OpenConnect (ocserv) Connected on client side, But Can not open any web page (NO INTERNET)












0















Consider these links :
openconnect / ocserv
openconnect / ocserv Installation - CentOS, RHEL, Fedora

I have centos 7.6 as server with public ip.

Also in client machine i have windows 7 os with wireless internet.

I followed these commands to install openconnect on server machine :



sudo yum -y install gnutls-devel libev-devel tcp_wrappers-devel pam-devel lz4-devel libseccomp-devel readline-devel libnl3-devel krb5-devel radcli-devel
sudo yum -y install epel-release
sudo yum repolist enabled
sudo yum info ocserv
sudo yum -y install ocserv
sudo ocpasswd -c /etc/ocserv/ocpasswd test
123
nano -K /etc/ocserv/ocserv.conf


And here is ocserv.conf file :



auth = "plain[passwd=/etc/ocserv/ocpasswd]"

tcp-port = 8090
udp-port = 8090

run-as-user = ocserv
run-as-group = ocserv

socket-file = ocserv.sock

chroot-dir = /var/lib/ocserv

isolate-workers = true

max-clients = 5

max-same-clients = 1

keepalive = 32400

dpd = 90

mobile-dpd = 1800

switch-to-tcp-timeout = 25

try-mtu-discovery = true

server-cert = /etc/pki/ocserv/public/server.crt
server-key = /etc/pki/ocserv/private/server.key

ca-cert = /etc/pki/ocserv/cacerts/ca.crt

cert-user-oid = 0.9.2342.19200300.100.1.1

tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"

auth-timeout = 240

min-reauth-time = 300

max-ban-score = 50

ban-reset-time = 300

cookie-timeout = 300

deny-roaming = false

rekey-time = 172800

rekey-method = ssl

use-occtl = true

pid-file = /var/run/ocserv.pid

device = vpns

predictable-ips = true

default-domain = example.com

ipv4-network = 192.168.102.0
ipv4-netmask = 255.255.255.0

dns = 8.8.8.8
dns = 8.8.4.4

ping-leases = false

cisco-client-compat = true

dtls-legacy = true

user-profile = profile.xml

# Routes to be forwarded to the client. If you need the
# client to forward routes to the server, you may use the
# config-per-user/group or even connect and disconnect scripts.
#
# To set the server as the default gateway for the client just
# comment out all routes from the server, or use the special keyword
# 'default'.

#route = 10.10.10.0/255.255.255.0
#route = 192.168.0.0/255.255.0.0
#route = fef4:db8:1000:1001::/64


After editing ocserv.conf i did these commands :



sudo systemctl start ocserv
sudo systemctl enable ocserv
sudo systemctl status ocserv


Now i downloaded gui software from here on client machine.

Client machine can connect to openconnect with username test successfully.

But the problem is that i can not open any web page on client machine & it seems there is NO INTERNET.

What should i do on server machine to fix this problem?





Edit After Comment :

Firewall is off on both server & client.

I did nothing about routing or forwarding.

I am not familiar with them.

If necessary tell me what should i do about them?

Also i found this link about my situation. But not satisfy...








share|improve this question

























  • Probably nothing. Is it supposed to have Internet on the first place? What is the goal of the VPN? Full tunnel to corporate access or only for Internet access?

    – Rui F Ribeiro
    Feb 19 at 19:13











  • The goal of VPN is bypass Internet censorship in my area.

    – SilverLight
    Feb 19 at 19:20











  • Would you please detail what firewall rules have you setup for it to work, and what you did for routing? Have you followed any tutorial? The links provided in the question do not seem particularly useful.

    – Rui F Ribeiro
    Feb 19 at 19:23













  • Please see my edit.

    – SilverLight
    Feb 19 at 19:39











  • I enabled firewalld and tried these commands : sudo firewall-cmd --permanent --add-masquerade and systemctl reload firewalld > Now i can surf the internet on client machine easily. Why firewalld acts like that? Why it should be enable?

    – SilverLight
    Feb 22 at 22:35


















0















Consider these links :
openconnect / ocserv
openconnect / ocserv Installation - CentOS, RHEL, Fedora

I have centos 7.6 as server with public ip.

Also in client machine i have windows 7 os with wireless internet.

