Home / ubuntu / Questions / 163072
Accepted
zfz
Asked: 2012-07-13 22:58:44 +0800 CST

Openvpn client web traffic setting problems

  • 772

I have setup an openvpn access server in my vps. And now l'm living China, the goverment blocks the many foreign sites such as facebook and twitter.

I can use the vpn server the cross the firewall of China to access twitter and so on through my desktop running the windows xp.

However, my laptop running xubuntu 12.04 cannot break through the national firewall. I can connnet the vpn server by the openvpn termial client in ubuntu by the command "sudo openvpn --config client.ovpn"

As the desktop works okay, I think the setting of the vpn access server is okay. Is there any sepcial setting in ubuntu client? I didn't change the configuration provided by the openvpn access server.

I googled the problem a lot, the iptables instructions made me quite confused. And I open the ip forward in ubuntu as well. Still not works.

The original route table in xubuntu:

    0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 wlan0
    169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlan0
    173.224.215.16  192.168.0.1     255.255.255.255 UGH   0      0        0 wlan0
    192.168.0.0     0.0.0.0         255.255.255.0   U     2      0        0 wlan0

The route table after connecting to the vpn:

    0.0.0.0         5.5.0.1         128.0.0.0       UG    0      0        0 tun0
    0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 wlan0
    5.5.0.0         0.0.0.0         255.255.248.0   U     0      0        0 tun0
    46.x.x.x  192.168.0.1     255.255.255.255 UGH   0      0        0 wlan0
    128.0.0.0       5.5.0.1         128.0.0.0       UG    0      0        0 tun0
    169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlan0
    173.224.215.16  192.168.0.1     255.255.255.255 UGH   0      0        0 wlan0
    192.168.0.0     0.0.0.0         255.255.255.0   U     2      0        0 wlan0

46.x.x.x is the public ip of my vps.

client.ovpn:

    ...
    setenv FORWARD_COMPATIBLE 1
    client
    server-poll-timeout 4
    nobind
    remote 46.x.x.x 1194 udp
    remote 46.x.x.x 1194 udp
    remote 46.x.x.x 443 tcp
    remote 46.x.x.x 1194 udp
    remote 46.x.x.x 1194 udp
    remote 46.x.x.x 1194 udp
    remote 46.x.x.x 1194 udp
    remote 46.x.x.x 1194 udp
    dev tun
    dev-type tun
    ns-cert-type server
    reneg-sec 604800
    sndbuf 100000
    rcvbuf 100000
    auth-user-pass
    # NOTE: LZO commands are pushed by the Access Server at connect time.
    # NOTE: The below line doesn't disable LZO.
    comp-lzo no
    verb 3
    setenv PUSH_PEER_INFO
    ...

I omit the ca, keys, etc.

Thanks in advance.

openvpn

1 Answers

  1. Best Answer

    I have found out the problem! It is caused by the Chinese National Firewall.

    The DNS servers in China are all polluted, so that the website such as "twitter" and "facebook" has been redirects to the non-exsits targets. Through this way, the websites cannot be access in China. See the link for DNS cache poisoning.

    So using VPN server to do dns lookup can solve this problem, just adding two lines to the openvpn configuration file(client.ovpn):

    up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

    Also ensure the resolvconf package is installed on the client, as this script depends on it.

    Now the OpenVPN access server works fine for me to break through the Chinese National Firewall.

    • 1