PiVPN - possible to connect, but no internet Topic is solved

Having issues with your DietPi installation, or, found a bug? Post it here.
User avatar
trendy
Posts: 133
Joined: Tue Feb 25, 2020 2:54 pm

Re: PiVPN - possible to connect, but no internet

Post by trendy »

Yes, there should be some other configuration file for the client.
Also the output of

Code: Select all

ip -4 addr; ip -4 ro; ip -4 ru
would provide some insight.
User avatar
MichaIng
Site Admin
Posts: 2333
Joined: Sat Nov 18, 2017 6:21 pm

Re: PiVPN - possible to connect, but no internet

Post by MichaIng »

First of all revert all steps that you did based on this thread, as it is about connecting to DietPi as a VPN server with PiVPN ;).

To paste the used (client-side) config file:

Code: Select all

cat "$(grep -o '/etc/openvpn/.*\.ovpn' /etc/systemd/system/dietpi-nordvpn.service)"
And can you paste the output of: dietpi-nordvpn status
JohnDoeFR
Posts: 29
Joined: Tue Sep 22, 2020 6:04 pm

Re: PiVPN - possible to connect, but no internet

Post by JohnDoeFR »

Ok thank you both, I tried to revert all the modifications based upon this topic, the best I could...

So, yes, you were right about the fact that I'm trying to connect as a client to NordVPN from Dietpi-nordvpn, to let pass all my traffic from my LAN > Pi > VPN > Internet. (using the DHCP from PiHole and turned off the one from the router)

When the VPN is connected, I cannot access internet.

So, I paste all the data you asked for :

ip -4 addr

Code: Select all

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.1.56/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
       valid_lft forever preferred_lft forever
ip -4 ro
default via 192.168.1.1 dev eth0 onlink <- That's the IP from my internet gateway
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.56


ip -4 ru

Code: Select all

0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default


cat "$(grep -o '/etc/openvpn/.*\.ovpn' /etc/systemd/system/dietpi-nordvpn.service)"
client
dev tun
proto udp
remote 217.138.207.139 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no

remote-cert-tls server

auth-user-pass /var/lib/dietpi/dietpi-software/installed/dietpi-nordvpn/settings_ovpn.conf

Code: Select all

verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
route-up /var/lib/dietpi/dietpi-software/installed/dietpi-nordvpn/up.sh
script-security 2
<ca>
-----BEGIN CERTIFICATE-----
KEY removed
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
KEY removed
-----END OpenVPN Static key V1-----
</tls-auth>
dietpi-nordvpn status

Code: Select all

Connected - Sent = 0 MiB | Received = 0 MiB
Strange, it's said that it is connected but I don't see that
User avatar
Joulinar
Posts: 2300
Joined: Sat Nov 16, 2019 12:49 am

Re: PiVPN - possible to connect, but no internet

Post by Joulinar »

I removed the cert key from congiguration file from your post.

Basically DietPi-NordVPN is going to download the config file from NordVPN and there is no need to perform a configuration

Question:
- Is connection from the Pi itself to the internet is working while VPN is active?
- Is the Pi set as Gateway on your Clients within your local network?
- Are you able to ping something like 8.8.8.8 or 9.9.9.9 on the web?

I guess some iptable rules would need to be set to forward trafic from eth0 to tun0 interface. As well pls can you check result of sysctl net.ipv4.ip_forward? It would need to be set to 1.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
MichaIng
Site Admin
Posts: 2333
Joined: Sat Nov 18, 2017 6:21 pm

Re: PiVPN - possible to connect, but no internet

Post by MichaIng »

The connection test does not more than checking for a route through the VPN interface, and that route is there :?.
Although I am not 100% sure if those VPN addresses are correct, not that there is another OpenVPN instance running...

Can you check for other OpenVPN processes (probably started while trying to fix things):

Code: Select all

ps ax | grep openvpn
And what does the up script contain?

