OpenVPN connection causes client to lose Internet

[adv]

I just setup an OpenVPN instance on 25.7.11_2.  It connects and traffic via the tunnel seems fine with Windows Remote Desktop able to connect and function and surf the Internet from the remote computer.  But the local computer loses its Internet connection completely.  The Internet comes back as soon as I disconnect from the OpenVPN server.

I am new to this so can only guess at the cause and solution.  I guessed that it has something to do with the Internet traffic on the local computer being redirected through the tunnel but then I should get at least some response to web page clicks but I get NOTHING.  Now I am guessing that it might have something to do with DNS.  I tried toggling a few settings but nothing changed.  Can someone point me in the right direction?

[nero355]

- I guessed that it has something to do with the Internet traffic on the local computer being redirected through the tunnel.
- Now I am guessing that it might have something to do with DNS.

Can someone point me in the right direction?

What did ping/tracert/traceroute/nslookup/dig had to say about this ?? ;)

[adv]

What did ping/tracert/traceroute/nslookup/dig had to say about this ?? ;)

Thanks for your help.

From my local Windows 11 computer:
Local network:

Code Select Expand

ping -n 1 192.168.1.24

Pinging 192.168.1.24 with 32 bytes of data:
Reply from 192.168.1.24: bytes=32 time=22ms TTL=64

Ping statistics for 192.168.1.24:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 22ms, Average = 22ms
Remote netowrk:

Code Select Expand

ping -n 1 192.168.90.17

Pinging 192.168.90.17 with 32 bytes of data:
Reply from 192.168.90.17: bytes=32 time=23ms TTL=63

Ping statistics for 192.168.90.17:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 23ms, Average = 23ms
Internet:

Code Select Expand

ping -n 1 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=19ms TTL=114

Ping statistics for 8.8.8.8:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 19ms, Average = 19ms
Ping of local network, remote network, and Google get quick replies.  So, there is some Internet connectivity but I am still unable to browse.

Code Select Expand

tracert 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1     1 ms     1 ms     1 ms  192.168.1.1
  2    10 ms    12 ms    10 ms  10.61.193.35
  3    12 ms    13 ms    10 ms  162.151.216.241
  4    12 ms     9 ms    18 ms  po-2-rur201.exeter.nh.boston.comcast.net [68.86.224.229]
  5    38 ms    19 ms   124 ms  po-200-xar01.exeter.nh.boston.comcast.net [96.110.22.29]
  6   109 ms    16 ms    23 ms  be-301-arsc1.needham.ma.boston.comcast.net [162.151.150.125]
  7    23 ms    28 ms    18 ms  96.110.42.9
  8    25 ms    22 ms    20 ms  96.110.34.26
  9     *        *        *     Request timed out.
 10    25 ms    18 ms    19 ms  142.251.225.89
 11    25 ms    19 ms    21 ms  142.251.60.235
 12    20 ms    18 ms    18 ms  dns.google [8.8.8.8]

Trace complete.
I just don't know enough to interpret those results.

Code Select Expand

nslookup 8.8.8.8
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  207.172.3.9

DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out
Again, not sure what this really means for me.

[nero355]

Again, not sure what this really means for me.

I would say you have no DNS Server on the OpenVPN connection ?

It has been a while for me that I have done anything with OpenVPN so I can't help you that much, but in general for any VPN there is for example the option to have so called 'Split-Horizon' connections via a tunnel.

You can then decide :
- If there should be a Internet Connection via the Tunnel.
It will then replace your Local Internet Connection.
- If there should be a DNS Server available inside the Tunnel.
If not, then the Client uses it's Local DNS Server.

When you use the OpenVPN connection just like a shortcut to the Remote Desktop and for nothing else then both sides are connected as 'Split-Horizon' and not a so called 'Full Tunnel' :)

Basically check your Routing & DNS Options you have applied to the OpenVPN connection and make sure they do exactly what you want them to do !!

[nero355]

Some questions =>

From my local Windows 11 computer:
Local network:

Code Select Expand

ping -n 1 192.168.1.24

Pinging 192.168.1.24 with 32 bytes of data:
Reply from 192.168.1.24: bytes=32 time=22ms TTL=64

Ping statistics for 192.168.1.24:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 22ms, Average = 22ms

Who is this IP address ?

Another PC ? Your Router ? Something else ?

Remote netowrk:

Code Select Expand

ping -n 1 192.168.90.17

Pinging 192.168.90.17 with 32 bytes of data:
Reply from 192.168.90.17: bytes=32 time=23ms TTL=63

Ping statistics for 192.168.90.17:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 23ms, Average = 23ms

This is the subnet on the OpenVPN connection and the IP address of the Remote Desktop PC ?!

Internet:

Code Select Expand

ping -n 1 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=19ms TTL=114

Ping statistics for 8.8.8.8:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 19ms, Average = 19ms

You ping without DNS resolving, but is the VPN active ? On which Client/Server ?

Ping of local network, remote network, and Google get quick replies.  So, there is some Internet connectivity but I am still unable to browse.

On the Remote Desktop PC or your Local PC ?

