16.04 - Não é possível acessar a Internet com o OpenVPN (NATed)

Este é o problema: quando tento acessar um site pela rota da minha VPN, não consigo acessar nenhum site.

leonekmi@leonekmi-MS-7693:~$ sudo openvpn --config client.ovpn 
Tue Mar 21 19:38:16 2017 Unrecognized option or missing parameter(s) in client.ovpn:15: block-outside-dns (2.3.11)
Tue Mar 21 19:38:16 2017 OpenVPN 2.3.11 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2016
Tue Mar 21 19:38:16 2017 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Tue Mar 21 19:38:16 2017 Control Channel Authentication: tls-auth using INLINE static key file
Tue Mar 21 19:38:16 2017 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Mar 21 19:38:16 2017 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Mar 21 19:38:16 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Mar 21 19:38:16 2017 UDPv4 link local: [undef]
Tue Mar 21 19:38:16 2017 UDPv4 link remote: [AF_INET]51.15.133.92:1194
Tue Mar 21 19:38:16 2017 TLS: Initial packet from [AF_INET]51.15.133.92:1194, sid=36302260 cbeaeb22
Tue Mar 21 19:38:16 2017 VERIFY OK: depth=1, CN=ChangeMe
Tue Mar 21 19:38:16 2017 Validating certificate key usage
Tue Mar 21 19:38:16 2017 ++ Certificate has key usage  00a0, expects 00a0
Tue Mar 21 19:38:16 2017 VERIFY KU OK
Tue Mar 21 19:38:16 2017 Validating certificate extended key usage
Tue Mar 21 19:38:16 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Mar 21 19:38:16 2017 VERIFY EKU OK
Tue Mar 21 19:38:16 2017 VERIFY OK: depth=0, CN=server
Tue Mar 21 19:38:16 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Mar 21 19:38:16 2017 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Mar 21 19:38:16 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Mar 21 19:38:16 2017 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Mar 21 19:38:16 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-GCM-SHA256, 3072 bit RSA
Tue Mar 21 19:38:16 2017 [server] Peer Connection Initiated with [AF_INET]51.15.133.92:1194
Tue Mar 21 19:38:18 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Mar 21 19:38:18 2017 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 80.67.169.12,dhcp-option DNS 80.67.169.40,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
Tue Mar 21 19:38:18 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Mar 21 19:38:18 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Mar 21 19:38:18 2017 OPTIONS IMPORT: route options modified
Tue Mar 21 19:38:18 2017 OPTIONS IMPORT: route-related options modified
Tue Mar 21 19:38:18 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Mar 21 19:38:18 2017 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=enp5s0 HWADDR=d8:cb:8a:e7:a9:61
Tue Mar 21 19:38:18 2017 TUN/TAP device tun0 opened
Tue Mar 21 19:38:18 2017 TUN/TAP TX queue length set to 100
Tue Mar 21 19:38:18 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Mar 21 19:38:18 2017 /sbin/ip link set dev tun0 up mtu 1500
Tue Mar 21 19:38:18 2017 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Tue Mar 21 19:38:18 2017 /sbin/ip route add 51.15.133.92/32 via 192.168.0.1
Tue Mar 21 19:38:18 2017 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Tue Mar 21 19:38:18 2017 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Tue Mar 21 19:38:18 2017 Initialization Sequence Completed
^CTue Mar 21 19:40:14 2017 event_wait : Interrupted system call (code=4)
Tue Mar 21 19:40:14 2017 /sbin/ip route del 51.15.133.92/32
Tue Mar 21 19:40:14 2017 /sbin/ip route del 0.0.0.0/1
Tue Mar 21 19:40:14 2017 /sbin/ip route del 128.0.0.0/1
Tue Mar 21 19:40:14 2017 Closing TUN/TAP interface
Tue Mar 21 19:40:14 2017 /sbin/ip addr del dev tun0 10.8.0.2/24
Tue Mar 21 19:40:14 2017 SIGINT[hard,] received, process exiting
leonekmi@leonekmi-MS-7693:~$

Saída de grep VPN /var/log/* : link

Eu tentei esta solução: É possível conectar-se ao OpenVPN, mas sem acesso à Internet

