# openvpn: routing problem with Linux client



## cbrace (Feb 16, 2015)

Hi all,

I have security/openvpn running on my FreeBSD v10.1 server.

Several devices running the openvpn Android client can connect and the VPN works flawlessly.

For some reason, I am having problems however with a Linux system (Mint v17.1). The client connects but the connection doesn't work. For example, running `traceroute` from the client I only see one hop:
	
	



```
$ traceroute cern.ch
traceroute to cern.ch (188.184.9.234), 30 hops max, 60 byte packets
1  10.8.0.1 (10.8.0.1)  22.842 ms  25.270 ms  26.881 ms
```
It ends here.

With the VPN active, DNS lookups work. I can also *ssh* to the server. But I can't open a webpage from the client.

Does anyone have any ideas why traffic from this particular client wouldn't be going any further than the server (10.8.0.1)?

On the client:

```
tun0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
  inet addr:10.8.0.10  P-t-P:10.8.0.9  Mask:255.255.255.255
  UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
  RX packets:237 errors:0 dropped:0 overruns:0 frame:0
  TX packets:249 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:100
  RX bytes:9864 (9.8 KB)  TX bytes:25799 (25.7 KB)
```
server.conf:

```
port 1194
proto udp
dev tun
ca  /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key  /usr/local/etc/openvpn/keys/server.key
dh /usr/local/etc/openvpn/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
tls-auth /usr/local/etc/openvpn/keys/tls.key 0
tls-server
comp-lzo
max-clients 10
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append  /var/log/openvpn.log
verb 3
```
server rc.conf:

```
gateway_enable="YES"
```


----------



## diizzy (Feb 16, 2015)

Your routes are most likely wrong, if you're just going to HTTP/HTTPS I'd advice you to setup a proxy on the server and use it on the clients over your VPN connection.
//Danne


----------



## junovitch@ (Feb 17, 2015)

What are you doing right now on the Linux client to get to the web?  I don't see a ccd for client config directory or any push options to push a default gateway.  Are you just adding it manually?


----------



## Oko (Feb 17, 2015)

junovitch said:


> What are you doing right now on the Linux client to get to the web?  I don't see a ccd for client config directory or any push options to push a default gateway.  Are you just adding it manually?


+1 He really needs to explain his topology if he expect any help. Just guessing but I would expect him to have something like 
	
	



```
push "route 192.168.6.0 255.255.255.0"
```
 where 192.168.6.0/24 is my private network accessible by VPN clients. Also people forget that they need 
	
	



```
client-to-client
```
 if they want clients to talk to each other.


----------

