OpenVPN stops internet when i enable it

degencia · July 3, 2023, 1:59pm

I have tried every guide which did i found in internet and nothing help me. I have created my own vpn via openvpn. These profiles work great when i'm starting them on windows/mac/iphone through app. But when i start it on router via openwrt it saying that it starteed but i have no internet when do it. I have created the interface, uploaded the profile and i was trying to fix it with firewall, but nothing helps

trendy · July 3, 2023, 2:15pm

With VPN enabled, please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export dhcp; uci export firewall; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*

iplaywithtoys · July 3, 2023, 2:55pm

Do you control the OpenVPN server as well? If so, does the OpenVPN server push any routes to the clients?

degencia · July 3, 2023, 3:21pm

yes i control it. how to check if it does route clients?

iplaywithtoys · July 3, 2023, 3:24pm

Check the server's .ovpn configuration file. Is there a push route directive in there?

See https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/ and https://openvpn.net/community-resources/how-to/

degencia · July 3, 2023, 3:33pm

in .ovpn file there is no something with "push"

trendy · July 3, 2023, 3:37pm

OpenWrt is fine. Check on the server side that you allow forwarding and that you masquerade the packets going out of the upstream interface.

degencia · July 3, 2023, 3:38pm

but when i use absolutely same .ovpn profile on mac/ios/windows everything works fine. What should i do?

ValdikSS · July 3, 2023, 3:39pm

Yes, @degencia, most probably you just started the connection using the configuration file, it created the (unconfigured) interface and installed the routes, but OpenWrt doesn't know which zone it is assigned to.

You need to:

Create OpenVPN interface with proto=none (the interface name is tun0 by default)
Assign zone WAN for this interface

I'm pretty sure all of these are described in details on the wiki. Go check it out.

degencia · July 3, 2023, 3:41pm

I have setted up the wan zone in interface.
tun0 is settled too

trendy · July 3, 2023, 3:44pm

Let's have a look at the logs first. From both server and client.

degencia · July 3, 2023, 3:44pm

Where i can find them?

trendy · July 3, 2023, 3:45pm

degencia · July 3, 2023, 3:46pm

i should start this on vpn server?
"logread -e openvpn; netstat -l -n -p | grep -e openvpn"

trendy · July 3, 2023, 3:47pm

There is a line above this one.
And this concerns OpenWrt. If the server is running a different OS, you'd need to find the logfile.

pavelgl · July 3, 2023, 4:20pm

degencia:

3: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.150/24 brd 192.168.1.255 scope global wan
       valid_lft forever preferred_lft forever
9: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever

Your lan and wan address spaces overlap.
You need to change the IP address of the lan interface.

degencia · July 3, 2023, 4:21pm

How to do this?

pavelgl · July 3, 2023, 4:23pm

uci set network.lan.ipaddr='192.168.2.1'
uci commit network
/etc/init.d/network restart
/etc/init.d/dnsmasq restart
/etc/init.d/openvpn restart

degencia · July 3, 2023, 4:29pm

OH MY GOD IT HELPED!!!
Now everything is working great!
Thank you very much <3

system · July 13, 2023, 4:30pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.