I followed these commands to install openconnect on server machine :



sudo yum -y install gnutls-devel libev-devel tcp_wrappers-devel pam-devel lz4-devel libseccomp-devel readline-devel libnl3-devel krb5-devel radcli-devel
sudo yum -y install epel-release
sudo yum repolist enabled
sudo yum info ocserv
sudo yum -y install ocserv
sudo ocpasswd -c /etc/ocserv/ocpasswd test
123
nano -K /etc/ocserv/ocserv.conf


And here is ocserv.conf file :



auth = "plain[passwd=/etc/ocserv/ocpasswd]"

tcp-port = 8090
udp-port = 8090

run-as-user = ocserv
run-as-group = ocserv

socket-file = ocserv.sock

chroot-dir = /var/lib/ocserv

isolate-workers = true

max-clients = 5

max-same-clients = 1

keepalive = 32400

dpd = 90

mobile-dpd = 1800

switch-to-tcp-timeout = 25

try-mtu-discovery = true

server-cert = /etc/pki/ocserv/public/server.crt
server-key = /etc/pki/ocserv/private/server.key

ca-cert = /etc/pki/ocserv/cacerts/ca.crt

cert-user-oid = 0.9.2342.19200300.100.1.1

tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"

auth-timeout = 240

min-reauth-time = 300

max-ban-score = 50

ban-reset-time = 300

cookie-timeout = 300

deny-roaming = false

rekey-time = 172800

rekey-method = ssl

use-occtl = true

pid-file = /var/run/ocserv.pid

device = vpns

predictable-ips = true

default-domain = example.com

ipv4-network = 192.168.102.0
ipv4-netmask = 255.255.255.0

dns = 8.8.8.8
dns = 8.8.4.4

ping-leases = false

cisco-client-compat = true

dtls-legacy = true

user-profile = profile.xml

# Routes to be forwarded to the client. If you need the
# client to forward routes to the server, you may use the
# config-per-user/group or even connect and disconnect scripts.
#
# To set the server as the default gateway for the client just
# comment out all routes from the server, or use the special keyword
# 'default'.

#route = 10.10.10.0/255.255.255.0
#route = 192.168.0.0/255.255.0.0
#route = fef4:db8:1000:1001::/64


After editing ocserv.conf i did these commands :



sudo systemctl start ocserv
sudo systemctl enable ocserv
sudo systemctl status ocserv


Now i downloaded gui software from here on client machine.

Client machine can connect to openconnect with username test successfully.

But the problem is that i can not open any web page on client machine & it seems there is NO INTERNET.

What should i do on server machine to fix this problem?





Edit After Comment :

Firewall is off on both server & client.

I did nothing about routing or forwarding.

I am not familiar with them.

If necessary tell me what should i do about them?

Also i found this link about my situation. But not satisfy...








share|improve this question

























  • Probably nothing. Is it supposed to have Internet on the first place? What is the goal of the VPN? Full tunnel to corporate access or only for Internet access?

    – Rui F Ribeiro
    Feb 19 at 19:13











  • The goal of VPN is bypass Internet censorship in my area.

    – SilverLight
    Feb 19 at 19:20











  • Would you please detail what firewall rules have you setup for it to work, and what you did for routing? Have you followed any tutorial? The links provided in the question do not seem particularly useful.

    – Rui F Ribeiro
    Feb 19 at 19:23













  • Please see my edit.

    – SilverLight
    Feb 19 at 19:39











  • I enabled firewalld and tried these commands : sudo firewall-cmd --permanent --add-masquerade and systemctl reload firewalld > Now i can surf the internet on client machine easily. Why firewalld acts like that? Why it should be enable?

    – SilverLight
    Feb 22 at 22:35
















0












0








0








Consider these links :
openconnect / ocserv
openconnect / ocserv Installation - CentOS, RHEL, Fedora

I have centos 7.6 as server with public ip.

Also in client machine i have windows 7 os with wireless internet.

I followed these commands to install openconnect on server machine :



sudo yum -y install gnutls-devel libev-devel tcp_wrappers-devel pam-devel lz4-devel libseccomp-devel readline-devel libnl3-devel krb5-devel radcli-devel
sudo yum -y install epel-release
sudo yum repolist enabled
sudo yum info ocserv
sudo yum -y install ocserv
sudo ocpasswd -c /etc/ocserv/ocpasswd test
123
nano -K /etc/ocserv/ocserv.conf


