Yes and no. If the VPN provider is blocking the pings you won't see replies. You should try to ping something that for certain replies back, like 1.1.1.1 or 8.8.8.8
This line looks weird to me:
It wasn't there in the original post and I doubt that you should route this private IP via your ISP.
Do a reboot on the router just to make sure there are no stale entries.
OpenVPN log clearly states that your client MTU-related options don't match the server side.
Show your client configuration except private keys and certificates.
i did a reboot, this is what routing table and openvpn config look like:
root@LEDE:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.249.200.133 128.0.0.0 UG 0 0 0 tun0
default 192.168.0.254 0.0.0.0 UG 0 0 0 eth1
10.249.200.1 10.249.200.133 255.255.255.255 UGH 0 0 0 tun0
10.249.200.133 * 255.255.255.255 UH 0 0 0 tun0
83.97.23.119 192.168.0.254 255.255.255.255 UGH 0 0 0 eth1
128.0.0.0 10.249.200.133 128.0.0.0 UG 0 0 0 tun0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 10 0 0 br-lan
root@LEDE:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
^C
--- 1.1.1.1 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
root@LEDE:~# cat /etc/open
openvpn/ openwrt_release openwrt_version
root@LEDE:~# cat /etc/config/openvpn
openvpn openvpn-opkg openvpn_recipes
root@LEDE:~# cat /etc/config/openvpn
config openvpn 'custom_config'
option config '/etc/openvpn/my-vpn.conf'
config openvpn 'sample_server'
option port '1194'
option proto 'udp'
option dev 'tun'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/server.crt'
option key '/etc/openvpn/server.key'
option dh '/etc/openvpn/dh1024.pem'
option server '10.8.0.0 255.255.255.0'
option ifconfig_pool_persist '/tmp/ipp.txt'
option keepalive '10 120'
option compress 'lzo'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option status '/tmp/openvpn-status.log'
option verb '3'
config openvpn 'sample_client'
option client '1'
option dev 'tun'
option proto 'udp'
list remote 'my_server_1 1194'
option resolv_retry 'infinite'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/client.crt'
option key '/etc/openvpn/client.key'
option compress 'lzo'
option verb '3'
config openvpn 'cyberghost_de'
option dh 'dh1024.pem'
option float '1'
option client '1'
option comp_lzo 'yes'
option reneg_sec '0'
option persist_key '1'
option remote_cert_tls 'server'
option key '/etc/openvpn/cbid.openvpn.cyberghost_de.key'
list remote '1-de.cg-dialup.net'
option ca '/etc/openvpn/cbid.openvpn.cyberghost_de.ca'
option cert '/etc/openvpn/cbid.openvpn.cyberghost_de.cert'
option port '443'
option proto 'udp'
option dev 'tun'
option cipher 'AES-256-CBC'
option auth_user_pass '/etc/openvpn/userpass.txt'
option auth 'SHA256'
option verb '1'
option redirect_gateway 'def1'
option pull '1'
option auth_nocache '1'
option tun_mtu '1500'
option mtu_test '1'
option enabled '1'
what do you think ?
uci delete openvpn.cyberghost_de.tun_mtu
uci delete openvpn.cyberghost_de.mtu_test
uci set openvpn.cyberghost_de.mtu_dynamic="1"
uci set openvpn.cyberghost_de.dev="tun0"
uci commit openvpn
service log restart; service openvpn restart
sleep 10; logread -e openvpn
root@LEDE:~# uci delete openvpn.cyberghost_de.tun_mtu
root@LEDE:~# uci delete openvpn.cyberghost_de.mtu_test
root@LEDE:~# uci set openvpn.cyberghost_de.mtu_dynamic="1"
root@LEDE:~# uci commit openvpn
root@LEDE:~# service log restart; service openvpn restart
root@LEDE:~# sleep 10; logread -e openvpn
Tue Apr 9 16:56:23 2019 daemon.err openvpn(cyberghost_de)[1822]: event_wait : Interrupted system call (code=4)
Tue Apr 9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[1822]: /sbin/ifconfig tun0 0.0.0.0
Tue Apr 9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[1822]: SIGTERM[hard,] received, process exiting
Tue Apr 9 16:56:23 2019 daemon.warn openvpn(cyberghost_de)[3356]: WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
Tue Apr 9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[3356]: OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Tue Apr 9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[3356]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Tue Apr 9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[3356]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.230.127.123:443
Tue Apr 9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[3356]: UDP link local (bound): [AF_INET][undef]:443
Tue Apr 9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[3356]: UDP link remote: [AF_INET]185.230.127.123:443
