSTALL_PORT ::
:: START /etc/pivpn/INSTALL_PROTO ::
udp
:: END /etc/pivpn/INSTALL_PROTO ::
:: START /etc/pivpn/INSTALL_USER ::
dietpi
:: END /etc/pivpn/INSTALL_USER ::
:: START /etc/pivpn/NO_UFW ::
1
:: END /etc/pivpn/NO_UFW ::
:: START /etc/pivpn/pivpnINTERFACE ::
eth0
:: END /etc/pivpn/pivpnINTERFACE ::
:: START /etc/pivpn/setupVars.conf ::
pivpnUser=dietpi
UNATTUPG=unattended-upgrades
pivpnInterface=eth0
IPv4dns=
IPv4addr=192.168.29.4
IPv4gw=192.168.29.3
pivpnProto=udp
PORT=1194
ENCRYPT=256
APPLY_TWO_POINT_FOUR=true
DOWNLOAD_DH_PARAM=false
PUBLICDNS=
OVPNDNS1=8.8.8.8
OVPNDNS2=
:: END /etc/pivpn/setupVars.conf ::
:: START /etc/pivpn/setupVars.conf.save ::
pivpnUser=dietpi
UNATTUPG=unattended-upgrades
pivpnInterface=eth0
IPv4dns=
IPv4addr=192.168.29.4
IPv4gw=192.168.29.3
pivpnProto=udp
PORT=1194
ENCRYPT=256
APPLY_TWO_P.OINT_FOUR=true
DOWNLOAD_D.H_PARAM=false
PUBLICDNS.=
OVPNDNS1=
OVPNDNS2=
:: END /etc/pivpn/setupVars.conf.save ::
:: START /etc/pivpn/TWO_POINT_FOUR ::
:: END /etc/pivpn/TWO_POINT_FOUR ::
::: :::
:: /etc/openvpn/easy-rsa/pki/Default.txt ::
::: :::
client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_znyzUOYI8NRpbnxG name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
::: :::
:: Debug Output Complete ::
::: :::
:::
::: Debug output completed above.
::: Copy saved to /tmp/debug.txt
:::
dietpi@DietPi:~$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -s 10.8.0.0/24 -i tun0 -j ACCEPT
#/etc/network/interfaces
#Please use DietPi-Config to modify network settings.
# Local
auto lo
iface lo inet loopback
# Ethernet
allow-hotplug eth0
iface eth0 inet static
address 192.168.29.4
netmask 255.255.255.0
gateway 192.168.29.3
dns-nameservers 8.8.8.8
# Wifi
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.42.1
netmask 255.255.255.0
#gateway 192.168.0.1
wireless-power off
#dns-nameservers 8.8.8.8 8.8.4.4
# IP tables
up iptables-restore < /etc/iptables.ipv4.nat
dietpi@DietPi:~$ sudo route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.29.3 0.0.0.0 UG 202 0 0 eth0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.29.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
192.168.42.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
server.conf
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_znyzUOYI8NRpbnxG.crt
key /etc/openvpn/easy-rsa/pki/private/server_znyzUOYI8NRpbnxG.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io