And here is ocserv.conf file :



auth = "plain[passwd=/etc/ocserv/ocpasswd]"

tcp-port = 8090
udp-port = 8090

run-as-user = ocserv
run-as-group = ocserv

socket-file = ocserv.sock

chroot-dir = /var/lib/ocserv

isolate-workers = true

max-clients = 5

max-same-clients = 1

keepalive = 32400

dpd = 90

mobile-dpd = 1800

switch-to-tcp-timeout = 25

try-mtu-discovery = true

server-cert = /etc/pki/ocserv/public/server.crt
server-key = /etc/pki/ocserv/private/server.key

ca-cert = /etc/pki/ocserv/cacerts/ca.crt

cert-user-oid = 0.9.2342.19200300.100.1.1

tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"

auth-timeout = 240

min-reauth-time = 300

max-ban-score = 50

ban-reset-time = 300

cookie-timeout = 300

deny-roaming = false

rekey-time = 172800

rekey-method = ssl

use-occtl = true

pid-file = /var/run/ocserv.pid

device = vpns

predictable-ips = true

default-domain = example.com

ipv4-network = 192.168.102.0
ipv4-netmask = 255.255.255.0

dns = 8.8.8.8
dns = 8.8.4.4

ping-leases = false

cisco-client-compat = true

dtls-legacy = true

user-profile = profile.xml

# Routes to be forwarded to the client. If you need the
# client to forward routes to the server, you may use the
# config-per-user/group or even connect and disconnect scripts.
#
# To set the server as the default gateway for the client just
# comment out all routes from the server, or use the special keyword
# 'default'.

#route = 10.10.10.0/255.255.255.0
#route = 192.168.0.0/255.255.0.0
#route = fef4:db8:1000:1001::/64


After editing ocserv.conf i did these commands :



sudo systemctl start ocserv
sudo systemctl enable ocserv
sudo systemctl status ocserv


Now i downloaded gui software from here on client machine.

Client machine can connect to openconnect with username test successfully.

But the problem is that i can not open any web page on client machine & it seems there is NO INTERNET.

What should i do on server machine to fix this problem?





Edit After Comment :

Firewall is off on both server & client.

I did nothing about routing or forwarding.

I am not familiar with them.

If necessary tell me what should i do about them?

Also i found this link about my situation. But not satisfy...








share|improve this question
















Consider these links :
openconnect / ocserv
openconnect / ocserv Installation - CentOS, RHEL, Fedora

I have centos 7.6 as server with public ip.

Also in client machine i have windows 7 os with wireless internet.

I followed these commands to install openconnect on server machine :



sudo yum -y install gnutls-devel libev-devel tcp_wrappers-devel pam-devel lz4-devel libseccomp-devel readline-devel libnl3-devel krb5-devel radcli-devel
sudo yum -y install epel-release
sudo yum repolist enabled
sudo yum info ocserv
sudo yum -y install ocserv
sudo ocpasswd -c /etc/ocserv/ocpasswd test
123
nano -K /etc/ocserv/ocserv.conf


And here is ocserv.conf file :



auth = "plain[passwd=/etc/ocserv/ocpasswd]"

tcp-port = 8090
udp-port = 8090

run-as-user = ocserv
run-as-group = ocserv

socket-file = ocserv.sock

chroot-dir = /var/lib/ocserv

isolate-workers = true

max-clients = 5

max-same-clients = 1

keepalive = 32400

dpd = 90

mobile-dpd = 1800

switch-to-tcp-timeout = 25

try-mtu-discovery = true

server-cert = /etc/pki/ocserv/public/server.crt
server-key = /etc/pki/ocserv/private/server.key

ca-cert = /etc/pki/ocserv/cacerts/ca.crt

cert-user-oid = 0.9.2342.19200300.100.1.1

tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"

auth-timeout = 240

min-reauth-time = 300

max-ban-score = 50

ban-reset-time = 300

cookie-timeout = 300

deny-roaming = false

rekey-time = 172800

rekey-method = ssl

use-occtl = true

pid-file = /var/run/ocserv.pid

device = vpns

predictable-ips = true

default-domain = example.com

ipv4-network = 192.168.102.0
ipv4-netmask = 255.255.255.0

dns = 8.8.8.8
dns = 8.8.4.4

ping-leases = false

cisco-client-compat = true

dtls-legacy = true

user-profile = profile.xml

# Routes to be forwarded to the client. If you need the
# client to forward routes to the server, you may use the
# config-per-user/group or even connect and disconnect scripts.
#
# To set the server as the default gateway for the client just
# comment out all routes from the server, or use the special keyword
# 'default'.

#route = 10.10.10.0/255.255.255.0
#route = 192.168.0.0/255.255.0.0
#route = fef4:db8:1000:1001::/64


After editing ocserv.conf i did these commands :



sudo systemctl start ocserv
sudo systemctl enable ocserv
sudo systemctl status ocserv


Now i downloaded gui software from here on client machine.

