OpenConnect Client Configuration question

Sky1726 · March 22, 2023, 7:55pm

Hi EveryOne
i installed Luci OpenConnect to be able to establish a VPN connection .
after setting up the connection and enabling it and connecting to the server , nothing works . i cannot open any webpages or anything . checked the log , seems like the connection is connecting without any issue , getting DNS and all ...
tried assigning the connection interface to different section in firewall , but didn't seem to change the result .
even discconnecting it wont solve the issue , i have to reboot the router to get my connection back
Same config is working just fine on my phone with the Cisco app .

any help would be appreciated
thanks .

Edit :
Tried

 4. Firewall
At this point the VPN is set up and the router can use it, but devices in the LAN of your router won't be able to access the internet anymore.

We need to set the VPN network interface as public by assigning VPN interface to WAN zone.

4.1-a With Openwrt up to 18.06 and 19.07
Click on Network in the top bar and then on Interfaces to open the interfaces configuration page.
Click on button Add new Interface…
Fill the form with the following values: Name = OpenVPN, Protocol = Unmanaged, Interface = tun0. Then click on Create Interface.
Edit the interface.
In panel General Settings: unselect the checkbox Bring up on boot.
In panel Firewall Settings: Assign firewall-zone to wan.
Click on Save and Apply the new configuration.
Reboot the router.

and

4.1-b With Openwrt 19.07 (alternative to the above step 4.1)
Click on Network in the top bar and then on Firewall to open the firewall configuration page.

Click on the Edit button of the wan (red) zone in the Zones list at the bottom of the page.

Click on the Advanced Settings tab and select the tunX interface (tun0 in the screenshot, which is the most likely if you have a single OpenVPN client/server running)

with no luck

mk24 · March 22, 2023, 9:19pm

If it's only a problem with your firewall, you should still be able to reach the Internet via VPN from the router itself, with tests like ping and traceroute. In particular if you know the IP of the server's end of the tunnel, and that it replies to pings, that should be the first test.

For routing to work, your own LAN IP subnet can't overlap the tunnel IPs or a remote LAN that you're trying to reach. Change LAN subnet if necessary.

Dummy networks are no longer necessary since the firewall system now allows placing the network device itself (typically tun0) into a firewall zone. That should be the wan zone or a new zone with masquerade set. It is necessary to masquerade into the tunnel unless the network on the other side is configured with a route back to your LAN.

openwrtforever · March 22, 2023, 9:37pm

I tried openconnect client with Openwrt 19.07 and it did not work either, I had to upgrade to 22 to get it to work. Upgrade your OpenWRT to the latest version, 19 does not work with openconnect.

Sky1726 · March 23, 2023, 9:54pm

tried Diagnostic , Ping www.google.com and it didn't work
was fine before connecting to the server .
so should i assume that its not the firewall ?
so what should i check next ?


PING www.Google.com (216.239.38.120): 56 data bytes

--- www.Google.com ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

Sky1726 · March 23, 2023, 9:55pm

only Snapshot version for my device