#1 2019-03-07 15:03:05

beardy
Trusted Member
Registered: 2019-03-06
Posts: 5

OpenVPN Connected But No Data Transfer

This is the first time I have used a VPS and installed OpenVPN on a server and I'm stumped on possibly the final step.

I believe my known good client is connected to the server but there is no data transfer happening.

The setup is as follows:
- a NAT VPS with 64MB of memory on node MTL-03 (LowEndSpirit)
- O/S is Debian 8 x64 Minimal
- installed OpenVPN using the script found at https://github.com/pl48415/openvpn-install-advanced
- the both the Debian & OpenVPN installs seem to have run cleanly (I have checked the logs and console messages generated during the installations)
- I have set up the server to be TCP only
- my OpenVPN client is non-gui and does not display any error messages on the console
- this same client can connect to my PrivateTunnel account and other "free" TCP tunnels without problems
- using the shell command "lsof -i -P" on the server I can see the port is being listened to by OpenVPN, and then it's active once the connection is made
- only about 30% of memory is being used and the server load is basically idle
- pinging a known good IP from the client fails with time outs and no other types of requests work either

The script obviously opened the port because the connection can be established.

Can anyone suggest what am I missing?

Offline

#2 2019-03-07 16:09:14

WSS
Trusted Member
Registered: 2016-12-22
Posts: 436

Re: OpenVPN Connected But No Data Transfer

Is it one of your allocated ports?


RbyeR4Nm.png

Offline

#3 2019-03-07 19:30:17

beardy
Trusted Member
Registered: 2019-03-06
Posts: 5

Re: OpenVPN Connected But No Data Transfer

That is a very good question.

I am using last octet of the "Main IP" specified in my welcome message to assign port numbers.  I am using the IP specified in the welcome message table that matches my main IP.  Using that IP and port NNN00 I can access the SSH and SFTP without problems.

I have currently installed OpenVPN on port NNN01.  I also did a fresh install on NNN03 with identical results.

I just wonder if there is some software bit I haven't installed through inexperience.

What I did do was installed a fresh version of "Debian 8 x64 Minimal" using the control panel.  Once that was done I ran the SSH command "apt-get update".  Then I ran the bash script linked above specifying the IP and port described here.  Both the update and script installation look like they ran without errors.

Since OpenVPN seems to connect correctly but there is no data traffic I am wondering if something is missing on the server.

Offline

#4 2019-03-07 21:48:37

beardy
Trusted Member
Registered: 2019-03-06
Posts: 5

Re: OpenVPN Connected But No Data Transfer

For completeness I wanted to include the results of the "lsof" commands.  IPs and names have been anonymized.

This is the list of ports and their associated processes with only the SSH terminal connected.  openvpn is listening on my port NNN01, the terminal is connected:

[email protected]:~# lsof -i -P
COMMAND  PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
sshd     227 root    3u  IPv4 1251333883      0t0  TCP *:22 (LISTEN)
sshd     227 root    4u  IPv6 1251333892      0t0  TCP *:22 (LISTEN)
openvpn  707 root    6u  IPv4 1252085299      0t0  TCP *:NNN01 (LISTEN)
sshd    1268 root    3r  IPv4 1316823948      0t0  TCP mynatvps:22->mysymbolicIP:4437 (ESTABLISHED)

After connecting the openvpn client, this is the result:

[email protected]:~# lsof -i -P
COMMAND  PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
sshd     227 root    3u  IPv4 1251333883      0t0  TCP *:22 (LISTEN)
sshd     227 root    4u  IPv6 1251333892      0t0  TCP *:22 (LISTEN)
openvpn  707 root    6u  IPv4 1252085299      0t0  TCP *:NNN01 (LISTEN)
openvpn  707 root    9u  IPv4 1316906268      0t0  TCP mynatvps:NNN01->mysymbolicIP:4449 (ESTABLISHED)
sshd    1268 root    3r  IPv4 1316823948      0t0  TCP mynatvps:22->mysymbolicIP:4437 (ESTABLISHED)

To my novice eyes it seems that openvpn is running and connected on the server.

I have also run PING from the server using the SSH terminal and it works correctly too, so there must be a connection to the internet.

Offline

#5 2019-03-08 01:43:49

beardy
Trusted Member
Registered: 2019-03-06
Posts: 5

Re: OpenVPN Connected But No Data Transfer

Looks like it's an iptables issue on the server.  Everyone but me probably knew that already.

The OpenVPN client goes through all the normal motions and goes out to the server port but does not generate any error messages.

I simulated this using telnet to try connecting to my IP:port and saw the same "ESTABLISHED" status from the lsof command on the server.

"iptables -S" command on the server only had an INPUT rule for my port, and it vanished when I rebooted the server.

Assuming my IP octet is 666 (which it isn't) and my port of interest is 66601, what iptables rules should I be using to open the port for both input and output with OpenVPN TCP mode?  I have found numerous suggested command lines but none have worked for me so far.

Any suggestions appreciated.

Offline

#6 2019-03-10 17:38:59

Hasdump
Trusted Member
Registered: 2019-02-23
Posts: 7

Re: OpenVPN Connected But No Data Transfer

Try using Angristan version, and use UDP.
on the Angristan Version, iptables are automaticly added and it uses newer and securer encryption

Offline

#7 2019-03-11 12:51:26

WSS
Trusted Member
Registered: 2016-12-22
Posts: 436

Re: OpenVPN Connected But No Data Transfer

Hasdump wrote:

Try using Angristan version, and use UDP.
on the Angristan Version, iptables are automaticly added and it uses newer and securer encryption


This is pretty good advice - especially to use a UDP connection once you get the bugs ironed out so people can't just easily scan for it,  NAT IPs seem too get scanned fairly often.


RbyeR4Nm.png

Offline

#8 2019-03-12 05:06:46

kramer
Trusted Member
Registered: 2018-01-09
Posts: 11

Re: OpenVPN Connected But No Data Transfer

If you use scripts to install complex software you miss out on learning what is happening under the hood.

Invariably you'll find yourself exactly in your situation when a problem occurs. Openvpn is not difficult to set up. Documentation is plentiful.

I agree with previous posts about using udp. Connectivity problems usually are routing or iptables related. It's important to become familiar with them.

Assuming you're using a LES ipv4 nat setup, and assuming you separate tcp/udp iptables rules, these are the commented iptables rules required for udp connection on the openvpn server.

iptables -A INPUT -i tun+ -m comment --comment "allow vpn tunnel access" -j ACCEPT

iptables -A UDP -p udp -m udp --dport 12345 (your openvpn server udp port) -m comment --comment "openvpn udp port access" -j ACCEPT

To use your remote vps for ipv4 browsing from your local client (using openvpn default ip addressing) :

iptables -A FORWARD -s 10.8.0.0/24 -i tun+ -o venet+ -m comment --comment "forward vpn tunnel" -j ACCEPT

iptables -t nat -R POSTROUTING 1 -s 10.8.0.0/24 -o venet+ -m comment --comment "allow tun0 access to venet0" -j SNAT --to-source 192.168.x.x (your internal ipv4 address)

hth

Offline

#9 2019-03-14 23:43:48

beardy
Trusted Member
Registered: 2019-03-06
Posts: 5

Re: OpenVPN Connected But No Data Transfer

Thanks so much for the iptables settings kramer!  I'm finally up and running.

As you said, there's a mountain of documentation but I was never able to find the gem you provided for the POSTROUTING to get through the NAT.  I also did not recognize my internal IP address because it does not start with 192.168 , although that might not have helped anyway.

As a trouble shooting hint for others, if that POSTROUTING statement is wrong you won't get any error messages or error logs.  OpenVPN will run up on the server in response to your active connection but won't talk to you at all.

Offline

Board footer

Powered by FluxBB