Openvpn client connection issues

Installing and Using OpenWrt Network and Wireless Configuration
1

I'm trying to set up a vpn client connection from my router to a vpn service provider, everything seems to work except an error on the following command:

/sbin/route add -net vpn_public_ip netmask 255.255.255.255 gw 192.168.100.1

Any hint? P.S. The client configuration works well from a client connected to LAN.

2

Please confirm that is your ISP's router or the IP of an upstream router.

Also...is there a reason the VPN software isn't creating this route for you automatically?

1 Like
3

@lleachii Thank you for your response. This is more information about my router configuration:

IMG_20181109_131312

As I saw the error I tried to execute the /sbin/route command manually and it throws no error and actually establishes the route, this is the output from openvpn daemon:

IMG_20181109_131607

I don'r know if I'm wrong but the connection seems to happen but no Internet there...

And this is how I configured firewall zones:

IMG_20181109_131745

Let me know if I need to provide more information. Thank you.

4
  • Can you try adding the routes here:

Screenshot%20from%202018-11-09%2007-33-20

Also, if you want to put a route for the Internet via the VPN, use the two routes 0.0.0.0/1 and 128.0.0.0/1 - instead of 0.0.0.0/0.

Also clarify if you're referring to OpenVPN, or you manually creating a route???

5

@lleachi I'm referring to OpenVPN, is there any way I can add these routes from command line?

6

OK, that wasn't clear at first.

Sure. Simply use ip route add in OpenWrt.

Even better...so that it is your configs, add it to System > Startup > Local Startup in the LuCI web GUI, or at /etc/config/network - you would add:

config route                                     
        option interface '<??????????>'
        option target '<vpn_public_ip>'
        option netmask '255.255.255.255'
        option gateway '192.168.100.1'

Also, don't forget to specify a physical interface - as in my example above!

7

Just added the route rule, now what I get is this:

malol

the previous error vanished and everything seems fine... still... NO INTERNET :persevere::disappointed_relieved:

8

I'm not suite sure why you're showing me that picture...except to demonstrate you're able to connect to the VPN server.

Also, you noted one route rule, did you create the 2 routes to the Internet for 0.0.0.0/1 and 128.0.0.0/1???

1 Like
9

I hope these one I made are correct:

routes
routes1201×900 147 KB

I say "I hope" because now Internet works (and I thank you so much for that), but a weird phenomenon happens: when checking public ip on the internet sometimes I get the public vpn ip, sometimes I get mine :sweat_smile::sweat_smile::sweat_smile::sweat_smile:

Could it be because of "not-so-really-precise" routes? :roll_eyes:

1 Like
10

  • YOUR 87.101.92.170 ENTRY IS WRONG IF THAT'S THE IP TO THE VPN SERVER...IT SHOULD BE ON YOUR INTERFACE WAN!

  • Also, your VPN routes shouldn't need a gateway IP, it's a Layer 3 tunnel (that IP is wrong for the VPN's gateway anyway)!!!

After you fix it, show your ip route show result.

11

in the hope I correctly understood the revisions to make, I get no Internet again and this is the output for "ip route show":

IMG_20181109_211229

12

You did not correctly edit the 128.0.0.0/1 route, it still has a gateway listed.

BTW, in your screenshot of the web GUI, you had 128.0.0.1, it should be 128.0.0.0.

13

ok, sorry, I just updated but no way it works if I don't specify gateways for 0.0.0.0/1 and 128.0.0.0/1 routes. If I do, and I also tried internal vpn subnet gateway it connects to the internet but it doesn't hide my real ip.

14

Then I'm very lost. I've never specified a gateway when the Interface is a Layer 3 tunnel.

Screenshot%20from%202018-11-09%2018-05-00
Screenshot%20from%202018-11-09%2018-05-00997×60 5.89 KB

I'm not sure what you mean by "subnet gateway IP." There is no such thing on a Layer 3 tunnel.

Make certain that you're not confusing your WAN gateway for routes needing to use your VPN interface.

  • ALSO, DON'T USE CIDR /1 AND SUBNET MASK, ONLY USE ONE OR THE OTHER!

EDIT: Also, if you have clients on those other zones besides LAN, they must also be permitted to forward traffic to the VPN interface!!!

15

@lleachi thanks for the patience, I tried like this:

corretto

I hope it's correct this time... still. doesn't work!

so what I tried to do was deleting those 3 routes from "Static routes", restart router, reapply vpn and type: "route -n" to see what routes "spontaneously" came out and I got this:

154184830354099683

Therefore I put those in "static route" but still... no luck :frowning:

16

Openvpn documents recommend don't use common 192.168.0.1/24 & 192.168.1.1/24 subnet for your openvpn router. Try changing other subnet.

See this, section "Numbering Private Subnets":
https://openvpn.net/community-resources/how-to/#scope

17

@leeandy thank you for your reply, followed your suggestion, changed subnet to 192.168.4.1, still no luck:

looool

I noticed a very strange thing, whenever I change routes, if I try, in the next 4-5 seconds, to refresh the page at ipleak.net to see if internet works and I have public vpn ip, it works but then suddenly stops.

18

I see many wrong static routes. Pls setup from scratch. If you prioritize traffic through vpn, see the section " Routing all client traffic (including web-traffic) through the VPN" on link above.

1 Like
19

I solved the problem! My router is a dga4132, Telecom Italia "blocked" it with a custom limited-feature firmware so I had to "root" it. The problem is when I installed "Luci" it came with a lot of "Traffic rules" under the firewall section which pratically inhibited the vpn. I followed this guide https://airvpn.org/topic/15405-using-airvpn-with-openwrt/ and everything now works like a charm! P.S. I didn't have to write a single Static Route rule. Thanks for the patience @lleachii and @leeandy

1 Like
20

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.