ubuntu server fqdn refusing to connect to website only when connected to openvpn

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP








up vote
0
down vote

favorite












Running on my Ubuntu Server I have
Openvpn Server + Pihole Dns (routing only dns)
& an iredmail server



I have a domain name which I have pointed to the server, and a fqdn is set



Everything works separately unless I wish to connect to this server via the domain name (for example the web address of the online mailbox) with a client already connected via OpenVPN - Im getting connection refused errors.



eg.
Connecting to openvpn server using domain in openvpn client config works ✔



connecting to ssh works using domain ✔



connecting to online mail inbox using domain works ✔



when connected to vpn,



all work when connecting via server's public ip address ✔



but refuse connection when using domain.



Im assuming its an firewall/iptables issue but im headdesking rn.



here are my iptables rules (ive combined rules of iredmail and pihole)



*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

# Keep state.
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Loop device.
-A INPUT -i lo -j ACCEPT

# Allow PING from remote hosts.
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# ssh
-A INPUT -p tcp --dport 27 -j ACCEPT

# http, https
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

# smtp, submission
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT

# pop3, pop3s
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT
#-A INPUT -p tcp --dport 10110 -j ACCEPT

# imap, imaps
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT
#-A INPUT -p tcp --dport 10143 -j ACCEPT

# lmtp
#-A INPUT -p tcp --dport 24 -j ACCEPT
#-A INPUT -p tcp --dport 1024 -j ACCEPT

# managesieve
#-A INPUT -p tcp --dport 4190 -j ACCEPT
#-A INPUT -p tcp --dport 10419 -j ACCEPT

# Dovecot SASL AUTH service for HAProxy
#-A INPUT -p tcp --dport 12346 -j ACCEPT

# ldap/ldaps
#-A INPUT -p tcp --dport 389 -j ACCEPT
#-A INPUT -p tcp --dport 636 -j ACCEPT


#-A INPUT -p tcp --dport 3306 -j ACCEPT
#-A INPUT -p tcp --dport 4444 -j ACCEPT
#-A INPUT -p tcp --dport 4567 -j ACCEPT
#-A INPUT -p tcp --dport 4568 -j ACCEPT

# PostgreSQL service.
#-A INPUT -p tcp --dport 5432 -j ACCEPT

# Amavisd
#-A INPUT -p tcp --dport 10024 -j ACCEPT
#-A INPUT -p tcp --dport 10025 -j ACCEPT
#-A INPUT -p tcp --dport 10026 -j ACCEPT
#-A INPUT -p tcp --dport 9998 -j ACCEPT

# iRedAPD
#-A INPUT -p tcp --dport 7777 -j ACCEPT

# ftp.
#-A INPUT -p tcp --dport 20 -j ACCEPT
#-A INPUT -p tcp --dport 21 -j ACCEPT

# ejabberd
#-A INPUT -p tcp --dport 5222 -j ACCEPT
#-A INPUT -p tcp --dport 5223 -j ACCEPT
#-A INPUT -p tcp --dport 5280 -j ACCEPT

-I INPUT -i tun0 -j ACCEPT

-A INPUT -i tun0 -p tcp --destination-port 53 -j ACCEPT
-A INPUT -i tun0 -p udp --destination-port 53 -j ACCEPT
-A INPUT -i tun0 -p tcp --destination-port 80 -j ACCEPT

-A INPUT -p tcp --destination-port 27 -j ACCEPT
-A INPUT -p tcp --destination-port 1194 -j ACCEPT
-A INPUT -p udp --destination-port 1194 -j ACCEPT

-I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-I INPUT -i lo -j ACCEPT

#-A INPUT -p udp --dport 80 -j REJECT --reject-with icmp-port-unreachable
#-A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset
#-A INPUT -p udp --dport 443 -j REJECT --reject-with icmp-port-unreachable
COMMIT


and the result of ip routes



default via 192.168.1.1 dev enp2s1 proto static
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
192.168.1.0/24 dev enp2s1 proto kernel scope link src 192.168.1.200



networking dns iptables firewall openvpn




share|improve this question
























    up vote
    0
    down vote

    favorite












    Running on my Ubuntu Server I have
    Openvpn Server + Pihole Dns (routing only dns)
    & an iredmail server



    I have a domain name which I have pointed to the server, and a fqdn is set



    Everything works separately unless I wish to connect to this server via the domain name (for example the web address of the online mailbox) with a client already connected via OpenVPN - Im getting connection refused errors.



    eg.
    Connecting to openvpn server using domain in openvpn client config works ✔



    connecting to ssh works using domain ✔



    connecting to online mail inbox using domain works ✔



    when connected to vpn,



    all work when connecting via server's public ip address ✔



    but refuse connection when using domain.



