Docker linuxserver/openvpn-as - No internet access

quentinrey · 12 September 2019 16:00

I’m using linuxserver/openvpn-as image on my Debian server. I used docker-compose, the image is okay, the container started. The webadmin interface is reachable (Created new user, deleted admin)

docker-compose.yml

version: "2"
services:
 openvpn-as:
  image: linuxserver/openvpn-as
  container_name: openvpn-as
  cap_add:
   - NET_ADMIN
  environment:
   - PUID=1000
   - PGID=1000
   - TZ=Europe/London
   - INTERFACE=eth0 #optional
  volumes:
   - .config:/config
  ports:
   - 943:943
   - 9443:9443
   - 1194:1194/udp
  restart: unless-stopped

When I try to connect to my VPN client, the connection is okay, but I can’t correctly access Internet. For example, if I want to go to amazon.fr, it doesn’t work, but if I use the IP adress it works.

My Client Log

09/09/2019 à 21:22:39 OpenVPN core 3.git::1ab9727b win x86_64 64-bit PT_PROXY built on May 31 2019 13:25:03
09/09/2019 à 21:22:39 Frame=512/2048/512 mssfix-ctrl=1250
09/09/2019 à 21:22:39 UNUSED OPTIONS
4 [nobind] 
18 [sndbuf] [0] 
19 [rcvbuf] [0] 
22 [verb] [3] 
31 [CLI_PREF_ALLOW_WEB_IMPORT] [True] 
32 [CLI_PREF_BASIC_CLIENT] [False] 
33 [CLI_PREF_ENABLE_CONNECT] [False] 
34 [CLI_PREF_ENABLE_XD_PROXY] [True] 
35 [WSHOST] [172.18.0.2:9443] 
36 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- MIIDCjCCAfKgAwIBAgIEXXaP4DANBgkqhkiG...] 
37 [IS_OPENVPN_WEB_CA] [1] 
09/09/2019 à 21:22:39 Contacting [MY-SERVER-IP]:1194 via UDP
09/09/2019 à 21:22:39 Connecting to [[MY-SERVER-IP]]:1194 ([MY-SERVER-IP]) via UDPv4
09/09/2019 à 21:22:39 EVENT: RESOLVE 09/09/2019 à 21:22:39 EVENT: WAIT 09/09/2019 à 21:22:39 EVENT: CONNECTING 09/09/2019 à 21:22:39 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
09/09/2019 à 21:22:39 Creds: Username/Password
09/09/2019 à 21:22:39 Peer Info:
IV_VER=3.git::1ab9727b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_HWADDR=34:97:f6:db:05:c6

09/09/2019 à 21:22:40 VERIFY OK : depth=1
cert. version     : 3
serial number     : 5D:76:8F:C0
issuer name       : CN=OpenVPN CA
subject name      : CN=OpenVPN CA
issued  on        : 2019-09-02 17:45:36
expires on        : 2029-09-06 17:45:36
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true

09/09/2019 à 21:22:40 VERIFY OK : depth=0
cert. version     : 3
serial number     : 01
issuer name       : CN=OpenVPN CA
subject name      : CN=OpenVPN Server
issued  on        : 2019-09-02 17:45:36
expires on        : 2029-09-06 17:45:36
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
cert. type        : SSL Server

09/09/2019 à 21:22:40 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
09/09/2019 à 21:22:40 Session is ACTIVE
09/09/2019 à 21:22:40 Sending PUSH_REQUEST to server...
09/09/2019 à 21:22:40 EVENT: GET_CONFIG 09/09/2019 à 21:22:41 Sending PUSH_REQUEST to server...
09/09/2019 à 21:22:43 Sending PUSH_REQUEST to server...
09/09/2019 à 21:22:43 OPTIONS:
0 [explicit-exit-notify] 
1 [topology] [subnet] 
2 [route-delay] [5] [30] 
3 [dhcp-pre-release] 
4 [dhcp-renew] 
5 [dhcp-release] 
6 [route-metric] [101] 
7 [route-metric] [1000] 
8 [ping] [12] 
9 [ping-restart] [50] 
10 [compress] [stub-v2] 
11 [redirect-gateway] [def1] 
12 [redirect-gateway] [bypass-dhcp] 
13 [redirect-gateway] [autolocal] 
14 [route-gateway] [172.27.232.1] 
15 [dhcp-option] [DNS] [127.0.0.11] 
16 [register-dns] 
17 [block-ipv6] 
18 [ifconfig] [172.27.232.4] [255.255.254.0] 
19 [peer-id] [0] 
20 [auth-token] ...
21 [cipher] [AES-256-GCM] 

