Firewall and network look okay.
What happens if you remove these three directives from the OpenVPN server config:
option route_gateway 'dhcp'
list push 'route-gateway dhcp'
list push 'route 192.168.200.0 255.255.255.0'
One other thing that could be an issue... how is your OpenVPN service starting (server side)? If it auto-starts on boot, try doing a service restart and see if that resolves the issue.
/etc/init.d/openvpn restart
My theory is this: Due to some issues with timing and sequencing, it is possible that the OpenVPN service is starting before the time has been set on the router via NTP. when that happens, it can cause issues like this or other service failures. The solutions are to either delay the OpenVPN start until after NTP has succeeded, or to force a service restart when the clock is set for the first time after boot. Either method should resolve the issue if that is indeed the source of the problem.
Nothing changes with those configs removed. The vpn still connects but I still cannot ping the vpn server IP, internal router lan ip, or google dns 8.8.8.8.
This is what i see in the openvpn log on server side:
Mon Jun 18 09:37:03 2018 OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Jun 18 09:37:03 2018 library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10
Mon Jun 18 09:37:03 2018 TUN/TAP device ovpns0 opened
Mon Jun 18 09:37:03 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Jun 18 09:37:03 2018 /sbin/ip link set dev ovpns0 up mtu 1500
Mon Jun 18 09:37:03 2018 /sbin/ip addr add dev ovpns0 192.168.200.1/24 broadcast 192.168.200.255
Mon Jun 18 09:37:03 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET
Mon Jun 18 09:37:03 2018 UDPv4 link local (bound): [AF_INET][undef]:1194
Mon Jun 18 09:37:03 2018 UDPv4 link remote: [AF_UNSPEC]
Mon Jun 18 09:37:03 2018 Initialization Sequence Completed
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 peer info: IV_GUI_VER=OC30Android
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 peer info: IV_VER=3.2
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 peer info: IV_PLAT=android
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 peer info: IV_NCP=2
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 peer info: IV_TCPNL=1
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 peer info: IV_PROTO=2
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 peer info: IV_LZO=1
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 peer info: IV_LZO_SWAP=1
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 peer info: IV_LZ4=1
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 peer info: IV_LZ4v2=1
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 peer info: IV_COMP_STUB=1
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 peer info: IV_COMP_STUBv2=1
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 peer info: IV_AUTO_SESS=1
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 peer info: IV_BS64DL=1
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1542'
Mon Jun 18 09:37:41 2018 X.X.X.X:54842 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Mon Jun 18 09:37:42 2018 X.X.X.X:54842 [my-client] Peer Connection Initiated with [AF_INET]X.X.X.X:54842
Mon Jun 18 09:37:42 2018 my-client/X.X.X.X:54842 MULTI_sva: pool returned IPv4=192.168.200.2, IPv6=(Not enabled)
Mon Jun 18 09:37:42 2018 my-client/204.48.78.161:54842 IP packet with unknown IP version=15 seen
Mon Jun 18 09:37:43 2018 my-client/204.48.78.161:54842 IP packet with unknown IP version=15 seen
Mon Jun 18 09:37:44 2018 my-client/204.48.78.161:54842 IP packet with unknown IP version=15 seen
Mon Jun 18 09:37:45 2018 my-client/204.48.78.161:54842 IP packet with unknown IP version=15 seen
i've tried restarting openvpn many times already. Infact everytime i make a config change i restart the service. So i dont think its timing related.
Your logs indicate that there are some inconsistencies in the client vs server config files. Any directives found in both files need to be identical.
Mon Jun 18 09:37:41 2018 204.48.78.161:54842 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1542'
Mon Jun 18 09:37:41 2018 X.X.X.X:54842 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Try either removing comp-lzo from the server or setting it so that it is the same on both sides. Similarly, make sure that the lin-mtu is defined and the same on both sides. Make both of these changes at the same time.
On the server side. "comp-lzo" is set to yes. I checked on the client side in the .ovpn file, it was set to NO, I set to yes there too but that error message in the log still occurs. Shouldn't that value be pushed to the client by the server anyways?
Secondly, i cannot find where the MTU needs to be set. Again, that should be pushed to the client automatically?
things are only pushed from server to client if explicitly included as a push directive. I haven't experimented with intentionally introducing differences between the two, but I would imagine that certain differences would cause failures in communication since each side is expecting something different.
