Connected to VPN but no new IP?

Got a problem with Viscosity or need help? Ask here!

MacGyver

Posts: 4
Joined: Sat Nov 07, 2009 7:49 am

Post by MacGyver » Sat Nov 07, 2009 7:53 am
I don't understand this, I am connected my my server's OpenVPN client without a problem, am assigned a client IP address but when I browse the internet of my client machine I'm not using the VPN connection (i.e. its still using my normal internet/IP).

Here's my log: (IP edited out)
Fri Nov 6 12:40:45 2009: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Nov 6 12:40:45 2009: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Nov 6 12:40:45 2009: LZO compression initialized
Fri Nov 6 12:40:45 2009: Attempting to establish TCP connection with **.**.**.**:1194 [nonblock]
Fri Nov 6 12:40:46 2009: TCP connection established with **.**.**.**:1194
Fri Nov 6 12:40:46 2009: TCPv4_CLIENT link local: [undef]
Fri Nov 6 12:40:46 2009: TCPv4_CLIENT link remote: **.**.**.**:1194
Fri Nov 6 12:40:49 2009: [server] Peer Connection Initiated with **.**.**.**:1194
Fri Nov 6 12:40:51 2009: TUN/TAP device /dev/tun0 opened
Fri Nov 6 12:40:51 2009: /sbin/ifconfig tun0 delete
Fri Nov 6 12:40:51 2009: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Fri Nov 6 12:40:51 2009: /sbin/ifconfig tun0 172.16.0.6 172.16.0.5 mtu 1500 netmask 255.255.255.255 up
Fri Nov 6 12:40:51 2009: /Applications/Viscosity.app/Contents/Resources/dnsup.py tun0 1500 1544 172.16.0.6 172.16.0.5 init
Fri Nov 6 12:40:51 2009: Initialization Sequence Completed
The "TUN/TAP In" always displays 0 bytes, while all the other details show active data transfer. Any ideas?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Sun Nov 08, 2009 2:07 pm
Hi MacGyver,

Firstly, if you are using version 1.0.6 try upgrading to version 1.0.7 to see if that resolves the problem.

If that doesn't help, try turning on the "Send all traffic over the VPN connection" option. You can get to this option by opening Viscosity's Preferences window, Editing your connection, and clicking on the Networking tab.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

MacGyver

Posts: 4
Joined: Sat Nov 07, 2009 7:49 am

Post by MacGyver » Sun Nov 08, 2009 3:20 pm
Thanks, that seems like a step in the right direction - now my mac actually attempts to load data over the VPN.

However, it can't seem to connect to any website, i.e. it just keeps on loading (not an immediate timeout either). Perhaps its a problem with my server, I really don't know much about setting up or configuring openVPN. I installed openVPN on the server and generated the keys/certs and started the service.

Is there any config related to firewall that I need to do on the server? I'm running Debian 5.0. If you could help me out here to get it working, I'd gladly pay the $9 to register Viscosity ;)

Edit: I'd like to add that I am successfully connected to my VPN and get an IP address assigned that I can ping successfully when connected to through the VPN.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Sun Nov 08, 2009 3:35 pm
I installed openVPN on the server and generated the keys/certs and started the service.

Is there any config related to firewall that I need to do on the server?
Yes, as you are using a TUN based connection you'll probably need to setup NAT on the server so connected clients can get out to the Internet. A quick Google turned up this guide which contains a section on how to setup NAT for OpenVPN on a Debian distro.

The OpenVPN website also has more information about what you are wanting to do. See the "Routing all client traffic (including web-traffic) through the VPN" section at the How To page.

Alternatively you could try using something like Webmin to give you a web-based GUI for setting up NAT if you're not comfortable using iptables by hand.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Sun Nov 08, 2009 3:37 pm
Edit: I'd like to add that I am successfully connected to my VPN and get an IP address assigned that I can ping successfully when connected to through the VPN.
If you can ping through your connection, but not access webpages, then you probably have a DNS issue on your hands. To solve this see the "To check for a DNS problem" section at this Viscosity support page.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

MacGyver

Posts: 4
Joined: Sat Nov 07, 2009 7:49 am

Post by MacGyver » Sun Nov 08, 2009 3:51 pm
Actually I can ping websites and even domains (i.e. google.com) BUT I receive no packets (0 packets, 100% lost). So it is most likely is a routing problem. I've used netstat, perhaps you can make sense of it?
Last edited by MacGyver on Mon Nov 09, 2009 4:35 am, edited 1 time in total.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Sun Nov 08, 2009 3:58 pm
So it is most likely is a routing problem. I've used netstat, perhaps you can make sense of it? The VPS's IP is 74.117.59.138.
The routing table on your Mac looks fine. The problem appears to be at your server's end - take a look at the guides posted above for setting up NAT on your server.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

MacGyver

Posts: 4
Joined: Sat Nov 07, 2009 7:49 am

Post by MacGyver » Sun Nov 08, 2009 5:31 pm
The posted tutorial doesn't work, the IPTABLES rule is full of syntax errors (not to mention smileys). I have enabled IP forwarding, set the openVPN config and even specified a route using "route add -net 172.16.0.0 netmask 255.255.255.0 gw <my server IP>", but to no avail :(

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Nov 10, 2009 2:55 pm
I'd recommend posting your server configuration on the OpenVPN mailing list, as they should be able to point you in the right direction.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
9 posts Page 1 of 1