blogpages:vpn_setup

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
blogpages:vpn_setup [2024/10/07 06:34] jcoronablogpages:vpn_setup [2025/08/22 17:27] (current) jcorona
Line 1: Line 1:
 +
 ====== OpenVPN Setup Guide ====== ====== OpenVPN Setup Guide ======
  
Line 4: Line 5:
  
 Problem is, I cant seem to get ta.key to generate but im not worried about it right now: Problem is, I cant seem to get ta.key to generate but im not worried about it right now:
 +
 +**Future Update**: Tailscale is here, use this instead, not worth the hassle of using anything else or setting up VPN. 
  
 ====== OpenVPN Setup on Windows ====== ====== OpenVPN Setup on Windows ======
Line 142: Line 145:
   * **Firewall**: Ensure that the Windows Firewall or any security software allows VPN connections.   * **Firewall**: Ensure that the Windows Firewall or any security software allows VPN connections.
   * **Dynamic DNS**: If your home network's public IP changes regularly, set up Dynamic DNS (DDNS) so you can connect to your home network with a domain name rather than the IP.   * **Dynamic DNS**: If your home network's public IP changes regularly, set up Dynamic DNS (DDNS) so you can connect to your home network with a domain name rather than the IP.
 +
 +
 +====== Losing Internet Access After Connecting to a VPN ======
 +
 +Losing internet access after connecting to a VPN is a common issue, especially when you configure OpenVPN to route all traffic through the VPN (full tunneling). Here are the most common reasons for this issue and how to fix it:
 +
 +===== Possible Causes: =====
 +  * Missing or incorrect NAT configuration on the VPN server: The VPN server is not properly routing traffic from VPN clients to the internet.
 +  * IP forwarding not enabled on the server: The server is not forwarding traffic between the VPN subnet and the external network (your home network).
 +  * DNS issues: The VPN client may not be able to resolve domain names because DNS traffic is not being routed properly.
 +  * Firewall blocking traffic: A firewall on the VPN server may be blocking traffic from the VPN clients.
 +
 +===== Step-by-Step Troubleshooting =====
 +
 +**1. Ensure IP Forwarding Is Enabled on the VPN Server**
 +
 +The server must forward traffic between the VPN network and the internet.
 +
 +On Linux:
 +  * Enable IP forwarding by modifying the system configuration:
 +    * Open the file `/etc/sysctl.conf`:
 +      <code>
 +      sudo nano /etc/sysctl.conf
 +      </code>
 +    * Find the line:
 +      <code>
 +      #net.ipv4.ip_forward = 1
 +      </code>
 +    * Remove the `#` (uncomment the line) and save the file, or add the line if it doesn't exist:
 +      <code>
 +      net.ipv4.ip_forward = 1
 +      </code>
 +    * Apply the changes:
 +      <code>
 +      sudo sysctl -p
 +      </code>
 +
 +On Windows:
 +  * Ensure that the Routing and Remote Access feature is enabled in Windows to allow IP forwarding.
 +    * Go to Control Panel > Network and Sharing Center > Change Adapter Settings.
 +    * Right-click on the OpenVPN TAP Adapter, select Properties, and then go to the Sharing tab.
 +    * Ensure Internet Connection Sharing is enabled and the correct network (Wi-Fi or Ethernet) is selected for sharing.
 +
 +**2. Set Up NAT (Network Address Translation) on the VPN Server**
 +
 +If NAT isn't properly set up, traffic won't be routed to the internet from the VPN clients. This is common in full tunneling setups.
 +
 +On Linux:
 +  * Run the following command to set up NAT, replacing `eth0` with your internet-facing interface:
 +    <code>
 +    sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
 +    </code>
 +    * `10.8.0.0/24` is the default OpenVPN subnet (adjust if you're using a different subnet).
 +    * `eth0` is your internet-facing network interface (this could also be `wlan0` if using Wi-Fi).
 +  * Make sure the rule persists after reboot:
 +    <code>
 +    sudo iptables-save > /etc/iptables/rules.v4
 +    </code>
 +
 +On Windows:
 +  * Enable Internet Connection Sharing (ICS) between your internet-facing adapter (Wi-Fi or Ethernet) and the OpenVPN TAP adapter:
 +    * Right-click on your main network adapter (Wi-Fi or Ethernet), select Properties, then go to the Sharing tab.
 +    * Select **Allow other network users to connect through this computer's Internet connection** and choose the OpenVPN TAP adapter from the dropdown.
 +
 +**3. Verify the DNS Configuration on the Client**
 +
 +Sometimes, even if traffic is being routed through the VPN, the DNS settings may not be configured properly, preventing domain names from being resolved (for example, if you can access websites by IP but not by domain name).
 +
 +* Ensure DNS Servers Are Pushed from the Server:
 +  In your server configuration file (`server.ovpn` or `server.conf`), make sure DNS servers are being pushed to the clients. Add the following lines if they are missing:
 +  <code>
 +  push "dhcp-option DNS 8.8.8.8"  # Google's DNS
 +  push "dhcp-option DNS 8.8.4.4"  # Secondary DNS
 +  </code>
 +
 +* Modify the Client Configuration (`client.ovpn`):
 +  In your client configuration file (`client.ovpn`), ensure DNS settings are configured correctly:
 +  <code>
 +  dhcp-option DNS 8.8.8.8  # Google DNS
 +  dhcp-option DNS 8.8.4.4
 +  </code>
 +* Reconnect the client and verify if the DNS issues are resolved.
 +
 +**4. Test and Verify Routing**
 +
 +After implementing these fixes, reconnect to the VPN and test if the internet connection is working:
 +
 +  * **Check your external IP**: Visit WhatIsMyIP.com and verify that the IP address shown is your home network’s public IP (indicating that all traffic is routed through the VPN).
 +  * **Ping a website**:
 +    Open Command Prompt (on Windows) or a terminal (on macOS/Linux) and type:
 +    <code>
 +    ping google.com
 +    </code>
 +    * If you can ping the domain, DNS is working correctly.
 +    * If the ping succeeds with an IP address but fails with a domain name, DNS may still be misconfigured.
 +  * **Check the routing table (optional)**:
 +    On Windows, open Command Prompt and type:
 +    <code>
 +    route print
 +    </code>
 +    On Linux/macOS, use:
 +    <code>
 +    netstat -rn
 +    </code>
 +    Ensure that the default gateway (`0.0.0.0`) is pointing to the VPN interface (`10.8.0.1` or similar).
 +
 +**5. Check Firewall Rules**
 +
 +If the above solutions don’t work, verify that firewalls on both the server and the client are not blocking the VPN traffic.
 +
 +On the VPN server:
 +  * Ensure the firewall is not blocking outbound traffic from the VPN subnet (`10.8.0.0/24` by default).
 +  * On Linux, check iptables rules to ensure traffic from the VPN interface is allowed.
 +
 +On the client machine:
 +  * Check if the local firewall (e.g., Windows Defender Firewall) is blocking VPN traffic.
 +
 +===== Conclusion =====
 +
 +To fix the issue where you lose internet connectivity after connecting to the VPN:
 +  * Enable IP forwarding on the VPN server.
 +  * Set up NAT to route VPN client traffic to the internet.
 +  * Push DNS settings from the server and configure them on the client.
 +  * Test the internet connection and verify the routing table.
 +  
 +Let me know if you'd like more detailed help with any of the steps!