Openvpn client connection issues

I'm trying to set up a vpn client connection from my router to a vpn service provider, everything seems to work except an error on the following command:

/sbin/route add -net vpn_public_ip netmask 255.255.255.255 gw 192.168.100.1

Any hint? P.S. The client configuration works well from a client connected to LAN.

Please confirm that is your ISP's router or the IP of an upstream router.

Also...is there a reason the VPN software isn't creating this route for you automatically?

1 Like

@lleachii Thank you for your response. This is more information about my router configuration:

IMG_20181109_131312

As I saw the error I tried to execute the /sbin/route command manually and it throws no error and actually establishes the route, this is the output from openvpn daemon:

IMG_20181109_131607

I don'r know if I'm wrong but the connection seems to happen but no Internet there...

And this is how I configured firewall zones:

IMG_20181109_131745

Let me know if I need to provide more information. Thank you.

  • Can you try adding the routes here:

Screenshot%20from%202018-11-09%2007-33-20

Also, if you want to put a route for the Internet via the VPN, use the two routes 0.0.0.0/1 and 128.0.0.0/1 - instead of 0.0.0.0/0.

Also clarify if you're referring to OpenVPN, or you manually creating a route???

@lleachi I'm referring to OpenVPN, is there any way I can add these routes from command line?

OK, that wasn't clear at first.

Sure. Simply use ip route add in OpenWrt.

Even better...so that it is your configs, add it to System > Startup > Local Startup in the LuCI web GUI, or at /etc/config/network - you would add:

config route                                     
        option interface '<??????????>'
        option target '<vpn_public_ip>'
        option netmask '255.255.255.255'
        option gateway '192.168.100.1'

Also, don't forget to specify a physical interface - as in my example above!

Just added the route rule, now what I get is this:

malol

the previous error vanished and everything seems fine... still... NO INTERNET :persevere::disappointed_relieved:

I'm not suite sure why you're showing me that picture...except to demonstrate you're able to connect to the VPN server.

Also, you noted one route rule, did you create the 2 routes to the Internet for 0.0.0.0/1 and 128.0.0.0/1???

1 Like

I hope these one I made are correct:

routes

I say "I hope" because now Internet works (and I thank you so much for that), but a weird phenomenon happens: when checking public ip on the internet sometimes I get the public vpn ip, sometimes I get mine :sweat_smile::sweat_smile::sweat_smile::sweat_smile:

Could it be because of "not-so-really-precise" routes? :roll_eyes:

1 Like
  • YOUR 87.101.92.170 ENTRY IS WRONG IF THAT'S THE IP TO THE VPN SERVER...IT SHOULD BE ON YOUR INTERFACE WAN!

  • Also, your VPN routes shouldn't need a gateway IP, it's a Layer 3 tunnel (that IP is wrong for the VPN's gateway anyway)!!!

After you fix it, show your ip route show result.

in the hope I correctly understood the revisions to make, I get no Internet again and this is the output for "ip route show":

IMG_20181109_211229

You did not correctly edit the 128.0.0.0/1 route, it still has a gateway listed.

BTW, in your screenshot of the web GUI, you had 128.0.0.1, it should be 128.0.0.0.

ok, sorry, I just updated but no way it works if I don't specify gateways for 0.0.0.0/1 and 128.0.0.0/1 routes. If I do, and I also tried internal vpn subnet gateway it connects to the internet but it doesn't hide my real ip.

Then I'm very lost. I've never specified a gateway when the Interface is a Layer 3 tunnel.

Screenshot%20from%202018-11-09%2018-05-00

I'm not sure what you mean by "subnet gateway IP." There is no such thing on a Layer 3 tunnel.

Make certain that you're not confusing your WAN gateway for routes needing to use your VPN interface.

  • ALSO, DON'T USE CIDR /1 AND SUBNET MASK, ONLY USE ONE OR THE OTHER!

EDIT: Also, if you have clients on those other zones besides LAN, they must also be permitted to forward traffic to the VPN interface!!!

@lleachi thanks for the patience, I tried like this:

corretto

I hope it's correct this time... still. doesn't work!

so what I tried to do was deleting those 3 routes from "Static routes", restart router, reapply vpn and type: "route -n" to see what routes "spontaneously" came out and I got this:

154184830354099683

Therefore I put those in "static route" but still... no luck :frowning:

Openvpn documents recommend don't use common 192.168.0.1/24 & 192.168.1.1/24 subnet for your openvpn router. Try changing other subnet.

See this, section "Numbering Private Subnets":
https://openvpn.net/community-resources/how-to/#scope

@leeandy thank you for your reply, followed your suggestion, changed subnet to 192.168.4.1, still no luck:

looool

I noticed a very strange thing, whenever I change routes, if I try, in the next 4-5 seconds, to refresh the page at ipleak.net to see if internet works and I have public vpn ip, it works but then suddenly stops.

I see many wrong static routes. Pls setup from scratch. If you prioritize traffic through vpn, see the section " Routing all client traffic (including web-traffic) through the VPN" on link above.

1 Like

I solved the problem! My router is a dga4132, Telecom Italia "blocked" it with a custom limited-feature firmware so I had to "root" it. The problem is when I installed "Luci" it came with a lot of "Traffic rules" under the firewall section which pratically inhibited the vpn. I followed this guide https://airvpn.org/topic/15405-using-airvpn-with-openwrt/ and everything now works like a charm! P.S. I didn't have to write a single Static Route rule. Thanks for the patience @lleachii and @leeandy

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.