EDIT2: Per my first edit below, I determined OpenVPN connects just fine in a public environment and routes all traffic through it. The real question is, how do I configure my files so my desktop client routes successfully through OpenVPN?
I want my desktop to have all the benefits of being shielded by a VPN and quite possibly allow it to be connected to remotely from a public hotspot using my laptop (though that may be a different question all together).
My router has a gateway address of 192.168.1.254, my desktop is connected to it via 192.168.1.150, and my server is connected via 192.168.1.180. My laptop can connect to the server from public Wifi, but cannot connect when connected via Wifi to the local router.
Original Question - OpenVPN will not access HTTP servers
I followed this tutorial (https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04) on setting up a VPN on my web server.
The OpenVPN client connects just fine to the server (at least I think it does) and can access a couple of websites with HTTPS; however, it cannot access any regular HTTP websites and the connection tends to drop out after five or so minutes
At this point, I'm not entirely sure if my IP settings on certain files are correct because the guide wasn't too clear on what certain IP addresses should be. I'm not sure whether some IP addresses should point to the gateway router or the server's public IP.
What do I need fix in the files below to help me maintain my OpenVPN connection to my server and route all traffic through it?
Helpful facts:
- The desktop runs Windows 10 with OpenVPN GUI v11.4.0.0; the server runs Ubuntu Server 16.04. If all works well on my desktop, I'd like to be able to connect to the server remotely from my college campus using one of my laptops (with Windows 10 Pro and Ubuntu Desktop 16.04.2)
- The desktop and server are both connected to the same LAN on a router.
- The router's firewall is configured to forward requests on port 1194 to the server.
- Some of the lines that were commented out are left out of these files. Let me know if I should edit them back in, or add a specific log file.
- As the guide suggested, the certificates and keys are written inside the client1.ovpn file, and I've commented that data out in this post
/etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS xxx.xxx.xxx.xxx" #My server's public IP
;push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
cipher AES-128-CBC # AES
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
/etc/ufw/before.rules
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
#Rest of file left out for brevity
client1.ovpn
client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194 #My server's public IP
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
cipher AES-128-CBC
auth SHA256
key-direction 1
remote-cert-tls server
comp-lzo
verb 3
<ca>
-----BEGIN CERTIFICATE-----
# Certificate string exists here
-----END CERTIFICATE-----
</ca>
<cert>
# Certificate data
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
#Private key here
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
#OpenVPN static key
-----END OpenVPN Static key V1-----
</tls-auth>
EDIT
Update: I created a client2 config for my laptop and took the laptop out to my school's network this morning. In that environment, OpenVPN now works fine, so the issue has something to do with my desktop and laptop being under the same LAN as my server that is causing the aforementioned connection problems.
Now that I am convinced OpenVPN does work, but something about trying to connect to it while under the same LAN causes problems, I can do some research into that specific problem and ask a new question if it comes down to it.