    Im assuming its an firewall/iptables issue but im headdesking rn.



    here are my iptables rules (ive combined rules of iredmail and pihole)



    *filter
    :INPUT DROP [0:0]
    :FORWARD DROP [0:0]
    :OUTPUT ACCEPT [0:0]

    # Keep state.
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    # Loop device.
    -A INPUT -i lo -j ACCEPT

    # Allow PING from remote hosts.
    -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

    # ssh
    -A INPUT -p tcp --dport 27 -j ACCEPT

    # http, https
    -A INPUT -p tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp --dport 443 -j ACCEPT

    # smtp, submission
    -A INPUT -p tcp --dport 25 -j ACCEPT
    -A INPUT -p tcp --dport 587 -j ACCEPT

    # pop3, pop3s
    -A INPUT -p tcp --dport 110 -j ACCEPT
    -A INPUT -p tcp --dport 995 -j ACCEPT
    #-A INPUT -p tcp --dport 10110 -j ACCEPT

    # imap, imaps
    -A INPUT -p tcp --dport 143 -j ACCEPT
    -A INPUT -p tcp --dport 993 -j ACCEPT
    #-A INPUT -p tcp --dport 10143 -j ACCEPT

    # lmtp
    #-A INPUT -p tcp --dport 24 -j ACCEPT
    #-A INPUT -p tcp --dport 1024 -j ACCEPT

    # managesieve
    #-A INPUT -p tcp --dport 4190 -j ACCEPT
    #-A INPUT -p tcp --dport 10419 -j ACCEPT

    # Dovecot SASL AUTH service for HAProxy
    #-A INPUT -p tcp --dport 12346 -j ACCEPT

    # ldap/ldaps
    #-A INPUT -p tcp --dport 389 -j ACCEPT
    #-A INPUT -p tcp --dport 636 -j ACCEPT


    #-A INPUT -p tcp --dport 3306 -j ACCEPT
    #-A INPUT -p tcp --dport 4444 -j ACCEPT
    #-A INPUT -p tcp --dport 4567 -j ACCEPT
    #-A INPUT -p tcp --dport 4568 -j ACCEPT

    # PostgreSQL service.
    #-A INPUT -p tcp --dport 5432 -j ACCEPT

    # Amavisd
    #-A INPUT -p tcp --dport 10024 -j ACCEPT
    #-A INPUT -p tcp --dport 10025 -j ACCEPT
    #-A INPUT -p tcp --dport 10026 -j ACCEPT
    #-A INPUT -p tcp --dport 9998 -j ACCEPT

    # iRedAPD
    #-A INPUT -p tcp --dport 7777 -j ACCEPT

    # ftp.
    #-A INPUT -p tcp --dport 20 -j ACCEPT
    #-A INPUT -p tcp --dport 21 -j ACCEPT

    # ejabberd
    #-A INPUT -p tcp --dport 5222 -j ACCEPT
    #-A INPUT -p tcp --dport 5223 -j ACCEPT
    #-A INPUT -p tcp --dport 5280 -j ACCEPT

    -I INPUT -i tun0 -j ACCEPT

    -A INPUT -i tun0 -p tcp --destination-port 53 -j ACCEPT
    -A INPUT -i tun0 -p udp --destination-port 53 -j ACCEPT
    -A INPUT -i tun0 -p tcp --destination-port 80 -j ACCEPT

    -A INPUT -p tcp --destination-port 27 -j ACCEPT
    -A INPUT -p tcp --destination-port 1194 -j ACCEPT
    -A INPUT -p udp --destination-port 1194 -j ACCEPT

