I'm on 19.07 Stable and connecting to NordVPN via OpenVPN. After the connection I'm able to access the internet using a browser or nslookup and my IP address is changed but unable to ping or ssh anything outside of my network even via ip address (e.g. ping 8.8.8.8)
I'm pasting some of the config below, any advise would be appreciated. I'm able to use the same OVPN file on my laptop using TunnelBlick and after connection is established, I'm still able to ping external IP's
Also I've tried adding --pull-filter ignore redirect-gateway to the OVPN file and use VPN Policy Routing to divert traffic with same results.
OVPN File
client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no
remote-cert-tls server
auth-user-pass secret
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
...
firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option network 'guest'
option forward 'REJECT'
option name 'guest'
option output 'ACCEPT'
option input 'REJECT'
config forwarding
option dest 'wan'
option src 'guest'
config rule
option dest_port '53'
option src 'guest'
option name 'Allow-Guest-DNS'
option target 'ACCEPT'
option proto 'tcp udp'
option family 'ipv4'
config rule
option dest_port '67-68'
option src 'guest'
option name 'Allow-Guest-DHCP'
option target 'ACCEPT'
option proto 'udp'
option family 'ipv4'
config zone
option name 'vpnfirewall'
option output 'ACCEPT'
option mtu_fix '1'
list network 'nordvpntun'
option masq '1'
option input 'REJECT'
option forward 'REJECT'
config forwarding
option src 'lan'
option dest 'vpnfirewall'
config forwarding
option dest 'vpnfirewall'
option src 'guest'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config rule
option target 'ACCEPT'
option src 'vpnfirewall'
option family 'ipv4'
option name 'Allow-VPN-Ping'
list icmp_type 'echo-request'
option proto 'icmp'
firewall.user
if (! ip a s tun0 up) && (! iptables -C forwarding_rule -j REJECT); then
iptables -I forwarding_rule -j REJECT
fi