I have a OpenVPN Server on a CentOS 8 machine that has firewalld and nftables. I have set up OpenVPN with this script:
https://github.com/angristan/openvpn-install
The OpenVPN Client is a Windows 10 machine.
I have following problem: As soon as I connect, no connection to the internet can be made. Traceroute shows that I reach my vpn server:
> tracert 1.1
Routenverfolgung zu 1.0.0.1 über maximal 30 Hops
1 185 ms 185 ms 185 ms 10.8.0.1
2 * * * Zeitüberschreitung der Anforderung.
3 * * * Zeitüberschreitung der Anforderung.
4 * * * Zeitüberschreitung der Anforderung.
5 * * * Zeitüberschreitung der Anforderung.
6 * * * Zeitüberschreitung der Anforderung.
However, after the first hop, nothing happens.
The CentOS 8 machine has a connection of course and can reach 1.1 (1.0.0.1) easily:
~# ping 1.1
PING 1.1 (1.0.0.1) 56(84) bytes of data.
64 bytes from 1.0.0.1: icmp_seq=1 ttl=52 time=27.10 ms
64 bytes from 1.0.0.1: icmp_seq=2 ttl=52 time=28.5 ms
When I do "tcpdump -i tun0" on my CentOS 8 machine, I can see that 10.8.0.2 (the Windows 10 Client) is trying to reach 1.0.0.1 with ICMP. However, only requests, no ICMP replies.
I can also see that a lot of TCP retransmissions are happening when I run Wireshark on the Windows 10 Client after some time, which apparently comes from DNS requests? See screenshot: https://i.stack.imgur.com/DenXT.png
The output of firewall-cmd --list-all is as follows:
target: default
icmp-block-inversion: no
interfaces: venet0
sources:
services:
ports: 80/tcp 443/tcp 21/tcp 25/tcp 53/tcp 53/udp 110/tcp 143/tcp 465/tcp 587/tcp 993/tcp 995/tcp 7080/tcp 7081/tcp 8443/tcp 8447/tcp 8880/tcp 49152-65535/tcp 10022/tcp 10022/udp
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="10.8.0.0/24" masquerade
Sensitive output is removed.
If anyone can point me in a right direction how to debug this I would be very thankful.
