OpenVPN Client connects but no Internet

Have you tried pinging the vpn directly?
ping -c 5 -I tun0 (here tun0 is the vpn interface)

Maybe, this is just a guess, try stopping and starting the vpn instead of restarting it. It may help in some cases.

Hi everyone!

I had the exact same issue than you @zorn, but I may have a very good news for you: I have found my issue (and so yours too, since I assume they are the same). Forget about iptables rules or other OpenVPN config problem. Your issue is way much more vicious than that :smiling_imp: :smiling_imp: It's the OpenWRT guide that you followed to enable your OpenVPN client (this link: I also followed this guide. And I assume that you are like me, a lazy guy, and did some copy/paste to setup everything.

However there is an invisible character that you copied and that mess up with the firewall. If you look carefully at the HTML code of this page at the line where you set uci set firewall.@zone[-1].masq="1" there is an HTML entitiy ​ which is an UNICODE zero width space! To fix the problem, simply type the following commands:

uci set firewall.@zone[2].masq="1"
service firewall restart && service openvpn restart

If you want to be 100% sure, don't copy paste those lines, but type it (normally they are zero width space free :wink:). Also pay attention to the zone number. In your case it is 2, the same as me, but if you create other zone before or after setting this one, this number may change.

The question is "how the hell did I noticed that?", well, I wanted to compare your UCI config with mine, so I copied all your config in a blank new page of WinMerge and did the same with my config. I then I noticed on the line firewall.@zone[2].masq='1' that it was actually displayed like that firewall.@zone[2].masq=' 1 ' in WinMerge. So I wonder why it was like that in both your and my config while the line for @zone[1] was OK. So I used an HEX editor and found this mystery UNICODE charater. I re-push the config to UCI, restart everything and it worked. Then I investigated and found this character that we both have comes from the OpenWRT guide.

I hope it helps to solve your problem. I guess the next step would be to contact some OpenWRT staff to correct this invisible typo!

1 Like

Thanks for your investigations. I fixed this now.

Thanks! Somehow, the character is still present in the HTML code, but now the copy/paste is OK. Tested and approved fix on the guide :wink:


What a perfect christmas gift from a stranger, I had already given up on this. Excellent ! BIG THANK YOU. I would have never found that.
Have an excellent end of the year !!!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.