Try explicitly setting link-mtu as the same value on both sides -- maybe try in this order until that error disappears and/or things start working (always keeping both sides the same):
1541, 1542, 1500, 1492
would a MTU issue affect routing? because as i said, once connected to the VPN, the client cannot ping the vpn server IP or vice versa. That looks like a routing issue to me. Either the client doesnt know the route to the vpn server or the server doesnt know how to get back to the client.
PS, the server also cannot ping the client IP!
Also my server config has the following which as i understand mean, that push these to the client?
list push 'comp-lzo yes'
list push 'persist-key'
list push 'persist-tun'
list push 'topology subnet'
list push 'route-gateway dhcp'
list push 'redirect-gateway def1'
list push 'route 192.168.200.0 255.255.255.0'The fact that it is unable to ping/route traffic could be related to a bunch of things, including things like inability to negotiate compression or other details of the tunnel behavior. Anything that is contradictory on the server vs the client could cause problems, even if there is a push directive. So some of the directives can be omitted from the client if the server will push them, others may need to be present but always consistent.
Try removing this line:
list push 'route-gateway dhcp'
If it still isn't working, post both your server and client configs (sanitized where necessary, obviously), and then any logs from both sides during and after the connection is initiated.
Thanks. I tried remiving that line but still no go. Here all my logs and config files.. Beware long post!!
openwrt openvpn config, /etc/config/openvpn
config openvpn 'vpnserver'
option enabled '1'
option dev_type 'tun'
option dev 'ovpns0'
option port '1194'
option comp_lzo 'no'
option keepalive '10 120'
option persist_key '1'
option persist_tun '1'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/my-server.crt'
option key '/etc/openvpn/my-server.key'
option dh '/etc/openvpn/dh2048.pem'
option tls_auth '/etc/openvpn/tls-auth.key 0'
option mode 'server'
option tls_server '1'
option server '192.168.200.0 255.255.255.0'
option topology 'subnet'
option route_gateway 'dhcp'
option log '/tmp/openvpn.log'
option client_to_client '1'
list push 'comp-lzo yes'
list push 'persist-key'
list push 'persist-tun'
list push 'topology subnet'
list push 'redirect-gateway def1'
list push 'route 192.168.200.0 255.255.255.0'
list push 'dhcp-option DNS 10.0.0.1'
list push 'dhcp-option DNS 192.168.1.1'
Client side config file my-server.ovpn
client
dev tun
proto udp # Warning : Sometimes u need to declare udp4 or udp6
fast-io
remote my_dynamic_dns 1194
remote-cert-tls server
nobind
persist-key
persist-tun
comp-lzo no
verb 3
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</tls-auth>
client
dev tun
proto udp # Warning : Sometimes u need to declare udp4 or udp6
fast-io
remote my_dynamic_dns 1194
remote-cert-tls server
nobind
persist-key
persist-tun
comp-lzo no
verb 3
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
openwrt Router firewall
root@OpenWrt:/# cat /etc/config/firewall
config defaults
option syn_flood '1'
option output 'ACCEPT'
option forward 'REJECT'
option input 'DROP'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option forward 'DROP'
option output 'ACCEPT'
option masq '1'
option network 'wan wan6'
option mtu_fix '1'
option input 'DROP'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option target 'ACCEPT'
option proto 'udp'
config include
option path '/etc/firewall.user'
config forwarding
option dest 'wan'
option src 'lan'
config rule
option name 'Allow-OpenVPN-Inbound'
option target 'ACCEPT'
option src '*'
option dest_port '1194'
option proto 'tcp udp'
config zone
option name 'vpnserver'
option input 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option network 'vpnserver'
option forward 'REJECT'
config forwarding
option src 'vpnserver'
option dest 'wan'
config forwarding
option src 'vpnserver'
option dest 'lan'
Server side log when the client connects:
Note that i've tried setting "comp-lzo" to no and even removing that line from server and client side config files, but the message remains in the server side log.
I have been unable to figure out how to set MTU. I tried using both the "mssfix" and "tun-mtu" to set the mtu value but with either of those in the config file, the server does not even start.
