Join Log in
Score:0
avatar Server

OpenVPN: cannot open domain webpages in browser

cn flag
stavrop

strange problem here!

I am using VPN to connect to my work network (openvpn, hosted by my institution, I'm managing it, so I can make changes). Everything works fine, meaning that all traffic is routed through the VPN as it should (at least it seems so), I have internet access, I can access restricted services (e.g. git, shared folders) that require me to be on the same network etc.

The problem is that with browsers (tried Safari, Firefox and Chrome), I cannot access webpages that are hosted within the institution's local network. All other web pages work fine (I am posting this connected to the VPN).

Let's assume our domain is domain.com Anything hosted under domain.com cannot be accessed via browser. e.g. webserver1.domain.com won't open in browser. Safari states:

Safari can't connect to the server
Safari can't open the page domain.com because Safari can't connect to server domain.com

In terminal webserver1.domain.com is resolved without issues (nslookup), I can ping it, and traceroute seems ok.

If I try to checkout a git repo under webserver1.domain.com (from terminal), it works fine.
If I try to mount a shared folder (using Finder and the url), also ok

All other services work fine (I can mount shared drives, send/receive mails, even use printers). As far as I can tell, everything but browser access works fine. The same VPN configurations work fine in iOS (iOS safari can open domain.com pages when connected to the VPN just fine)

I'm on MacOS 12.0.1 and using Tunnelblick 3.8.7a to connect to VPN.

I can also access some webpages using IP address and not url (getting the security warning as ssl does not work). As mentioned, DNS is ok and resolves everything.

My server.conf is below:

server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/xxxxxxx.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/xxxxxxx.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun
topology subnet

proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log

user nobody
group nogroup
comp-lzo no

### Route Configurations Below
route 192.168.254.0 255.255.255.0

### Push Configurations Below
push "comp-lzo no"
push "redirect-gateway def1 bypass-dhcp"

Any ideas?

89
0 + 0
in flag
Lacek
Don't you have a proxy set up perchance?
0
Reply
cn flag
stavrop
No, no proxies are used.
0
Reply
Martin avatar
kz flag
Martin
Maybe you hit an outgoing firewall from your institution? If a git checkout works perfectly, the vpn tunnel is not the issue here.
0
Reply
Gerard H. Pille avatar
in flag
Gerard H. Pille
What is this "server.conf" you're showing us? And what is the meaning of "server 192.168.255.0 255.255.255.0" and "route 192.168.254.0 255.255.255.0"?
0
Reply
cn flag
stavrop
Hi, "server.conf" is the configuration file for the OpenVPN server. I'm not 100% sure what these settings do (found them in the guide I followed). I believe the first one is the vpn network configuration and the 2nd one is about routing?
0
Reply
Score:0
avatar Server
cn flag
stavrop

...and today suddenly, and without changing anything, everything works!

Don't know what to say... I haven't restarted my computer nor the VPN server...

Strange things!

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.