    -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

    -I INPUT -i lo -j ACCEPT

    #-A INPUT -p udp --dport 80 -j REJECT --reject-with icmp-port-unreachable
    #-A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset
    #-A INPUT -p udp --dport 443 -j REJECT --reject-with icmp-port-unreachable
    COMMIT


    and the result of ip routes



    default via 192.168.1.1 dev enp2s1 proto static
    10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
    192.168.1.0/24 dev enp2s1 proto kernel scope link src 192.168.1.200



    networking dns iptables firewall openvpn




    share|improve this question






















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      Running on my Ubuntu Server I have
      Openvpn Server + Pihole Dns (routing only dns)
      & an iredmail server



      I have a domain name which I have pointed to the server, and a fqdn is set



      Everything works separately unless I wish to connect to this server via the domain name (for example the web address of the online mailbox) with a client already connected via OpenVPN - Im getting connection refused errors.



      eg.
      Connecting to openvpn server using domain in openvpn client config works ✔



      connecting to ssh works using domain ✔



      connecting to online mail inbox using domain works ✔



      when connected to vpn,



      all work when connecting via server's public ip address ✔



      but refuse connection when using domain.



      Im assuming its an firewall/iptables issue but im headdesking rn.



      here are my iptables rules (ive combined rules of iredmail and pihole)



      *filter
      :INPUT DROP [0:0]
      :FORWARD DROP [0:0]
      :OUTPUT ACCEPT [0:0]

      # Keep state.
      -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

      # Loop device.
      -A INPUT -i lo -j ACCEPT

      # Allow PING from remote hosts.
      -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

      # ssh
      -A INPUT -p tcp --dport 27 -j ACCEPT

      # http, https
      -A INPUT -p tcp --dport 80 -j ACCEPT
      -A INPUT -p tcp --dport 443 -j ACCEPT

      # smtp, submission
      -A INPUT -p tcp --dport 25 -j ACCEPT
      -A INPUT -p tcp --dport 587 -j ACCEPT

      # pop3, pop3s
      -A INPUT -p tcp --dport 110 -j ACCEPT
      -A INPUT -p tcp --dport 995 -j ACCEPT
      #-A INPUT -p tcp --dport 10110 -j ACCEPT

      # imap, imaps
      -A INPUT -p tcp --dport 143 -j ACCEPT
      -A INPUT -p tcp --dport 993 -j ACCEPT
      #-A INPUT -p tcp --dport 10143 -j ACCEPT

      # lmtp
      #-A INPUT -p tcp --dport 24 -j ACCEPT
      #-A INPUT -p tcp --dport 1024 -j ACCEPT

      # managesieve
      #-A INPUT -p tcp --dport 4190 -j ACCEPT
      #-A INPUT -p tcp --dport 10419 -j ACCEPT

      # Dovecot SASL AUTH service for HAProxy
      #-A INPUT -p tcp --dport 12346 -j ACCEPT

      # ldap/ldaps
      #-A INPUT -p tcp --dport 389 -j ACCEPT
      #-A INPUT -p tcp --dport 636 -j ACCEPT


      #-A INPUT -p tcp --dport 3306 -j ACCEPT
      #-A INPUT -p tcp --dport 4444 -j ACCEPT
      #-A INPUT -p tcp --dport 4567 -j ACCEPT
      #-A INPUT -p tcp --dport 4568 -j ACCEPT

      # PostgreSQL service.
      #-A INPUT -p tcp --dport 5432 -j ACCEPT

      # Amavisd
      #-A INPUT -p tcp --dport 10024 -j ACCEPT
      #-A INPUT -p tcp --dport 10025 -j ACCEPT
      #-A INPUT -p tcp --dport 10026 -j ACCEPT
      #-A INPUT -p tcp --dport 9998 -j ACCEPT

      # iRedAPD
      #-A INPUT -p tcp --dport 7777 -j ACCEPT

      # ftp.
      #-A INPUT -p tcp --dport 20 -j ACCEPT
      #-A INPUT -p tcp --dport 21 -j ACCEPT

      # ejabberd
      #-A INPUT -p tcp --dport 5222 -j ACCEPT
      #-A INPUT -p tcp --dport 5223 -j ACCEPT
      #-A INPUT -p tcp --dport 5280 -j ACCEPT

      -I INPUT -i tun0 -j ACCEPT

      -A INPUT -i tun0 -p tcp --destination-port 53 -j ACCEPT
      -A INPUT -i tun0 -p udp --destination-port 53 -j ACCEPT
      -A INPUT -i tun0 -p tcp --destination-port 80 -j ACCEPT

      -A INPUT -p tcp --destination-port 27 -j ACCEPT
      -A INPUT -p tcp --destination-port 1194 -j ACCEPT
      -A INPUT -p udp --destination-port 1194 -j ACCEPT

      -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

      -I INPUT -i lo -j ACCEPT

      #-A INPUT -p udp --dport 80 -j REJECT --reject-with icmp-port-unreachable
      #-A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset
      #-A INPUT -p udp --dport 443 -j REJECT --reject-with icmp-port-unreachable
      COMMIT


      and the result of ip routes



      default via 192.168.1.1 dev enp2s1 proto static
      10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
      192.168.1.0/24 dev enp2s1 proto kernel scope link src 192.168.1.200



      networking dns iptables firewall openvpn




      share|improve this question












      Running on my Ubuntu Server I have
      Openvpn Server + Pihole Dns (routing only dns)
      & an iredmail server



      I have a domain name which I have pointed to the server, and a fqdn is set



      Everything works separately unless I wish to connect to this server via the domain name (for example the web address of the online mailbox) with a client already connected via OpenVPN - Im getting connection refused errors.



      eg.
      Connecting to openvpn server using domain in openvpn client config works ✔



      connecting to ssh works using domain ✔



      connecting to online mail inbox using domain works ✔



      when connected to vpn,



      all work when connecting via server's public ip address ✔



      but refuse connection when using domain.



      Im assuming its an firewall/iptables issue but im headdesking rn.



      here are my iptables rules (ive combined rules of iredmail and pihole)



      *filter
      :INPUT DROP [0:0]
      :FORWARD DROP [0:0]
      :OUTPUT ACCEPT [0:0]

      # Keep state.
      -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

      # Loop device.
      -A INPUT -i lo -j ACCEPT

      # Allow PING from remote hosts.
      -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

      # ssh
      -A INPUT -p tcp --dport 27 -j ACCEPT

      # http, https
      -A INPUT -p tcp --dport 80 -j ACCEPT
      -A INPUT -p tcp --dport 443 -j ACCEPT

      # smtp, submission
      -A INPUT -p tcp --dport 25 -j ACCEPT
      -A INPUT -p tcp --dport 587 -j ACCEPT

      # pop3, pop3s
      -A INPUT -p tcp --dport 110 -j ACCEPT
      -A INPUT -p tcp --dport 995 -j ACCEPT
      #-A INPUT -p tcp --dport 10110 -j ACCEPT

      # imap, imaps
      -A INPUT -p tcp --dport 143 -j ACCEPT
      -A INPUT -p tcp --dport 993 -j ACCEPT
      #-A INPUT -p tcp --dport 10143 -j ACCEPT

      # lmtp
      #-A INPUT -p tcp --dport 24 -j ACCEPT
      #-A INPUT -p tcp --dport 1024 -j ACCEPT

      # managesieve
      #-A INPUT -p tcp --dport 4190 -j ACCEPT
      #-A INPUT -p tcp --dport 10419 -j ACCEPT

      # Dovecot SASL AUTH service for HAProxy
      #-A INPUT -p tcp --dport 12346 -j ACCEPT

      # ldap/ldaps
      #-A INPUT -p tcp --dport 389 -j ACCEPT
      #-A INPUT -p tcp --dport 636 -j ACCEPT


      #-A INPUT -p tcp --dport 3306 -j ACCEPT
      #-A INPUT -p tcp --dport 4444 -j ACCEPT
      #-A INPUT -p tcp --dport 4567 -j ACCEPT
      #-A INPUT -p tcp --dport 4568 -j ACCEPT

      # PostgreSQL service.
      #-A INPUT -p tcp --dport 5432 -j ACCEPT

      # Amavisd
      #-A INPUT -p tcp --dport 10024 -j ACCEPT
      #-A INPUT -p tcp --dport 10025 -j ACCEPT
      #-A INPUT -p tcp --dport 10026 -j ACCEPT
      #-A INPUT -p tcp --dport 9998 -j ACCEPT

      # iRedAPD
      #-A INPUT -p tcp --dport 7777 -j ACCEPT

      # ftp.
      #-A INPUT -p tcp --dport 20 -j ACCEPT
      #-A INPUT -p tcp --dport 21 -j ACCEPT

      # ejabberd
      #-A INPUT -p tcp --dport 5222 -j ACCEPT
      #-A INPUT -p tcp --dport 5223 -j ACCEPT
      #-A INPUT -p tcp --dport 5280 -j ACCEPT

      -I INPUT -i tun0 -j ACCEPT

      -A INPUT -i tun0 -p tcp --destination-port 53 -j ACCEPT
      -A INPUT -i tun0 -p udp --destination-port 53 -j ACCEPT
      -A INPUT -i tun0 -p tcp --destination-port 80 -j ACCEPT

      -A INPUT -p tcp --destination-port 27 -j ACCEPT
      -A INPUT -p tcp --destination-port 1194 -j ACCEPT
      -A INPUT -p udp --destination-port 1194 -j ACCEPT

      -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

      -I INPUT -i lo -j ACCEPT

      #-A INPUT -p udp --dport 80 -j REJECT --reject-with icmp-port-unreachable
      #-A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset
      #-A INPUT -p udp --dport 443 -j REJECT --reject-with icmp-port-unreachable
      COMMIT


      and the result of ip routes



      default via 192.168.1.1 dev enp2s1 proto static
      10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
      192.168.1.0/24 dev enp2s1 proto kernel scope link src 192.168.1.200




      networking dns iptables firewall openvpn





      share|improve this question











      share|improve this question




      share|improve this question










      asked May 13 at 13:18









      wlvar

      11




      11

























          active

          oldest

          votes











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "89"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );








           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1035700%2fubuntu-server-fqdn-refusing-to-connect-to-website-only-when-connected-to-openvpn%23new-answer', 'question_page');

          );

          Post as a guest






















          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes










           

          draft saved


          draft discarded


























           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1035700%2fubuntu-server-fqdn-refusing-to-connect-to-website-only-when-connected-to-openvpn%23new-answer', 'question_page');

          );

          Post as a guest
































































          -

          Popular posts from this blog

          pylint3 and pip3 broken

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have tried sudo apt remove --purge on various packages. I get the same when I reinstall. I have also tried reinstall using aptitude. This does not work. My current workaround is to run pylint3 as root, which works, but is bad practice. pip3 $ pip3 Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pip/_vendor/__init__.py", line 33, in vendored __import__(vendored_name, globals(), locals(), level=0) ImportError: No module named 'pip._vendor.pkg_resources' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/bin/pip3", line 9, in <module> from pip import main File "/usr/lib/python3/dist-packages/pip/__init__.py", line 13, in <module> from pip.exceptions import InstallationError, CommandError, PipError File "/usr/lib/python3/dist-packages/pip/exceptions.py", line 6, ...
          Read more

          Missing snmpget and snmpwalk

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried to install it with: apt-get install net-snmp-utils but I have error message: Unable to locate package. I have also check what from SNMP is preinstalled and there is: libsnmp-base libsnmp30:amd64 snmp-mibs-downloader snmpd snmptrapd snmptrapfmt How can I install snmpget and snmpwalk ? snmp zabbix share | improve this question edited Jan 29 at 10:10 Yaron 8,552 7 18 38 asked Jan 29 at 9:51 Alfista 1 apt install snmp perhaps ? If named differently - apt cache snmp – fugitive Jan 29 at 10:00 add a comment  |  up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried...
          Read more

          How to enroll fingerprints to Ubuntu 17.10 with VFS491

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I decided to switch from Windows to Ubuntu 17.10, I meet it like 8 years ago and I didn't decided to switch until now (haha). Well, my actual device is an HP Probook 4540s with a Validity fingerprint sensor (VFS491). The fingerprint sensor worked fine on Windows but I can't get it to work in Ubuntu. The device is recognized as 138a:003d but is not detected as a fingerprint scanner by some apps like Fingerprint GUI. I want to use the fingerprint scanner to log in into my user account in Ubuntu but it doesn't supports fingerprints without special software and the drivers of the fingerprint scanner are available for Windows but not for any Linux distribution. I found something on GitHub (https://github.com/eekpie/libfprint) about the integration of the VFS491 in libfprint and I think it can help but I don't know what to do with it, so that's why I need the help of the community to do it since I am...
          Read more