Code Select Expand

tracert 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1     1 ms     1 ms     1 ms  192.168.1.1
  2    10 ms    12 ms    10 ms  10.61.193.35
  3    12 ms    13 ms    10 ms  162.151.216.241
  4    12 ms     9 ms    18 ms  po-2-rur201.exeter.nh.boston.comcast.net [68.86.224.229]
  5    38 ms    19 ms   124 ms  po-200-xar01.exeter.nh.boston.comcast.net [96.110.22.29]
  6   109 ms    16 ms    23 ms  be-301-arsc1.needham.ma.boston.comcast.net [162.151.150.125]
  7    23 ms    28 ms    18 ms  96.110.42.9
  8    25 ms    22 ms    20 ms  96.110.34.26
  9     *        *        *     Request timed out.
 10    25 ms    18 ms    19 ms  142.251.225.89
 11    25 ms    19 ms    21 ms  142.251.60.235
 12    20 ms    18 ms    18 ms  dns.google [8.8.8.8]

Trace complete.

Who is :

Code Select Expand

  2    10 ms    12 ms    10 ms  10.61.193.35Exactly ?

Code Select Expand

nslookup 8.8.8.8
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  207.172.3.9

DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

This should tell you dns.google as answer, but usually you nslookup opnsense.org for example and then it gives you an IP address.

That is the reason you "Have no internet" in your browser I think.

[adv]

Again, not sure what this really means for me.

I would say you have no DNS Server on the OpenVPN connection ?

It has been a while for me that I have done anything with OpenVPN so I can't help you that much, but in general for any VPN there is for example the option to have so called 'Split-Horizon' connections via a tunnel.

You can then decide :
- If there should be a Internet Connection via the Tunnel.
It will then replace your Local Internet Connection.
- If there should be a DNS Server available inside the Tunnel.
If not, then the Client uses it's Local DNS Server.

When you use the OpenVPN connection just like a shortcut to the Remote Desktop and for nothing else then both sides are connected as 'Split-Horizon' and not a so called 'Full Tunnel' :)

Basically check your Routing & DNS Options you have applied to the OpenVPN connection and make sure they do exactly what you want them to do !!

Right, my research turned up mentions of "Split-Horizon" and I think that is what I want.  I don't want all Internet coming through the tunnel.  I want the client to still use its own Internet connection.  The problem is that I can't find info on how to do that.  I found some mention of the "Redirect gateway" setting but I cannot find any info on what each of those settings does and they are not intuitive (and other posters found the same problem).  So, I just don't know how to set all that up and can't find a good how-to.

[adv]

Some questions =>

From my local Windows 11 computer:
Local network:

Code Select Expand

ping -n 1 192.168.1.24

Pinging 192.168.1.24 with 32 bytes of data:
Reply from 192.168.1.24: bytes=32 time=22ms TTL=64

Ping statistics for 192.168.1.24:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 22ms, Average = 22ms

Who is this IP address ?

Another PC ? Your Router ? Something else ?

192.168.1.24 is another PC on the local network.

Remote network:

Code Select Expand

ping -n 1 192.168.90.17

Pinging 192.168.90.17 with 32 bytes of data:
Reply from 192.168.90.17: bytes=32 time=23ms TTL=63

Ping statistics for 192.168.90.17:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 23ms, Average = 23ms

This is the subnet on the OpenVPN connection and the IP address of the Remote Desktop PC ?!

No, 192.168.90.0/24 is a subnet at the remote location and 192.168.90.17 is a device on that subnet.

Internet:

Code Select Expand

ping -n 1 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=19ms TTL=114

Ping statistics for 8.8.8.8:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 19ms, Average = 19ms

You ping without DNS resolving, but is the VPN active ? On which Client/Server ?

Yes, VPN was active then and it did ping Google.

Ping of local network, remote network, and Google get quick replies.  So, there is some Internet connectivity but I am still unable to browse.

On the Remote Desktop PC or your Local PC ?

On the local PC.  Browsing on the remote PC works fine.

Code Select Expand

tracert 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1    1 ms    1 ms    1 ms  192.168.1.1
  2    10 ms    12 ms    10 ms  10.61.193.35
  3    12 ms    13 ms    10 ms  162.151.216.241
  4    12 ms    9 ms    18 ms  po-2-rur201.exeter.nh.boston.comcast.net [68.86.224.229]
  5    38 ms    19 ms  124 ms  po-200-xar01.exeter.nh.boston.comcast.net [96.110.22.29]
  6  109 ms    16 ms    23 ms  be-301-arsc1.needham.ma.boston.comcast.net [162.151.150.125]
  7    23 ms    28 ms    18 ms  96.110.42.9
  8    25 ms    22 ms    20 ms  96.110.34.26
  9    *        *        *    Request timed out.
 10    25 ms    18 ms    19 ms  142.251.225.89
 11    25 ms    19 ms    21 ms  142.251.60.235
 12    20 ms    18 ms    18 ms  dns.google [8.8.8.8]

Trace complete.

Who is :

Code Select Expand

  2    10 ms    12 ms    10 ms  10.61.193.35Exactly ?

No idea who 10.61.193.35 is nor 162.151.216.241.  I was guessing they were part of my ISP's infrastructure???

Code Select Expand

nslookup 8.8.8.8
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  207.172.3.9

DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

This should tell you dns.google as answer, but usually you nslookup opnsense.org for example and then it gives you an IP address.

That is the reason you "Have no internet" in your browser I think.

So you are saying there is no DNS?  Is that the cause of all of this.  My thought is that it could be.  So, what I want to do is to have the local computer runs its Internet traffic and its DNS through its own Internet connection and NOT through the tunnel.  That is known as Split-Horizon, right?  I just can't find a good how-to article on the most recent version of OpenVPN.