is the tunnel running? How are you testing?
The openvpn server is up and running. I can connect to the server with my regular mobile data. When I am on my router connection and check on ifconfig.me, it doesn't give me the remote vpn's ip.
The router we're working on is the client, right?
Is OpenVPN running and the tunnel fully up?
My apologies, i rebooted and it's all good. The router is connecting me through vpn now.
Mwan3...
1 Like
I believe i can configure mwan3 on my own.
The other issue i am having is getting the radio devices to be connected to wifi network and create an access point. I believe some drivers are missing. Not sure where to start looking.
When i create access point settings, the access points get disabled/they don't function at all.
I've created two separate posts to keep the threads clean and relevant!
Usually the OpenVPN client will tear down its connection when the connection fails so that the default route will take over again.
That will only work if the VPN is using redirect-gateway def1 to preserve the existing default route.
It might be worth checking if this is the case, def1 will send a default route of 0.0.0.0/1 and 128.0.0.0/1 via the VPN to preserve the existing default route via the wan.
If your default route is actually replaced by the VPN client then report back for instructions how to deal with that.
it is also possible that the VPN does not tear the down the route in that case you could add to the openvpn config:
ping 30
ping-exit 60
But in the end you might need MWAN3
If your default route is actually replaced by the VPN client then report back for instructions how to deal with that.
Not sure how I would do that.
I've added the configs you suggested in my openvpn client config
client
proto udp
explicit-exit-notify
remote sakib-stark11.ddns.net 1194
dev tun
redirect-gateway def1
ping 30
ping-exit 60
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_KIgzqb2CotODJD1f name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
....
It doesn't seem to do anything. I also have mwan3 configured but that aslo doesn't do anything.
Recall this also affects routing.
should I get rid of mwan3 to test the vpn configs only then?
1 Like
Didn't you make another thread about fail over?
Given OpenVPN should destroy the route if it disconnects, that (i.e. OpenVPN alone) should work with a 1 VPN sernaio.
mwan3 allows you to configure conditions, etc.
Just don't use both.
If the VPN is up please show output of :
ip route show
1 Like
0.0.0.0/1 via 10.8.0.1 dev tun0
default via 192.168.1.1 dev phy1-sta0 proto static src 192.168.1.46 metric 20
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.2
18.171.145.7 via 192.168.1.1 dev phy1-sta0
128.0.0.0/1 via 10.8.0.1 dev tun0
192.168.1.0/24 dev phy1-sta0 proto static scope link metric 20
192.168.10.0/24 dev br-lan proto kernel scope link src 192.168.10.1
1 Like
Removed the mwan3 install.
Still the behaviour is the same
1 Like
That looks OK your default route is preserved, so usually when the OpenVPN client stops working it will give up and tear down the route.
Can you confirm that the openvpn is working?
What happens if you block the ip address of the VPN server?
The VPN should go down after about slightly over a minute and the default route should take over.
Check after about a minute with ip route show if the VPN routes are gone
To test You can block the servers ip address with:
nft insert rule inet fw4 output ip daddr <servers-ip-address> counter reject
Check the rule with:
nft list chain 'inet fw4' output
1 Like
This has resolved it. Thanks all.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.