VPN server works, but client does not have internet access

Currently reading
VPN server works, but client does not have internet access

4
0
NAS
DS215J
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. iOS
Last edited:
Hi there,

I have a DS215J and want to do the following:
- VPN server run with OpenVPN -> done
- DDNS setup with synology.me -> done
- exported *.ovpn file and connected via Ubuntu -> done
- issue: Ubuntu has no internet access, when connected to the VPN

Router settings are the following:
- Model: Speedport Smart
- TCP ports forwarded to the NAS: 443, 80, 8080, 8443 + another 3 ports
- UDP ports forwarded to the NAS: 1194 (for OpenVPN), 1701, 500, 4500 (for L2TP), 80, 8080, 8443, 443

NAS settings:
- OpenVPN up and running (besides L2TP)
- Firewall disabled
- DDNS enabled with synology.me
- no static routing configured

Open VPN client command line output:

Code:
Thu Jan 27 16:24:18 2022 [xxx.synology.me] Inactivity timeout (--ping-restart), restarting
Thu Jan 27 16:24:18 2022 /sbin/ip addr del dev tun0 local 10.8.0.6 peer 10.8.0.5
Thu Jan 27 16:24:18 2022 SIGUSR1[soft,ping-restart] received, process restarting
Thu Jan 27 16:24:23 2022 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Jan 27 16:24:23 2022 TCP/UDP: Preserving recently used remote address: [AF_INET] .... <ip>
Thu Jan 27 16:24:23 2022 UDP link local (bound): [AF_INET][undef]:1194
Thu Jan 27 16:24:23 2022 UDP link remote: [AF_INET] .... <ip>
Thu Jan 27 16:24:25 2022 [xxx.synology.me] Peer Connection Initiated with [AF_INET] .... <ip>
Thu Jan 27 16:24:26 2022 TUN/TAP device tun0 opened
Thu Jan 27 16:24:26 2022 /sbin/ip link set dev tun0 up mtu 1500
Thu Jan 27 16:24:26 2022 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Thu Jan 27 16:24:26 2022 Initialization Sequence Completed

*.ovpn settings:

Code:
dev tun
tls-client
remote xxx.synology.me 1194
float
redirect-gateway def1
dhcp-option DNS 1.1.1.1
dhcp-option DNS 1.0.0.1
dhcp-option DNS 8.8.8.8
pull
proto udp
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
comp-lzo
reneg-sec 0
cipher AES-256-CBC
auth SHA512
auth-user-pass
...

I have no idea, why the internet access from the VPN client is not working.
I also see no missing thing from the VPN tutorial.

Update: I figured out, that I can ping the local ip 10.8.0.6 and external ip's, but no host name:
Code:
# ping 10.8.0.6
PING 10.8.0.6 (10.8.0.6): 56 data bytes
64 bytes from 10.8.0.6: icmp_seq=0 ttl=64 time=0.707 ms
# ping www.microsoft.com
ping: unknown host
# ping 2.18.233.62
PING 2.18.233.62 (2.18.233.62): 56 data bytes
64 bytes from 2.18.233.62: icmp_seq=0 ttl=58 time=40.243 ms
# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=57 time=42.636 ms

Besides the google DNS I've also tried the local DNS from the router, with no success:
Code:
dhcp-option DNS 192.168.2.1
 
If I were you, the next thing I’d try is configuring my iOS device with the same OVPN file and the local (to the vpn server) DNS server.

On the other hand, I’ve never used float.

 
If I were you, the next thing I’d try is configuring my iOS device with the same OVPN file and the local (to the vpn server) DNS server.
Done. Working on the iPhone, but not within Ubuntu.
 
In my .ovpn for DSM 7's VPN Server the following aren't included (float is disabled and the others are not present [disabled or otherwise]).
...
float
...
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
comp-lzo
...

I do add dhcp-option commands just to be certain that things work as I want.
dhcp-option DOMAIN <my personal domain for LAN devices, zone hosted in DNS Server>
dhcp-option DNS <router LAN IP address>

I only use with iOS devices and occasionally test on macOS: I don't have a need to run a Linux client device. Maybe check to see if the OpenVPN client objects to obsoleted/deprecated commands, or there may be a way to instruct to expect an older server version.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
It sounds that the main focus is a LAN reconfiguration of DHCP and DNS services so that dynamically...
Replies
1
Views
531
Thank you, got it to work: issue was, that I was expecting TCP port forwarding through the VPN, which was...
Replies
2
Views
2,426
Is this possible? My backup NAS connects to my main NAS via VPN, and the only way I can get the Shared...
Replies
0
Views
1,504
Hi, Without VDSM and Docker (as it is now), are you getting long hibernation times? According to my...
Replies
4
Views
3,312
  • Solved
Mark as solution is the right way. I've removed the thread title prefix so all is good now. On the thread...
Replies
9
Views
12,371

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top