OpenVPN connects but can not connect to local network resources or browse internet
Olivia Zamora 
I've managed to setup an OpenVPN server and can connect my client to the VPN however once connected I can not browse the internet or connect to any resources on the network.
I think the issue may be something to do with the routes that are being pushed and the fact that I'm using a bridged interface (br0). I originally setup the bridged interface because I wanted to run some virtuals in KVM and now I've used br0 as the interface in the OpenVPN config but think I need to somehow bridge it to the TUN interface if that is possible or have I missed something else?
My /etc/network/interfaces:-
auto lo
iface lo inet loopback
auto br0
iface br0 inet dhcp bridge_ports eno1 bridge_stp on bridge_fd 0 bridge_maxwait 0My /etc/ufw/before.rules:-
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to br0
-A POSTROUTING -s 10.8.0.0/8 -o br0 -j MASQUERADE
COMMIT
# END OPENVPN RULESMy OpenVPN server.conf:-
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0
key-direction 0
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1Output of IP Route:-
default via 10.0.0.138 dev br0
10.0.0.0/24 dev br0 proto kernel scope link src 10.0.0.112
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev br-e47e403dd1c1 proto kernel scope link src 172.18.0.1
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown* OpenVPN is not running in docker
This is ipconfog /all from the Windows client when connected to the VPN (no gateway would seem to be an issue)
Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Windows Adapter V9 Physical Address. . . . . . . . . : 00-FF-5E-0C-75-B4 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::954d:364c:745f:c2bc%19(Preferred) IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.252 Lease Obtained. . . . . . . . . . : Monday, 30 July 2018 1:04:44 AM Lease Expires . . . . . . . . . . : Tuesday, 30 July 2019 1:04:44 AM Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.8.0.5 DHCPv6 IAID . . . . . . . . . . . : 318832478 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-00-A8-EA-28-80-23-0A-55-10 DNS Servers . . . . . . . . . . . : 208.67.222.222 208.67.220.220 NetBIOS over Tcpip. . . . . . . . : Enabled1 Answer
I have managed to work it out thanks to some other posts. It appears my etc/ufw/before.rules had a mistake in the subnet; instead of /8 I've updated to /24 and all seems to be working well now!
In /etc/ufw/before.rules
Updated:-
-A POSTROUTING -s 10.8.0.0/8 -o br0 -j MASQUERADE``To:-
-A POSTROUTING -s 10.8.0.0/24 -o br0 -j MASQUERADEThanks all for helping me with this
