OpenVPN connects to VPN but no internet (Ubuntu 10.10 64-bit)

[undecidable]

For simple humans (like me) who want to keep firestarter but who will understand iptables about 3 weeks after hell grows cold:

"Firestarter 1.0 does not support VPN configurations without some tweaking. VPN capability in Firestarter is currently planned for version 1.1."
11.04 has Firestarter 1.0.3

To fix for open vpn, copy the lines below and paste them into the /etc/firestarter/user-pre file on the firewall host (likely your client machine for a simple setup)

Code:

# Allow traffic on the OpenVPN inteface
$IPT -A INPUT -i tun+ -j ACCEPT
$IPT -A OUTPUT -o tun+ -j ACCEPT

Then restart firestarter with:

Code:

sudo /etc/firestarter/firestarter.sh stop
sudo /etc/firestarter/firestarter.sh start

[spynappels]

For simple humans (like me) who want to keep firestarter but who will understand iptables about 3 weeks after hell grows cold:

"Firestarter 1.0 does not support VPN configurations without some tweaking. VPN capability in Firestarter is currently planned for version 1.1."
11.04 has Firestarter 1.0.3

Firestarter is no longer maintained, so you may understand iptables about 3 weeks before version 1.1 is released.

[undecidable]

ahhhhhhhhhhhhhh. My head is full.
though in fact it may be easier to learn iptables than to keep learning new firewalls (10.10 we had guarddog).

[Biblioclasta]

Thanks!
This fixed for me

The other piece of cake solution is to

1. Import your VPN config file in NetworkManager
2. Edit the VPN connection
3. Go to IP Settings tab (IP4Settings)
4. Click on Routes
5. Check "Use this connection only for resources on its network"
6. Restart the connection.

This will no allow the VPN connection to mess up your routing table.

[svaens]

I had exactly the same problem....
I had been playing around with firewalls for other reasons (http://ubuntuforums.org/showthread.php?t=345251) and had at some point installed firestarter.
I played with it; it didn't help me; so I deleted all rules and left it alone. I had not thought it being installed would cause me grief.
However, as soon as I uninstalled it, no longer have I this problem of not being able to connect via VPN (when using the Network Manager).

Code:

PING 173.194.35.134 (173.194.35.134) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

Mind you, I didn't have this problem when using openvpn via the command line. What is the difference? Simply a bad combination of rules applied by both firestarter and the network manager? Except .... firestarter does not simply add rules to ufw.... it is its own firewall....

[undecidable]

The other piece of cake solution is to
1. Import your VPN config file in NetworkManager
2. Edit the VPN connection
3. Go to IP Settings tab (IP4Settings)
4. Click on Routes
5. Check "Use this connection only for resources on its network"
6. Restart the connection.
This will no allow the VPN connection to mess up your routing table.

I am not completely sure of this, but I think that procedure defeats 2 of the 3 purposes of a VPN.

If you are using the VPN just to access a company or private network - then that method is fine.

If you are using a VPN to protect your internet access when you are in a hotel / coffee shop / airport or other untrusted location, that method will defeat the VPN. It means you are not using the VPN for general browsing / email access etc.

If you are using a VPN to access geo-restricted sites in another country, that method will defeat the VPN also for the same reason.

[undecidable]

Mind you, I didn't have this problem when using openvpn via the command line. What is the difference? Simply a bad combination of rules applied by both firestarter and the network manager? Except .... firestarter does not simply add rules to ufw.... it is its own firewall....

A few thoughts:
a. Firewall is not its own firewall - it is another gui interface to iptables.
b. I tried briefly to get kvpnc to work - but couldn't get it to work - can't remember why. So I use openvpn via the command line.
c. I tried briefly to integrate my openvpn into Network Manager - but couldn't get it to work either - can't remember why. So stuck with the cli.
d. Even using the cli I did need to do the procedure I outlined in the post above to get through firestarter.
http://ubuntuforums.org/showthread.p...1#post11770091
to get through the firewall

For those new to Linux who may be unsure about using the command line, the command is just:

Code:

sudo /etc/init.d/openvpn start <configfile>.conf
sudo /etc/init.d/openvpn stop <configfile>.conf

to reduce typing I create aliases for these:

Code:

alias vstart='sudo /etc/init.d/openvpn start'
alias vstop='sudo /etc/init.d/openvpn stop'

so I just need to type each time:

Code:

vstart <configfile>.conf
vstop <configfile>.conf

[umor]

The following solution solved the problem of no data trasfer after successfull connection to vpn-server for me (ubuntu 13.10). Thank you pi3ch!

The other piece of cake solution is to

1. Import your VPN config file in NetworkManager
2. Edit the VPN connection
3. Go to IP Settings tab (IP4Settings)
4. Click on Routes
5. Check "Use this connection only for resources on its network"
6. Restart the connection.

This will no allow the VPN connection to mess up your routing table.

[matija5]

This solutin also worked for me (Ubuntu 14.04 LTS)!!!

The other piece of cake solution is to

1. Import your VPN config file in NetworkManager
2. Edit the VPN connection
3. Go to IP Settings tab (IP4Settings)
4. Click on Routes
5. Check "Use this connection only for resources on its network"
6. Restart the connection.

This will no allow the VPN connection to mess up your routing table.

[peterkuykendall-f]

This "solution" defeats many aspects the VPN! By having it route only traffic on it's network, any traffic that is destined for the Internet outside of the VPN server (99.999999% of the Internet) is in the clear. This is very likely NOT what you want.

Fire up Wireshark or tcpdump to see for yourself. You will see clear traffic going out, with little or nothing going down the VPN.