Join Log in
Score:0
Memes avatar Server

OpenVPN : web pages won't load

cn flag
Memes

My setup :

  • Router : Unifi USG local IP 10.1.1.1/32, port 1194/udp forwarded to 10.1.1.20:1194
  • Unraid server with Docker containers on it.
  • OpenVPN container (kylemanna/openvpn) installed on the embedded MacVlan network, IP address 10.1.1.20/32. I did this way because my other containers are all in this way. The container is configured to hand out IP addresses in the 192.168.255.0/24 subnet.
  • I have added push "dhcp-option DNS 10.1.1.2" which is my local Pi-Hole with local DNS configured.

From my client (windows 10 machine in a local network different from the local network where the OpenVPN service is), I can connect to the VPN and get an IP address as expected (i.e. I get 192.168.0.5). Once connected:

  • I can ping my other containers both by IP or by hostname registered in PiHole (i.e. ping 10.1.1.11 and ping service.local)
  • I can access the Web UI of those services also both by IP and by hostname. Speed is very good (both clients have 1Gbps fiber :))
  • I can ping public IP such as ping 1.1.1.1 or ping 8.8.8.8
  • I can ping domains such as ping google.com
  • If I do a tracert 8.8.8.8, the first hop is 192.168.255.1 and the second is 10.1.1.1, then it goes to my ISP. All as expected.

But... When I try to load a webpage, it does not work and ends up in An error occurred during a connection to serverfault.com. PR_CONNECT_RESET_ERROR

From the default config file generated by the container, I only added 3 lines in the openvpn.conf on the server side:

push "dhcp-option DNS 10.131.10.2"
push "redirect-gateway def1"
push "route 0.0.0.0 0.0.0.0"

My *.ovpn on client side :

client
nobind
dev tun
remote-cert-tls server
remote openvpn.example.com 1194 udp
<key>
-----PRIVATE KEY-----
</key>
<cert>
-----CERTIFICATE-----
</cert>
<ca>
-----CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
-----OpenVPN Static key V1-----
</tls-auth>
redirect-gateway def1

my openvpn.conf on server side

server 192.168.255.0 255.255.255.0
verb 4
key /etc/openvpn/pki/private/openvpn.example.com.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/openvpn.example.com.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun
proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log
user nobody
group nogroup
comp-lzo no
### Route Configurations Below
route 192.168.254.0 255.255.255.0
### Push Configurations Below
push "block-outside-dns"
push "dhcp-option DNS 10.1.1.2"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
push "comp-lzo no"
push "redirect-gateway def1"
push "route 0.0.0.0 0.0.0.0"

Where should I look for a solution?

39
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.