Code: Select all

cat /var/lib/dietpi/dietpi-software/installed/dietpi-nordvpn/up.sh
(erase any private/identifying data)

@Joulinar
Correct me, but I think that key is public from NordVPN and all sensitiv data in this regards is in /var/lib/dietpi/dietpi-software/installed/dietpi-nordvpn/settings_ovpn.conf, isn't it? Good to be double sure but at least we do not create or add any private key to those configs but only the user/password with this external file.
JohnDoeFR
Posts: 29
Joined: Tue Sep 22, 2020 6:04 pm

Re: PiVPN - possible to connect, but no internet

Post by JohnDoeFR »

Thanks guys, so :

When the VPN is connected, the Pi can connect to internet, I CAN ping 8.8.8.8 without problem. And yes the Pi is set to be my gateway on all stuff.

The sysctl net.ipv4.ip_forward report 1, so I think it's ok.

ps ax | grep openvpn

Code: Select all

  396 ?        Ss     0:02 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid
18956 pts/0    S+     0:00 grep openvpn
cat /var/lib/dietpi/dietpi-software/installed/dietpi-nordvpn/up.sh

Code: Select all

#!/bin/bash
# Clear this file completely, including line breaks, to have it removed.
whitelist add subnet 192.168.1.56/25
The weird thing, is that it all worked during one day, I had internet on all devise and then boom, blocked like that :?
User avatar
MichaIng
Site Admin
Posts: 2333
Joined: Sat Nov 18, 2017 6:21 pm

Re: PiVPN - possible to connect, but no internet

Post by MichaIng »

Ah okay, so you use OpenVPN as server and as client concurrently. While this is generally possible I am not 100% sure currently what needs to be done to make that work or the other way round what would break it.

Currently only the server is running, not the client. dietpi-nordvpn UI wrongly shows "connected" state as the server is running and hence the tun0 interface is up with a route.

It is quite a problem that we check tun0 with dietpi-nordvpn while, if I see right, it can be tun1 or tun2 if there are other tun interfaces configured already. Not sure if this can be hardcoded, e.g. adding dev tun1 to client configs while keeping dev tun0 for server configs?

But the actual problem will be conflicting routes, probably even depending on which instance is started first, server or client. I'll test and think about it tomorrow.

But a different question: If you have OpenVPN on the clients that you want to connect to your DietPi, to then redirect them to NordVPN, why don't you connect the clients to NordVPN directly? Or did I misunderstand the aim?
User avatar
Joulinar
Posts: 2300
Joined: Sat Nov 16, 2019 12:49 am

Re: PiVPN - possible to connect, but no internet

Post by Joulinar »

If I'm not mistaken, it's required to configure the environment to have following connection scenario: LAN > Pi > VPN > Internet

Therefore I would recommend to deactivate OpenVPN server and just try to get the Client working.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
JohnDoeFR
Posts: 29
Joined: Tue Sep 22, 2020 6:04 pm

Re: PiVPN - possible to connect, but no internet

Post by JohnDoeFR »

No in fact I don't want to use the OpenVPN server only the client, to connect all my network to the NordVPN account using only one connection, way easier that way for the TV, etc...

Joulinar got it right, I don't even know how I turned on this god damnes OpenVPN server I've only touched the Dietpi-nordvpn client...

Is there a way to delete the "server" side ?

Thanks

EDIT : I've found that I had the OpenVPN Server installed in the DietPi package, so I un installed it and killed the process in htop. Normally I only have the Dietpi-nordvpn client now

EDIT 2 : So, apparently removing this completely broke the Dietpi-nordvpn
User avatar
Joulinar
Posts: 2300
Joined: Sat Nov 16, 2019 12:49 am

Re: PiVPN - possible to connect, but no internet

Post by Joulinar »

yes both OpenVPN server as well as NordVPN Client using same Debian package. Did you removed OpenVPN server using dietpi-software now? If yes, no problem. You could force NordVPN Client to be reinstalled

Code: Select all

dietpi-software reinstall 171
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply