Jump to content
Not connected, Your IP: 18.225.95.229
Sign in to follow this  
silver45

vpn connects but web pages don't resolve

Recommended Posts

hey guys,

with ufw enabled, vpn connects but wget and web pages don't resolve:

$uname -a

 

Linux 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 2016 x86_64 x86_64 x86_64 GNU/Linux
 

 


$ufw reset
$ufw allow out on wlp1s0 to 213.152.161.180 port 443 proto udp
$ufw allow out on tun0


$ufw status verbose

 

Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
213.152.161.180 443/udp    ALLOW OUT   Anywhere on wlp1s0         # NL-Alblasserdam_Alchiba_UDP-443.ovpn
Anywhere                   ALLOW OUT   Anywhere on tun0           # tun0

 

 


$openvpn --config ~/VPN/NL-Alblasserdam_Alchiba_UDP-443.ovpn

 

Mon Oct  3  2016 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb  2 2016
Mon Oct  3  2016 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Mon Oct  3  2016 Control Channel Authentication: tls-auth using INLINE static key file
Mon Oct  3  2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct  3  2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct  3  2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Oct  3  2016 UDPv4 link local: [undef]
Mon Oct  3  2016 UDPv4 link remote: [AF_INET]213.152.161.180:443
Mon Oct  3  2016 TLS: Initial packet from [AF_INET]213.152.161.180:443, sid=b2d0c912 4505e529
Mon Oct  3  2016 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Mon Oct  3  2016 Validating certificate key usage
Mon Oct  3  2016 ++ Certificate has key usage  00a0, expects 00a0
Mon Oct  3  2016 VERIFY KU OK
Mon Oct  3  2016 Validating certificate extended key usage
Mon Oct  3  2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Oct  3  2016 VERIFY EKU OK
Mon Oct  3  2016 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Mon Oct  3  2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Oct  3  2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct  3  2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Oct  3  2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct  3  2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Mon Oct  3  2016 [server] Peer Connection Initiated with [AF_INET]213.152.161.180:443
Mon Oct  3  2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Oct  3  2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.48.174 255.255.0.0'
Mon Oct  3  2016 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct  3  2016 OPTIONS IMPORT: LZO parms modified
Mon Oct  3  2016 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct  3  2016 OPTIONS IMPORT: route options modified
Mon Oct  3  2016 OPTIONS IMPORT: route-related options modified
Mon Oct  3  2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct  3  2016 ROUTE_GATEWAY 10.42.0.1/255.255.255.0 IFACE=wlp1s0 HWADDR=xx:xx:xx:xx:xx:xx
Mon Oct  3  2016 TUN/TAP device tun0 opened
Mon Oct  3  2016 TUN/TAP TX queue length set to 100
Mon Oct  3  2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Oct  3  2016 /sbin/ip link set dev tun0 up mtu 1500
Mon Oct  3  2016 /sbin/ip addr add dev tun0 10.4.48.174/16 broadcast 10.4.255.255
Mon Oct  3  2016 /sbin/ip route add 213.152.161.180/32 via 10.42.0.1
Mon Oct  3  2016 /sbin/ip route add 0.0.0.0/1 via 10.4.0.1
Mon Oct  3  2016 /sbin/ip route add 128.0.0.0/1 via 10.4.0.1
Mon Oct  3  2016 Initialization Sequence Completed
 

 





$route -n

 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.4.0.1        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         10.42.0.1       0.0.0.0         UG    600    0        0 wlp1s0
10.4.0.0        0.0.0.0         255.255.0.0     U     0      0        0 tun0
10.42.0.0       0.0.0.0         255.255.255.0   U     600    0        0 wlp1s0
128.0.0.0       10.4.0.1        128.0.0.0       UG    0      0        0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlp1s0
213.152.161.180 10.42.0.1       255.255.255.255 UGH   0      0        0 wlp1s0
 

 




$ip addr

 

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 10.42.0.9/24 brd 10.42.0.255 scope global wlp1s0
       valid_lft forever preferred_lft forever
    inet6 <removed>/64 scope link
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none
    inet 10.4.48.174/16 brd 10.4.255.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 <removed>/64 scope link flags 800
       valid_lft forever preferred_lft forever
 

 



i don't usually touch my iptables directly but here's the output:

$iptables -L

 

Chain INPUT (policy DROP)
target     prot opt source               destination         
ufw-before-logging-input  all  --  anywhere             anywhere            
ufw-before-input  all  --  anywhere             anywhere            
ufw-after-input  all  --  anywhere             anywhere            
ufw-after-logging-input  all  --  anywhere             anywhere            
ufw-reject-input  all  --  anywhere             anywhere            
ufw-track-input  all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ufw-before-logging-forward  all  --  anywhere             anywhere            
ufw-before-forward  all  --  anywhere             anywhere            
ufw-after-forward  all  --  anywhere             anywhere            
ufw-after-logging-forward  all  --  anywhere             anywhere            
ufw-reject-forward  all  --  anywhere             anywhere            
ufw-track-forward  all  --  anywhere             anywhere            

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ufw-before-logging-output  all  --  anywhere             anywhere            
ufw-before-output  all  --  anywhere             anywhere            
ufw-after-output  all  --  anywhere             anywhere            
ufw-after-logging-output  all  --  anywhere             anywhere            
ufw-reject-output  all  --  anywhere             anywhere            
ufw-track-output  all  --  anywhere             anywhere            

Chain ufw-after-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-input (1 references)
target     prot opt source               destination         
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-ns
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-dgm
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:netbios-ssn
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:microsoft-ds
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootps
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootpc
ufw-skip-to-policy-input  all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-output (1 references)
target     prot opt source               destination         

Chain ufw-before-forward (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp source-quench
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ufw-user-forward  all  --  anywhere             anywhere            

Chain ufw-before-input (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  anywhere             anywhere             ctstate INVALID
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp source-quench
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
ufw-not-local  all  --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns
ACCEPT     udp  --  anywhere             239.255.255.250      udp dpt:1900
ufw-user-input  all  --  anywhere             anywhere            

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-before-output (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  anywhere             anywhere            

Chain ufw-logging-allow (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere             ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  anywhere             anywhere             limit: avg 3/min burst 10
DROP       all  --  anywhere             anywhere            

Chain ufw-reject-forward (1 references)
target     prot opt source               destination         

Chain ufw-reject-input (1 references)
target     prot opt source               destination         

Chain ufw-reject-output (1 references)
target     prot opt source               destination         

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain ufw-track-forward (1 references)
target     prot opt source               destination         

Chain ufw-track-input (1 references)
target     prot opt source               destination         

Chain ufw-track-output (1 references)
target     prot opt source               destination         

Chain ufw-user-forward (1 references)
target     prot opt source               destination         

Chain ufw-user-input (1 references)
target     prot opt source               destination         

Chain ufw-user-limit (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination         

Chain ufw-user-output (1 references)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             213.152.161.180      udp dpt:https
ACCEPT     all  --  anywhere             anywhere  
 

 




any help would be great. let me know if you need anymore info.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...