Client machine can connect to openconnect with username test successfully.

But the problem is that i can not open any web page on client machine & it seems there is NO INTERNET.

What should i do on server machine to fix this problem?





Edit After Comment :

Firewall is off on both server & client.

I did nothing about routing or forwarding.

I am not familiar with them.

If necessary tell me what should i do about them?

Also i found this link about my situation. But not satisfy...





centos vpn internet openconnect






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 1 at 2:59









Rui F Ribeiro

41.2k1481140




41.2k1481140










asked Feb 19 at 18:52









SilverLightSilverLight

1491211




1491211













  • Probably nothing. Is it supposed to have Internet on the first place? What is the goal of the VPN? Full tunnel to corporate access or only for Internet access?

    – Rui F Ribeiro
    Feb 19 at 19:13











  • The goal of VPN is bypass Internet censorship in my area.

    – SilverLight
    Feb 19 at 19:20











  • Would you please detail what firewall rules have you setup for it to work, and what you did for routing? Have you followed any tutorial? The links provided in the question do not seem particularly useful.

    – Rui F Ribeiro
    Feb 19 at 19:23













  • Please see my edit.

    – SilverLight
    Feb 19 at 19:39











  • I enabled firewalld and tried these commands : sudo firewall-cmd --permanent --add-masquerade and systemctl reload firewalld > Now i can surf the internet on client machine easily. Why firewalld acts like that? Why it should be enable?

    – SilverLight
    Feb 22 at 22:35





















  • Probably nothing. Is it supposed to have Internet on the first place? What is the goal of the VPN? Full tunnel to corporate access or only for Internet access?

    – Rui F Ribeiro
    Feb 19 at 19:13











  • The goal of VPN is bypass Internet censorship in my area.

    – SilverLight
    Feb 19 at 19:20











  • Would you please detail what firewall rules have you setup for it to work, and what you did for routing? Have you followed any tutorial? The links provided in the question do not seem particularly useful.

    – Rui F Ribeiro
    Feb 19 at 19:23













  • Please see my edit.

    – SilverLight
    Feb 19 at 19:39











  • I enabled firewalld and tried these commands : sudo firewall-cmd --permanent --add-masquerade and systemctl reload firewalld > Now i can surf the internet on client machine easily. Why firewalld acts like that? Why it should be enable?

    – SilverLight
    Feb 22 at 22:35



















Probably nothing. Is it supposed to have Internet on the first place? What is the goal of the VPN? Full tunnel to corporate access or only for Internet access?

– Rui F Ribeiro
Feb 19 at 19:13





Probably nothing. Is it supposed to have Internet on the first place? What is the goal of the VPN? Full tunnel to corporate access or only for Internet access?

– Rui F Ribeiro
Feb 19 at 19:13













The goal of VPN is bypass Internet censorship in my area.

– SilverLight
Feb 19 at 19:20





The goal of VPN is bypass Internet censorship in my area.

– SilverLight
Feb 19 at 19:20













Would you please detail what firewall rules have you setup for it to work, and what you did for routing? Have you followed any tutorial? The links provided in the question do not seem particularly useful.

– Rui F Ribeiro
Feb 19 at 19:23







Would you please detail what firewall rules have you setup for it to work, and what you did for routing? Have you followed any tutorial? The links provided in the question do not seem particularly useful.

– Rui F Ribeiro
Feb 19 at 19:23















Please see my edit.

– SilverLight
Feb 19 at 19:39





Please see my edit.

– SilverLight
Feb 19 at 19:39













I enabled firewalld and tried these commands : sudo firewall-cmd --permanent --add-masquerade and systemctl reload firewalld > Now i can surf the internet on client machine easily. Why firewalld acts like that? Why it should be enable?

– SilverLight
Feb 22 at 22:35







I enabled firewalld and tried these commands : sudo firewall-cmd --permanent --add-masquerade and systemctl reload firewalld > Now i can surf the internet on client machine easily. Why firewalld acts like that? Why it should be enable?

– SilverLight
Feb 22 at 22:35












0






active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f501674%2fopenconnect-ocserv-connected-on-client-side-but-can-not-open-any-web-page-no%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f501674%2fopenconnect-ocserv-connected-on-client-side-but-can-not-open-any-web-page-no%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

How to make a Squid Proxy server?

Is this a new Fibonacci Identity?

19世紀