Tue Apr 9 16:56:23 2019 daemon.warn openvpn(cyberghost_de)[3356]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1574'
Tue Apr 9 16:56:23 2019 daemon.warn openvpn(cyberghost_de)[3356]: WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
Tue Apr 9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[3356]: [CyberGhost VPN Server Node berlin-s13] Peer Connection Initiated with [AF_INET]185.230.127.123:443
Tue Apr 9 16:56:25 2019 daemon.notice openvpn(cyberghost_de)[3356]: TUN/TAP device tun0 opened
Tue Apr 9 16:56:25 2019 daemon.notice openvpn(cyberghost_de)[3356]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Apr 9 16:56:25 2019 daemon.notice openvpn(cyberghost_de)[3356]: /sbin/ifconfig tun0 10.249.201.70 pointopoint 10.249.201.69 mtu 1500
Tue Apr 9 16:56:25 2019 daemon.notice openvpn(cyberghost_de)[3356]: Initialization Sequence Completed
root@LEDE:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
^C
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
not sure why the mtu_dynamic setting isn't taken into account. I also tried
root@LEDE:~# iptables -F
root@LEDE:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
^C
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
not sure if that's of any use to ensure its not iptables blocking
uci delete openvpn.cyberghost_de.dh
uci set openvpn.cyberghost_de.link_mtu="1574"
uci delete openvpn.cyberghost_de.mtu_dynamic
uci commit openvpn
service log restart; service openvpn restart
sleep 10; logread -e openvpn
The last one is strange.
There's no mtu-dynamic in the manual:
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Could it be that the server is incompatible with the client?
i used a standard open vpn install and the vpn provider supports open vpn.
could vlans cause an issue here maybe ?
Did you manage to get rid of these warnings?
But mtu-dynamic is not documented.
Server shouldn't push undocumented options.
Google says that mtu-dynamic is deprecated:
https://sourceforge.net/p/openvpn/mailman/message/20226416/
It makes me suspect they use some old server version which is not fully compatible with OpenVPN 2.4.* branch client.
couldn't get rid of all warnings, apperently you can either define link-mtu or tun-mtu but not both so there's always one of those two that's inconsistent with server push. That's the best I got:
Wed Apr 10 13:24:02 2019 daemon.err openvpn(cyberghost_de)[9588]: event_wait : Interrupted system call (code=4)
Wed Apr 10 13:24:02 2019 daemon.notice openvpn(cyberghost_de)[9588]: /sbin/ifconfig tun0 0.0.0.0
Wed Apr 10 13:24:02 2019 daemon.notice openvpn(cyberghost_de)[9588]: SIGTERM[hard,] received, process exiting
Wed Apr 10 13:24:02 2019 daemon.notice openvpn(cyberghost_de)[9779]: OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Apr 10 13:24:02 2019 daemon.notice openvpn(cyberghost_de)[9779]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Wed Apr 10 13:24:02 2019 daemon.notice openvpn(cyberghost_de)[9779]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.232.23.23:443
Wed Apr 10 13:24:02 2019 daemon.notice openvpn(cyberghost_de)[9779]: UDP link local (bound): [AF_INET][undef]:443
Wed Apr 10 13:24:02 2019 daemon.notice openvpn(cyberghost_de)[9779]: UDP link remote: [AF_INET]185.232.23.23:443
Wed Apr 10 13:24:03 2019 daemon.warn openvpn(cyberghost_de)[9779]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1574'
Wed Apr 10 13:24:03 2019 daemon.warn openvpn(cyberghost_de)[9779]: WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
Wed Apr 10 13:24:03 2019 daemon.notice openvpn(cyberghost_de)[9779]: [CyberGhost VPN Server Node frankfurt-s35] Peer Connection Initiated with [AF_INET]185.232.23.23:443
Wed Apr 10 13:24:04 2019 daemon.notice openvpn(cyberghost_de)[9779]: TUN/TAP device tun0 opened
Wed Apr 10 13:24:04 2019 daemon.notice openvpn(cyberghost_de)[9779]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Apr 10 13:24:04 2019 daemon.notice openvpn(cyberghost_de)[9779]: /sbin/ifconfig tun0 10.248.200.186 pointopoint 10.248.200.185 mtu 1500
Wed Apr 10 13:24:04 2019 daemon.notice openvpn(cyberghost_de)[9779]: Initialization Sequence Completed
root@LEDE:~#
root@LEDE:~#
root@LEDE:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
^C
--- 1.1.1.1 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
no more dh warning, but link-mtu and mtu-dynamic. If I try to set mtu-dynamic it seems to be ignored.