09/09/2019 à 21:22:43 Session token: [redacted]
09/09/2019 à 21:22:43 Server has pushed compressor COMP_STUBv2, but client has disabled compression, switching to asymmetric
09/09/2019 à 21:22:43 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA1
  compress: COMP_STUBv2
  peer ID: 0
09/09/2019 à 21:22:43 CAPTURED OPTIONS:
Session Name: [MY-SERVER-IP]
Layer: OSI_LAYER_3
Remote Address: [MY-SERVER-IP]
Tunnel Addresses:
  172.27.232.4/23 -> 172.27.232.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW AUTO_LOCAL DEF1 BYPASS_DHCP IPv4 ]
Block IPv6: yes
Route Metric Default: 1000
Add Routes:
Exclude Routes:
DNS Servers:
  127.0.0.11
Search Domains:

09/09/2019 à 21:22:43 EVENT: ASSIGN_IP 09/09/2019 à 21:22:43 SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
    "confirm_event" : "040e000000000000",
    "destroy_event" : "940e000000000000",
    "tun" : 
    {
        "adapter_domain_suffix" : "",
        "block_ipv6" : true,
        "dns_servers" : 
        [
            {
                "address" : "127.0.0.11",
                "ipv6" : false
            }
        ],
        "layer" : 3,
        "mtu" : 0,
        "remote_address" : 
        {
            "address" : "[MY-SERVER-IP]",
            "ipv6" : false
        },
        "reroute_gw" : 
        {
            "flags" : 315,
            "ipv4" : true,
            "ipv6" : false
        },
        "route_metric_default" : 1000,
        "session_name" : "[MY-SERVER-IP]",
        "tunnel_address_index_ipv4" : 0,
        "tunnel_address_index_ipv6" : -1,
        "tunnel_addresses" : 
        [
            {
                "address" : "172.27.232.4",
                "gateway" : "172.27.232.1",
                "ipv6" : false,
                "metric" : -1,
                "net30" : false,
                "prefix_length" : 23
            }
        ]
    }
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{FEF67341-2DA9-4B3B-96D8-D13DF75686B7}' index=18 name='Ethernet 2'
Open TAP device "Ethernet 2" PATH="\\.\Global\{FEF67341-2DA9-4B3B-96D8-D13DF75686B7}.tap" SUCCEEDED
TAP-Windows Driver Version 9.23
ActionDeleteAllRoutesOnInterface iface_index=18
netsh interface ip set interface 18 metric=1
Ok.
netsh interface ip set address 18 static 172.27.232.4 255.255.254.0 gateway=172.27.232.1 gwmetric=1000 store=active
netsh interface ipv6 add route 2000::/4 interface=1 store=active
Ok.
netsh interface ipv6 add route 3000::/4 interface=1 store=active
Ok.
netsh interface ipv6 add route fc00::/7 interface=1 store=active
Ok.
netsh interface ip add route [MY-SERVER-IP]/32 9 192.168.1.254 store=active
Ok.
netsh interface ip add route 0.0.0.0/1 18 172.27.232.1 store=active
Ok.
netsh interface ip add route 128.0.0.0/1 18 172.27.232.1 store=active
Ok.
netsh interface ip set dnsservers 18 static 127.0.0.11 register=primary validate=no
NRPT::ActionCreate names=[.] dns_servers=[127.0.0.11]
ActionWFP openvpn_app_path=C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe tap_index=18 enable=1
permit IPv4 DNS requests from OpenVPN app
permit IPv6 DNS requests from OpenVPN app
block IPv4 DNS requests from other apps
block IPv6 DNS requests from other apps
allow IPv4 traffic from TAP
allow IPv6 traffic from TAP
ipconfig /flushdns
Configuration IP de Windows
Cache de résolution DNS vidé.
TAP handle: 1c0f000000000000
09/09/2019 à 21:22:43 Connected via TUN_WIN
09/09/2019 à 21:22:43 Comp-stubV2 init
09/09/2019 à 21:22:43 EVENT: CONNECTED quentin@[MY-SERVER-IP]:1194 ([MY-SERVER-IP]) via /UDPv4 on TUN_WIN/172.27.232.4/ gw=[172.27.232.1/]09/09/2019 à 21:23:44 SetupClient: signaling tun destroy event
09/09/2019 à 21:23:44 EVENT: DISCONNECTED

I’m not very good with network settings, so I tried to search answers, but there is nothing I understand or that makes sense. Is it a IP forwarding problem ? Why is this happening ?

Thanks in advance for your help!

aptalca · 12 September 2019 19:08

In openvpn gui, put in your dns address under vpn settings, it would be your router IP if you don’t have a separate dns server

system · 17 September 2019 19:08

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.