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 peer info: IV_GUI_VER=OC30Android
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 peer info: IV_VER=3.2
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 peer info: IV_PLAT=android
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 peer info: IV_NCP=2
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 peer info: IV_TCPNL=1
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 peer info: IV_PROTO=2
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 peer info: IV_LZO=1
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 peer info: IV_LZO_SWAP=1
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 peer info: IV_LZ4=1
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 peer info: IV_LZ4v2=1
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 peer info: IV_COMP_STUB=1
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 peer info: IV_COMP_STUBv2=1
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 peer info: IV_AUTO_SESS=1
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 peer info: IV_BS64DL=1
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1542'
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Mon Jun 18 19:53:53 2018 204.48.78.161:53918 [my-client] Peer Connection Initiated with [AF_INET]204.48.78.161:53918
Mon Jun 18 19:53:53 2018 MULTI_sva: pool returned IPv4=192.168.200.2, IPv6=(Not enabled)
Mon Jun 18 19:54:02 2018 my-client/204.48.78.161:53918 IP packet with unknown IP version=15 seen
Client side log. Openvpn Android app
19:53:51.737 -- ----- OpenVPN Start -----
19:53:51.738 -- EVENT: CORE_THREAD_ACTIVE
19:53:51.739 -- Frame=512/2048/512 mssfix-ctrl=1250
19:53:51.747 -- UNUSED OPTIONS
0 [client]
1 [dev] [tun]
2 [proto] [udp]
3 [fast-io]
5 [remote-cert-tls] [server]
6 [nobind]
7 [persist-key]
8 [persist-tun]
9 [comp-lzo] [no]
10 [verb] [3]
11 [key-direction] [1]
13 [cert] [Certificate: Data: Version: 3 (0x2) Serial N...]
14 [key] [-----BEGIN PRIVATE KEY----- MIIJQwIBADANBgkqxxxxxxxxxxxxxxxx...]
15 [tls-auth] [# # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key ...]
19 [fast-io]
22 [nobind]
23 [persist-key]
24 [persist-tun]
26 [verb] [3]
19:53:51.748 -- EVENT: RESOLVE
19:53:51.752 -- Contacting my_dynamic_dns_IP:1194 via UDP
19:53:51.752 -- EVENT: WAIT
19:53:51.755 -- Connecting to [my_dynamic_dns_hostname]:1194 (my_dynamic_dns_IP) via UDPv4
19:53:51.821 -- EVENT: CONNECTING
19:53:51.824 -- Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
19:53:51.825 -- Creds: UsernameEmpty/PasswordEmpty
19:53:51.825 -- Peer Info:
IV_GUI_VER=OC30Android
IV_VER=3.2
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
IV_BS64DL=1
19:53:52.201 -- VERIFY OK : depth=1
cert. version : 3
serial number : DF:BC:CD:87:B6:2E:69:EB
issuer name : C=GB, ST=London, O=WWW Ltd.
subject name : C=GB, ST=London, O=WWW Ltd.
issued on : 2018-06-17 14:45:37
expires on : 2028-06-14 14:45:37
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=true
19:53:52.203 -- VERIFY OK : depth=0
cert. version : 3
serial number : 10:00
issuer name : C=GB, ST=London, O=WWW Ltd.
subject name : CN=my-server
issued on : 2018-06-17 14:45:54
expires on : 2028-06-14 14:45:54
signed using : RSA with SHA-256
RSA key size : 4096 bits
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
19:53:52.624 -- SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
19:53:52.626 -- Session is ACTIVE
19:53:52.627 -- EVENT: GET_CONFIG
19:53:52.631 -- Sending PUSH_REQUEST to server...
19:53:52.668 -- OPTIONS:
0 [comp-lzo] [yes]
1 [persist-key]
2 [persist-tun]
3 [topology] [subnet]
4 [redirect-gateway] [def1]
5 [route] [192.168.200.0] [255.255.255.0]
6 [dhcp-option] [DNS] [10.0.0.1]
7 [dhcp-option] [DNS] [192.168.1.1]
8 [route-gateway] [192.168.200.1]
9 [topology] [subnet]
10 [ping] [10]
11 [ping-restart] [120]
12 [ifconfig] [192.168.200.2] [255.255.255.0]
13 [peer-id] [0]
14 [cipher] [AES-256-GCM]
19:53:52.669 -- PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA1
compress: LZO
peer ID: 0
19:53:52.669 -- EVENT: ASSIGN_IP
19:53:52.772 -- Connected via tun
19:53:52.773 -- LZO-ASYM init swap=0 asym=0
19:53:52.774 -- EVENT: CONNECTED info='@my_dynamic_dns_hostname:1194 (my_dynamic_dns_IP) via /UDPv4 on tun/192.168.200.2/ gw=[192.168.200.1/]' trans=TO_CONNECTED
19:54:01.550 -- EVENT: DISCONNECTED trans=TO_DISCONNECTED
19:54:01.553 -- EVENT: CORE_THREAD_INACTIVE
19:54:01.553 -- Tunnel bytes per CPU second: 0
19:54:01.553 -- ----- OpenVPN Stop -----
Route on the server side:
10.0.0.x is the internal LAN
192.168.200.x is the openvpn network.