Didn't find any constraints on OpenVPN versions documented by the VPN provider.
link_mtu=1300.with a new conf i managed to get rid of all warnings:
root@LEDE:~# service log restart; service openvpn restart
root@LEDE:~# sleep 10; logread -e openvpn
Wed Apr 10 21:13:50 2019 daemon.err openvpn(cyberghost2_de)[12110]: event_wait : Interrupted system call (code=4)
Wed Apr 10 21:13:50 2019 daemon.notice openvpn(cyberghost2_de)[12110]: SIGTERM received, sending exit notification to peer
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12110]: TCP/UDP: Closing socket
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12110]: SIGTERM[soft,exit-with-notification] received, process exiting
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: LZO compression initializing
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: Control Channel MTU parms [ L:1626 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: Data Channel MTU parms [ L:1626 D:1200 EF:126 EB:407 ET:0 EL:3 ]
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: Fragmentation MTU parms [ L:1626 D:1300 EF:125 EB:407 ET:1 EL:3 ]
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1574,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1574,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.216.33.173:443
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: UDP link local: (not bound)
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: UDP link remote: [AF_INET]185.216.33.173:443
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: TLS: Initial packet from [AF_INET]185.216.33.173:443, sid=2aff17ff 75295eba
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: VERIFY OK: depth=1, C=RO, L=Bucharest, O=CyberGhost S.A., CN=CyberGhost Root CA, emailAddress=info@cyberghost.ro
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: VERIFY KU OK
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: Validating certificate extended key usage
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: VERIFY EKU OK
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: VERIFY OK: depth=0, C=RO, L=Bucharest, O=CyberGhost S.A., CN=CyberGhost VPN Server Node frankfurt-s40, emailAddress=info@cyberghost.ro
but tracert shows clearly the vpn isn't used:
root@LEDE:~# traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 38 byte packets
1 192.168.0.254 (192.168.0.254) 0.848 ms 0.611 ms 0.585 ms
2 ama63-1-88-188-201-254.fbx.proxad.net (88.188.201.254) 21.375 ms 20.137 ms 21.361 ms
3 213.228.36.190 (213.228.36.190) 22.743 ms 21.150 ms 21.370 ms
4 194.149.165.77 (194.149.165.77) 27.015 ms 26.278 ms 27.791 ms
5 194.149.166.50 (194.149.166.50) 27.148 ms 25.822 ms 26.042 ms
6 * * *
7 * * *
8 212.73.205.22 (212.73.205.22) 28.598 ms 37.555 ms 26.994 ms
9 one.one.one.one (1.1.1.1) 27.020 ms 26.165 ms 27.336 ms
root@LEDE:~#
turns out, openvpn does not even create a tun interface now! ???
The connection is not fully established until you see:
Initialization Sequence Completed
thats it! i finally got it to work, in the previous config simply username + pass where missing (duh!). would have expected a warning, but the only hint is indeed the missing 'Initialization Sequence Completed' .
Now, moving forward, how would i set only individual clients in my network to route via vpn instead of making it the default route each time openvpn gets started ?
Mind sharing your new openvpn config, I'd like to know what where the exact change(s) you made to resolve all the warnings?
argh, i didn't use vpn for some days and did not do any intentional changes to my setup regarding VPN. But its broken again. Packages do not get routed through VPN as intended:
root@LEDE:~# service log restart; service openvpn restart
root@LEDE:~# sleep 10; logread -e openvpn
Fri Apr 12 20:14:15 2019 daemon.err openvpn(cyberghost3_de)[6268]: event_wait : Interrupted system call (code=4)
Fri Apr 12 20:14:15 2019 daemon.notice openvpn(cyberghost3_de)[6268]: SIGTERM received, sending exit notification to peer
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: TCP/UDP: Closing socket
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: /sbin/route del -net 10.253.200.1 netmask 255.255.255.255
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: /sbin/route del -net 185.230.127.67 netmask 255.255.255.255
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: Closing TUN/TAP interface
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: /sbin/ifconfig tun0 0.0.0.0
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: SIGTERM[soft,exit-with-notification] received, process exiting
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: LZO compression initializing
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Control Channel MTU parms [ L:1626 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Data Channel MTU parms [ L:1626 D:1200 EF:126 EB:407 ET:0 EL:3 ]
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Fragmentation MTU parms [ L:1626 D:1300 EF:125 EB:407 ET:1 EL:3 ]
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1574,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1574,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.230.127.67:443
