I am trying to connect my COS box to ExpressVPN.
I downloaded their conf file:
Then, I followed the doc to create a file /etc/openvpn/connect_to_ExpressVPN.conf and paste the above inside.
I then opened the firewall port for UDP 1195. Checking the OpenVPN service on the webGUI it said stopped.
Upon starting, I needed to use systemd-tty-ask-password-agent to enter username and password. Afterwards, it seems to start normally.
However, my PCs connected to the COS box do not have internet connection, i.e. browsing using Chrome won't load any websites.
From within the COS, in the cli I would ping google.com, so it seems the connection was indeed made.
What might I be missing here?
I downloaded their conf file:
dev tun
fast-io
persist-key
persist-tun
nobind
remote japan-tokyo-1-ca-version-2.expressnetw.com 1195
remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass
<cert>
-----BEGIN CERTIFICATE-----
CERT HERE
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
KEY HERE
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
KEY HERE
-----END OpenVPN Static key V1-----
</tls-auth>
<ca>
-----BEGIN CERTIFICATE-----
CERT HERE
-----END CERTIFICATE-----
</ca>
Then, I followed the doc to create a file /etc/openvpn/connect_to_ExpressVPN.conf and paste the above inside.
I then opened the firewall port for UDP 1195. Checking the OpenVPN service on the webGUI it said stopped.
Upon starting, I needed to use systemd-tty-ask-password-agent to enter username and password. Afterwards, it seems to start normally.
However, my PCs connected to the COS box do not have internet connection, i.e. browsing using Chrome won't load any websites.
From within the COS, in the cli I would ping google.com, so it seems the connection was indeed made.
What might I be missing here?
In OpenVPN
Share this post:
Responses (5)
-
Accepted Answer
Nick Howitt wrote:
Perhaps try adding "redirect-gateway def1" to your OpenVPN config.
Thanks for the tip, but I have already tried this on both the server and client side, no luck.
The problem is once the ClearOS rotuer connected to the OpenVPN, while ClearOS works correctly, it couldn't redirect LAN's PC to the internet. -
Accepted Answer
-
Accepted Answer
I went through the troubles to actually setup my own OpenVPN server from a fresh ubuntu, based on Vultr (a VPS).
I could connect from my Windows PC to it and it works (IP is remote when checked).
I could also connect my ClearOS box to it, and this time it does show the correct remote IP.
However, once the ClearOS box is connected, my client Windows PC accessing through the ClearOS box simply can't reach internet.
Something has to be done within the box, but I just don't know how. Seems like an additional setting is missing which tells the ClearOS gateway it has to route traffic through the VPN tunnel, and now it does not.
More explicitly,
Basically pfsense's page here talks about exactly what I am trying to do (see the Fig):
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/routing-internet-traffic-through-a-site-to-site-openvpn-connection-in-pfsense-2-1.html#set-up-the-client-at-site-a -
Accepted Answer
Nick Howitt wrote:
You've got nothing to add routes for your LAN to the VPN and possibly NAT the traffic to the ClearOS IP. I've no idea how this is done, but generally you have to look at the VPN providers configs for a Linux Router, e.g DD-WRT rather than just for Linux.
.... and you shouldn't have to open port 1195 as you aer calling the VPN provider.
Thanks Nick, that makes sense.
I have tried looking up their router config, however, most of them were GUI procedures designed for a particular brand of router,
they didn't show a router .ovpn file or just the key configs.
I am now chatting with their support to see what maybe done. -
Accepted Answer
You've got nothing to add routes for your LAN to the VPN and possibly NAT the traffic to the ClearOS IP. I've no idea how this is done, but generally you have to look at the VPN providers configs for a Linux Router, e.g DD-WRT rather than just for Linux.
.... and you shouldn't have to open port 1195 as you aer calling the VPN provider.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »