Cannot access server when I'm not using my VPN

As the title says, I can’t access my server unless my computer and server both are connected to my VPN. I noticed this when I was trying to install a Let’s Encrypt certificate for a domain and got Errno 22 “can’t access server through http”. I have this problem both with a subdomain and a domain name I own myself.

The debug message from the cert-install command tells me “domain IP from DNS” and “public IP from the server” are identical to each other, both when I’m on VPN and when I’m not. “domain IP from local DNS” on the other hand is different from both my VPN IP address and my normal IP address. It remains the same regardless of whether I’m connected to the VPN or not though.

Any ideas of what my problem could be? Hints of how to debug? What is a “local DNS” anyway?

Some new clues. Local DNS as I understand is for example when you have connected a particular IP to some domain name in /etc/hosts or in /etc/resolv.conf. In my .conf-file for OpenVPN there is an up and a down option that calls the script /etc/openvpn/update-resolv-conf. However, my resolv.conf is really simple, just this:

# Generated by resolvconf

which doesn’t correspond to the local DNS IP iget from yunohost domain cert-install. (The one I get from there is always one owned by my VPN provider).

Does anyone else make use of the update-resolv-conf script? Has it caused trouble? I think it comes with the Debian version of OpenVPN.

Have you configured your vpn by hand or did you use vpnclient app ?

When you don’t use your VPN, did you configure your router with a DMZ / upnp or port forwarding ?

I don’t use the vpnclient app. I just installed OpenVPN and followed the instructions from my VPN-provider. Basically putting their .conf-file in the right place and enabling the service openvpn-client@conffile.service.

I have UPnP activated and reloaded the firewall after I closed down the VPN but the local DNS IP didn’t change.

Have you configured your router? it may not accept upnp protocol

Yes, I have activated UPnP in the router settings.

Do you think I should try the vpn-client app instead? I could do it if there’s any point to it. I noticed the feature “Set DNS resolvers on the host”. It sounds kind of related to my problem.

No your problem is not related to the DNS resolver,


This file is ok, because dnsmasq should be running and be used as a partial dns resolver.

As the title says, I can’t access my server unless my computer and server both are connected to my VPN.

How do you access to your server with the ip (and which ip) or with the domain name ?
A computer outside on the internet can’t access to your server in that case ?
Has your VPN a public ip ?

You should try by configuring a port forwarding or a DMZ on your router.

May be the router do hairpining

I’m accessing it trough the domain name. Curiously enough, I can’t seem to access it with just the IP address now that I check. I have two domain names, one address and one ordinary domain name. Both work when I’m connected to the VPN.

Yes, that’s right. When I’m using my my computer on the same WiFi as the server but with VPN disconnected on the computer I can’t access it. I also can’t access it when using my mobile phone’s 4g internet.

This is interesting. I looked at their web page and it seems they have an additional service that I can subscribe to called “Public IPv4”. I don’t have it now. Does it mean they can block access to my server? They say that they don’t filter traffic in any way.

According to the first page, UPnP should be enough. I also don’t think that it’s hairpinning because I can’t access it from outside my home network either (tried it on my phone’s 4g).

I think I found the answer to the question about my VPN provider blocking the server. This is on their homepage:

And they won’t let me open ports below 49152. I guess that rules out using VPN unless I pay up (since I would need port 80 and 443 for http and https).

The problem still remains when I’m not using my VPN though. I shut down the VPN connection and reloaded the firewall. Still, it can’t be accessed. Trying to do a cert-install gives me the local DNS IP - domain ip from local DNS, which is different from before.

I will give port forwarding a shot and see if it makes any difference.

Ok, I guess I have it figured out now. Using manual port forwarding actually solved it. I don’t understand why UPnP didn’t work despite being activated. Thanks, @lfj, for the advice :grin:

You havent mentioned which VPN are you using? i think its a vpn issue due to which you cannot access to server.For LibreELEC. i am using surfshark vpn and its the best LibreELEC vpn so surfshark will solve your issue as well.

Yes, it was my VPN. They were blocking all incoming ports. Solved by buying an additional service from them which allows me to use ports.

It’s surprising that a VPN is blocking a host server. I have been using PureVPN and its different VPN Servers, and I didn’t face any issue like this yet none of my server conflict with each other.

Hi Poyu,
i was in trouble like you but in a mean time i rectify the issue, i had a free VPN for China and the same issue was created, Paid VPNs gives better service instead of Free. if you have paid VPN service then no Problems like this one.

1 Like

@alicejosef, third post created, third about the same website.
Next time, you’re banned…