Eu usei este script: link

Meu servidor é NATed no Scaleway

Cliente: 16.10

Servidor: 16.04 LTS

EDITAR:

Log do servidor:

root  /etc/openvpn
openvpn --config server.conf
Wed Mar 29 19:04:16 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb  2 2016
Wed Mar 29 19:04:16 2017 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Wed Mar 29 19:04:16 2017 Diffie-Hellman initialized with 3072 bit key
Wed Mar 29 19:04:16 2017 Control Channel Authentication: using 'tls-auth.key' as a OpenVPN static key file
Wed Mar 29 19:04:16 2017 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Mar 29 19:04:16 2017 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Mar 29 19:04:16 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Mar 29 19:04:16 2017 TUN/TAP device tun0 opened
Wed Mar 29 19:04:16 2017 TUN/TAP TX queue length set to 100
Wed Mar 29 19:04:16 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Mar 29 19:04:16 2017 /sbin/ip link set dev tun0 up mtu 1500
Wed Mar 29 19:04:16 2017 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Wed Mar 29 19:04:16 2017 GID set to nogroup
Wed Mar 29 19:04:16 2017 UID set to nobody
Wed Mar 29 19:04:16 2017 UDPv4 link local (bound): [undef]
Wed Mar 29 19:04:16 2017 UDPv4 link remote: [undef]
Wed Mar 29 19:04:16 2017 MULTI: multi_init called, r=256 v=256
Wed Mar 29 19:04:16 2017 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Wed Mar 29 19:04:16 2017 ifconfig_pool_read(), in='leonekmi_profile,10.8.0.2', TODO: IPv6
Wed Mar 29 19:04:16 2017 succeeded -> ifconfig_pool_set()
Wed Mar 29 19:04:16 2017 IFCONFIG POOL LIST
Wed Mar 29 19:04:16 2017 leonekmi_profile,10.8.0.2
Wed Mar 29 19:04:16 2017 Initialization Sequence Completed
Wed Mar 29 19:04:20 2017 lol_my_ip:42127 TLS: Initial packet from [AF_INET]lol_my_ip:42127, sid=8c8e1b19 e9b91518
Wed Mar 29 19:04:20 2017 lol_my_ip:42127 CRL CHECK OK: CN=ChangeMe
Wed Mar 29 19:04:20 2017 lol_my_ip:42127 VERIFY OK: depth=1, CN=ChangeMe
Wed Mar 29 19:04:20 2017 lol_my_ip:42127 CRL CHECK OK: CN=leonekmi_profile
Wed Mar 29 19:04:20 2017 lol_my_ip:42127 VERIFY OK: depth=0, CN=leonekmi_profile
Wed Mar 29 19:04:20 2017 lol_my_ip:42127 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Mar 29 19:04:20 2017 lol_my_ip:42127 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Mar 29 19:04:20 2017 lol_my_ip:42127 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Mar 29 19:04:20 2017 lol_my_ip:42127 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Mar 29 19:04:20 2017 lol_my_ip:42127 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES128-GCM-SHA256, 3072 bit RSA
Wed Mar 29 19:04:20 2017 lol_my_ip:42127 [leonekmi_profile] Peer Connection Initiated with [AF_INET]lol_my_ip:42127
Wed Mar 29 19:04:20 2017 leonekmi_profile/lol_my_ip:42127 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Wed Mar 29 19:04:20 2017 leonekmi_profile/lol_my_ip:42127 MULTI: Learn: 10.8.0.2 -> leonekmi_profile/lol_my_ip:42127
Wed Mar 29 19:04:20 2017 leonekmi_profile/lol_my_ip:42127 MULTI: primary virtual IP for leonekmi_profile/lol_my_ip:42127: 10.8.0.2
Wed Mar 29 19:04:22 2017 leonekmi_profile/lol_my_ip:42127 PUSH: Received control message: 'PUSH_REQUEST'
Wed Mar 29 19:04:22 2017 leonekmi_profile/lol_my_ip:42127 send_push_reply(): safe_cap=940
Wed Mar 29 19:04:22 2017 leonekmi_profile/lol_my_ip:42127 SENT CONTROL [leonekmi_profile]: 'PUSH_REPLY,dhcp-option DNS 80.67.169.12,dhcp-option DNS 80.67.169.40,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)'''