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: UDP link local: (not bound)
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: UDP link remote: [AF_INET]185.230.127.67:443
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: TLS: Initial packet from [AF_INET]185.230.127.67:443, sid=89c190ff f0be5db8
Fri Apr 12 20:14:18 2019 daemon.warn openvpn(cyberghost3_de)[7171]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: VERIFY OK: depth=1, C=RO, L=Bucharest, O=CyberGhost S.A., CN=CyberGhost Root CA, emailAddress=info@cyberghost.ro
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: VERIFY KU OK
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Validating certificate extended key usage
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: VERIFY EKU OK
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: VERIFY OK: depth=0, C=RO, L=Bucharest, O=CyberGhost S.A., CN=CyberGhost VPN Server Node berlin-s04, emailAddress=info@cyberghost.ro
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: [CyberGhost VPN Server Node berlin-s04] Peer Connection Initiated with [AF_INET]185.230.127.67:443
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: SENT CONTROL [CyberGhost VPN Server Node berlin-s04]: 'PUSH_REQUEST' (status=1)
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: PUSH: Received control message: 'PUSH_REPLY,sndbuf 393216,rcvbuf 393216,comp-lzo no,redirect-gateway def1,dhcp-option DNS 185.93.180.131,dhcp-option DNS 194.187.251.67,dhcp-option DNS 38.132.106.139,route 10.253.200.1,topology net30,ifconfig 10.253.202.126 10.253.202.125,peer-id 15,cipher AES-256-GCM'
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: compression parms modified
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Socket Buffers: R=[163840->327680] S=[163840->327680]
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: --ifconfig/up options modified
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: route options modified
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: peer-id set
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: adjusting link_mtu to 1629
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: data channel crypto options modified
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Data Channel: using negotiated cipher 'AES-256-GCM'
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Data Channel MTU parms [ L:1557 D:1200 EF:57 EB:407 ET:0 EL:3 ]
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: TUN/TAP device tun0 opened
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: TUN/TAP TX queue length set to 100
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: /sbin/ifconfig tun0 10.253.202.126 pointopoint 10.253.202.125 mtu 1500
Fri Apr 12 20:14:25 2019 daemon.notice openvpn(cyberghost3_de)[7171]: /sbin/route add -net 185.230.127.67 netmask 255.255.255.255 gw 192.168.0.254
Fri Apr 12 20:14:25 2019 daemon.notice openvpn(cyberghost3_de)[7171]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.253.202.125
Fri Apr 12 20:14:25 2019 daemon.notice openvpn(cyberghost3_de)[7171]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.253.202.125
Fri Apr 12 20:14:25 2019 daemon.notice openvpn(cyberghost3_de)[7171]: /sbin/route add -net 10.253.200.1 netmask 255.255.255.255 gw 10.253.202.125
Fri Apr 12 20:14:25 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Initialization Sequence Completed
root@LEDE:~# traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 38 byte packets
1 192.168.0.254 (192.168.0.254) 0.522 ms 0.419 ms 0.412 ms
2 ama63-1-88-188-201-254.fbx.proxad.net (88.188.201.254) 20.411 ms 20.835 ms 19.664 ms
3 213.228.36.190 (213.228.36.190) 21.315 ms 21.882 ms 21.133 ms
4 194.149.165.77 (194.149.165.77) 26.762 ms^C
root@LEDE:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.253.202.125 128.0.0.0 UG 0 0 0 tun0
default 192.168.0.254 0.0.0.0 UG 0 0 0 eth1
10.253.200.1 10.253.202.125 255.255.255.255 UGH 0 0 0 tun0
10.253.202.125 * 255.255.255.255 UH 0 0 0 tun0
128.0.0.0 10.253.202.125 128.0.0.0 UG 0 0 0 tun0
185.230.127.67 192.168.0.254 255.255.255.255 UGH 0 0 0 eth1
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 10 0 0 br-lan
any idea what might be wrong ?
here you go
config openvpn 'cyberghost3_de'
option client '1'
list remote 'xxx'
option port '443'
option dev 'tun'
option proto 'udp'
option resolv_retry 'infinite'
option redirect_gateway 'def1'
option persist_key '1'
option persist_tun '1'
option nobind '1'
option cipher 'AES-256-CBC'
option auth 'SHA256'
option ping '5'
option ping_exit '60'
option ping_timer_rem '1'
option explicit_exit_notify '2'
option script_security '2'
option remote_cert_tls 'server'
option route_delay '5'
option tun_mtu '1500'
option fragment '1300'
option mssfix '1200'
option verb '4'
option comp_lzo 'yes'
option key 'xxx'
option ca 'xxx'
option cert 'xxx'
option auth_user_pass 'xxx'
option enabled '1'
turns out installing mwan broke the vpn setup. anyone knows how to use mwan and openvpn in parallel with proper routing ??
I don't use mwan3, so I'm not sure about it, but here's a similar topic:
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.