I don't have a working VPN


#1

Hello everyone!

I’m trying to have a working VPN connection, but when I use the .ovpn file on my laptop (Windows 7 Pro) I don’t have a working internet connection.

I’ve tried with the official image from the Image Hub and also by using this great script https://github.com/Nyr/openvpn-install

In both cases I can’t make it work.

If you were able to make OpenVPN work on your Scaleway would you kindly help me?

Thank you very much and happy new year!


#2

Does it actually connect, or does the connecting fail?


#3

Thank you for the answer!

It says “Connected to 10.8…” and I have the usual green little monitor.


#4

Can you pinging the 10.8.... address? (I’m assuming the default, 10.8.0.1)


#5

I’ll have to check this as I terminated the server just now. I have plans to re-install it tomorrow morning. I’ll post the ping results along with the log of the connection.

Thank you for the help so far Etienne_Bruines! I wish you a happy new year!


#6

I got my setup working (I used a Debian image, though) yesterday, so I should have most information fresh in memory.

I would say: try to ping it. You probably will be able to. (If not, then there’s something seriously wrong with the connection, you might want to check the /var/log/syslog file at the server, to see if OpenVPN had some kind of error message)

After you’ve pinged successfully you might want to edit /etc/openvpn/server.conf (or whatever the .conf file in the /etc/openvpn directory is called), and look for the line that says push "redirect-gateway def1 bypass-dhcp"

Depending on what you want, you can either comment this line (by putting a ; or # in front of it) - this will tell every connected client: “You should only use this OpenVPN connection to connect to internal IPs”, or uncomment it: - this will tell every connected client: “Whatever internet-resource you want to access, send it through this connection”.

I’m not very good with Windows, but that’s what helped me with my problems yesterday. The question usually is: what kind of traffic am I sending through the OpenVPN connection, and what kind of traffic can I send through the connection (i.e.: what does the server do with it)

If you’re looking for a way to do this using the Debian image, you can simply follow this tutorial, and it’ll probably work afterwards.

Best of luck, and enjoy your evening :slight_smile: .


#7

Thank you for the detailed explanation!

So this is what I collected from my tests:

  1. I’m able to ping the internal IP.

  2. Both Ubuntu (15.10) and Debian (8.2) allow me to connect. But once I’m connected there is no Internet connection.

  3. I’ve researched for push "redirect-gateway def1 bypass-dhcp" but it is already not commented, which is indeed what I want since I desire to connect to Internet.

  4. I’ve tried on both a Windows 10 laptop and a Windows 7 laptop. Both do not work.

  5. As said before, also the OpenVPN from the ImageHub does not work.

  6. The tutorial you posted looks great, and I’ve read it all. But doing that process every time I need a VPN server would defy my purpose of deploying in a fast and easy way. For my purpose, the OpenVPN Image or the OpenVPN script are great solutions, but none of them are working.

Thank you so far for the support and time dedicated to me!


#8

I have a bit of an odd setup for openvpn, but it works.
I am using the vpn primarily for remote access to machines behind different NAT’ed networks. However, on my android phone(and occasionally my laptop), I use the vpn to encrypt my connection on open wifi.

I used the debian image(not the openvpn app from image hub).

Here is how I set mine up:

  1. setup openvpn, can connect, do not force routing via vpn on the
    server.
  2. setup ipv4_forwarding
    a) /etc/sysctl.conf uncomment “net.ipv4.ip_forward=1”
    b) set iptables rules(something like this):
    iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface tun0 -j ACCEPT
  3. then force route via vpn(client.conf, because I only want my phone/laptop to rout via vpn, not all the other machines that are on the vpn, at this point you could force it via server.conf if that is what you want)

It works, and my phone gets thoroughly confused as to what country it is in.


#9

@David_Gross

Thank you! I’ll do what you did. Can you please clarify to me the last step? What do you mean with “force route via vpn”?

Thank you again!


#10

The “redirect-gateway def1” line forces traffic through the tunnel.
Or, rather, it creates a new default route (view with ip route) that routes all traffic through the vpn tunnel.

If you do have that line in the server.conf, all connected machines should route their all their traffic through the vpn.

If you put that line in the client.conf of the only certain machines, you can manage which client machines route through the vpn and which don’t, which was what I wanted.


#11

Thank you for the help.

I’ve tried everything you recommeneded. But I still don’t have a working OpenVPN server.

I would even simply use the OpenVPN image offered by Scaleway, but that doesn’t work either!

Could please the Scaleway team try to fix the OpenVPN image? If it doesn’t work it shouldn’t be there.


#12

Have you tried reporting it to https://github.com/Nyr/openvpn-install/issues ? (That way the “tech” team can see it directly)


#13

Any update on this one ? I can’t manage to make my VPN work too.


#14

Hello,
For me it works
Good luck


#15

@Ludo Which iptables rules did you use ?


#16

Reported issue https://github.com/Nyr/openvpn-install/issues/138


#17

I dont know.

Are you sure to launch your vpn client as administrator ?


#18

Yes of course I know well this script I even made a fork https://github.com/Angristan/OpenVPN-install


#19

Script creator here.

It works, I have just tested in one of the Avoton instances. I wanted to check on ARM too, but can’t manage to get one provisioned.

If anyone has connectivity problems with the script, remember that Scaleway uses CGNAT for their servers, so when first asked about the instance IP, you need to specify the internal one which is what’s available to the VM. When finishing the installation, script will automatically detect the NAT and ask for the public IP.

I understand this can be a bit confusing, but that’s how Scaleway works.


#20

I am having the same problem. The C1 gets created but isn’t able to start. Been happening for close to 24 hours now.