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 74.58.65.1 0.0.0.0 UG 0 0 0 eth1.2
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
74.58.65.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.2
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 ovpns0
There are some errors in your openVPN config files, including repeated lines and inconsistencies such as your client file having comp-lzo no twice, the server saying comp-lzo no but then pushing comp-lzo yes. You are pushing multiple routes and dns options including 192.168.1.1 -- I think the last one will override the previous ones. The log even shows a bunch of odd stuff happening.
I've tried to clean up your files to the bare minimum.
I think you can use this server config verbatim:
config openvpn 'vpnserver'
option proto ‘udp’
option port '1194'
option dev_type 'tun'
option dev 'ovpns0'
option server '192.168.200.0 255.255.255.0'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/my-server.crt'
option key '/etc/openvpn/my-server.key'
option dh '/etc/openvpn/dh2048.pem'
option tls_auth '/etc/openvpn/tls-auth.key 0'
option tun_mtu '1500'
option keepalive '10 120'
option tls_server '1'
option topology 'subnet'
option route_gateway 'dhcp'
option log '/tmp/openvpn.log'
option client_to_client '1'
option persist_key '1'
option persist_tun '1'
list push 'route 10.0.0.0 255.255.255.0'
list push 'dhcp-option DNS 10.0.0.1'
option enabled '1'
The client config will obviously require a few adjustments on your end, but try this as a template:
client
dev tun
remote my_dynamic_dns 1194 udp
remote-cert-tls server
verb 3
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>
<key>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</key>
you had a tag for </tls-auth> in there -- not sure if you had a the TLS auth crypto info there or not, you might need to re-add it. But basically you should be able to use this directly except for crypto stuff (ca, cert, key, maybe tls-auth), and obviously 'my_dynamic_dns' should be replaced with your actual info.
Pro-tip: put the crypto info at the end of the file so that you know you don't have to keep reading beyond it -- that may explain why you had duplicate info there.
I cleaned up my client config as per your recommendation. Yes, for some reason stuff was repeating in there twice.
Well, IT WORKS NOW!!!! I cant thank you enough. i have access to lan network when on the VPN, while internet is going outside the vpn. While i can easily live with that, would routing internet via the vpn be as simple as adding another route?
Again, thank you sooo much for going through my logs and config files i really appreciate it.
Glad to see everything is working in general. I guess I forgot to add the following line to your client file:
redirect-gateway def1
Just add that into he client file (for readability, I'd recommend you add it above the crypto keys/certs) and your internet should go through the tunnel.
As far as other stuff you were enabling like comp-lzo and such, you can now experiment with those things to see if it improves performance or reduces bandwidth and stuff. Knowing that you have a working configuration in general will help both as a reference and as a fall-back (easily identify the directive(s) that broke things).
1 Like
If your problem is solved, please consider marking this topic as [Solved].
im not the original OP of this thread. I dont see any button to mark this as solved anywhere.
Oh - I see. Then nevermind and forget about that marking.
Sidenote: Click on the pencil button at the end of the topic to edit it.
The OP said that it works except for the internet via the OpenVPN tunnel. Hopefully my last comment will fix that... hopefully once @alirz1 has had a chance to implement that and test, they can mark this thread as solved.
oh.... yeah, I guess the OP is @lestat70 (if you're still active, please mark as solved if applicable; if not working properly, let the community know what issues remain and how we can help).
@psherman Yes, your comment about adding the gateway fixed internet rotuing through the VPN also now.
This is now considered as SOLVED for me. Thank you.
1 Like
Glad it is all working now!