Networking – OpenVPN Setup with PIA Connects but No Internet


Currently using Ubuntu Server 14.04 (so no GUI, all terminal) sitting inside VirtualBox, and am currently trying to get it to connect to Private Internet Access using their VPN configs found here (which can be downloaded without an account for those wanting to take a look at their opvm files).

After downloading and extracting the zip file, I run for example "sudo openvpn –config France.opvm". This is the output.

Tue May 13 03:37:06 2014 UDPv4 link local: [undef]
Tue May 13 03:37:06 2014 UDPv4 link remote: [AF_INET]
Tue May 13 03:37:06 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue May 13 03:37:07 2014 [Private Internet Access] Peer Connection Initiated with [AF_INET]
Tue May 13 03:37:09 2014 TUN/TAP device tun0 opened
Tue May 13 03:37:09 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue May 13 03:37:09 2014 /sbin/ip link set dev tun0 up mtu 1500
Tue May 13 03:37:09 2014 /sbin/ip addr add dev tun0 local peer
Tue May 13 03:37:09 2014 Initialization Sequence Completed

Now, from what I understand, last line says connection is established. Seconds and third last limes show OpenVPN creating the IP routes. If I run ifconfig, I can see there's a new tun0 interface with a correct IP.

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:  P-t-P:  Mask:
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:336 (336.0 B)

My issue is now however is that I have no internet access. Ping doesn't work and simply times out. What is it I'm doing wrong that doesn't allow me to have a connection? Any help is appreciated.

Best Answer

You have to add redirect-gateway to your configuration (or use openvpn --redirect-gateway):

--redirect-gateway [local] [def1]
    (Experimental) Automatically execute routing commands to cause all outgoing IP traffic to be redirected over the VPN.

    This option performs three steps:

    (1) Create a static route for the --remote address which forwards to the pre-existing default gateway. This is done so that (3) will not create a routing loop.

    (2) Delete the default gateway route.

    (3) Set the new default gateway to be the VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).

    When the tunnel is torn down, all of the above steps are reversed so that the original default route is restored.

    Add the local flag if both OpenVPN servers are directly connected via a common subnet, such as with wireless. The local flag will cause step 1 above to be omitted.

    Add the def1 flag to override the default gateway by using and rather than This has the benefit of overriding but not wiping out the original default gateway.

    Using the def1 flag is highly recommended, and is currently planned to become the default by OpenVPN 2.1.
Related Question