Hello all,
I am fairly new to OpenWRT and OpenVPN but have managed to successfully setup a VM with the x86-64 running and a OpenVPN client connecting to a paid vpn provider.
What i am finding is that with some servers i connect to (e.g AU Melb) it will successfully ping (via the openwrt cms ssh) to a pub ip ( e.g 1.1.1.1, 9.9.9.9, 8.8.8.8) but with other vpn servers it will just timeouts (e.g US San Francisco)
When connected to a AUS Melbourne server the following ping command receives a response 4 times, no packet loss.
ping -I tun0 1.1.1.1
but when i connect to a US San Francisco server with the same command i get no response.
Same issue when i use the ping test in the Diagnostic menu.
I am trying to setup a script to run every minute to ping over the tun0 interface and if no response is received it will restart the openvpn service.
Any help would be great
trendy
May 22, 2019, 12:54pm
2
I am not sure I understand exactly the problem.
Does ping work immediately after connecting, but not after a while?
Doesn't it work at all?
Can you post here the vpn configuration as well as the following:
cat /etc/config/network; cat /etc/config/firewall; ip -4 addr ; ip -4 ro ; ip -4 ru
@NewbieWRT , welcome to the community!
NewbieWRT:
When connected to a AUS Melbourne server the following ping command receives a response 4 times, no packet loss.
ping -I tun0 1.1.1.1
but when i connect to a US San Francisco server with the same command i get no response.
Why don't you inquire with your VPN provider?
I surmise you pay for support, correct?
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd43:6de5:dcf6::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option netmask '255.255.255.0'
option delegate '0'
option ipaddr '10.58.32.1'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
option delegate '0'
option hostname 'openwrtusa'
option metric '5'
config interface 'ovct'
option proto 'none'
option ifname 'tun0'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
option masq '0'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'vpnfirewall'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'ovct'
config forwarding
option dest 'vpnfirewall'
option src 'lan'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 10.58.23.3/24 brd 10.58.23.255 scope global eth1
valid_lft forever preferred_lft forever
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 10.58.32.1/24 brd 10.58.32.255 scope global br-lan
valid_lft forever preferred_lft forever
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
inet 10.182.0.14 peer 10.182.0.13/32 scope global tun0
valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.182.0.13 dev tun0
default via 10.58.23.1 dev eth1 proto static src 10.58.23.3 metric 5
10.58.23.0/24 dev eth1 proto static scope link metric 5
10.58.32.0/24 dev br-lan proto kernel scope link src 10.58.32.1
10.182.0.1 via 10.182.0.13 dev tun0
10.182.0.13 dev tun0 proto kernel scope link src 10.182.0.14
104.238.43.143 via 10.58.23.1 dev eth1
128.0.0.0/1 via 10.182.0.13 dev tun0
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
With the above config i cannot ping through the tun0 interface successfully.
If i change the vpn server i am connecting to, lets say to a AU Melb server, i can ping through the tun0 interface no worries at all.
The .ovpn config files i use are identical and the only difference is the address for the different vpn servers.
All i can think of is that some of the vpn servers are blocking pings, while others are not.
Has me puzzled.
YES!!! That's all I can think of too!!!
lleachii:
Why don't you inquire with your VPN provider?
I surmise you pay for support, correct?
1 Like