Routing table and VPN

root@LEDE:~# uci delete openvpn.cyberghost_de.tun_mtu
root@LEDE:~# uci delete openvpn.cyberghost_de.mtu_test
root@LEDE:~# uci set openvpn.cyberghost_de.mtu_dynamic="1"
root@LEDE:~# uci commit openvpn
root@LEDE:~# service log restart; service openvpn restart
root@LEDE:~# sleep 10; logread -e openvpn
Tue Apr  9 16:56:23 2019 daemon.err openvpn(cyberghost_de)[1822]: event_wait : Interrupted system call (code=4)
Tue Apr  9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[1822]: /sbin/ifconfig tun0 0.0.0.0
Tue Apr  9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[1822]: SIGTERM[hard,] received, process exiting
Tue Apr  9 16:56:23 2019 daemon.warn openvpn(cyberghost_de)[3356]: WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
Tue Apr  9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[3356]: OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Tue Apr  9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[3356]: library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.10
Tue Apr  9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[3356]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.230.127.123:443
Tue Apr  9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[3356]: UDP link local (bound): [AF_INET][undef]:443
Tue Apr  9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[3356]: UDP link remote: [AF_INET]185.230.127.123:443
Tue Apr  9 16:56:23 2019 daemon.warn openvpn(cyberghost_de)[3356]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1574'
Tue Apr  9 16:56:23 2019 daemon.warn openvpn(cyberghost_de)[3356]: WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
Tue Apr  9 16:56:23 2019 daemon.notice openvpn(cyberghost_de)[3356]: [CyberGhost VPN Server Node berlin-s13] Peer Connection Initiated with [AF_INET]185.230.127.123:443
Tue Apr  9 16:56:25 2019 daemon.notice openvpn(cyberghost_de)[3356]: TUN/TAP device tun0 opened
Tue Apr  9 16:56:25 2019 daemon.notice openvpn(cyberghost_de)[3356]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Apr  9 16:56:25 2019 daemon.notice openvpn(cyberghost_de)[3356]: /sbin/ifconfig tun0 10.249.201.70 pointopoint 10.249.201.69 mtu 1500
Tue Apr  9 16:56:25 2019 daemon.notice openvpn(cyberghost_de)[3356]: Initialization Sequence Completed
root@LEDE:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
^C
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

not sure why the mtu_dynamic setting isn't taken into account. I also tried

root@LEDE:~# iptables -F
root@LEDE:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
^C
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

not sure if that's of any use to ensure its not iptables blocking

uci delete openvpn.cyberghost_de.dh
uci set openvpn.cyberghost_de.link_mtu="1574"
uci delete openvpn.cyberghost_de.mtu_dynamic
uci commit openvpn
service log restart; service openvpn restart
sleep 10; logread -e openvpn

The last one is strange.
There's no mtu-dynamic in the manual:
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Could it be that the server is incompatible with the client?

1 Like

i used a standard open vpn install and the vpn provider supports open vpn.

could vlans cause an issue here maybe ?

Did you manage to get rid of these warnings?

But mtu-dynamic is not documented.
Server shouldn't push undocumented options.

Google says that mtu-dynamic is deprecated:
https://sourceforge.net/p/openvpn/mailman/message/20226416/
It makes me suspect they use some old server version which is not fully compatible with OpenVPN 2.4.* branch client.

couldn't get rid of all warnings, apperently you can either define link-mtu or tun-mtu but not both so there's always one of those two that's inconsistent with server push. That's the best I got:

Wed Apr 10 13:24:02 2019 daemon.err openvpn(cyberghost_de)[9588]: event_wait : Interrupted system call (code=4)
Wed Apr 10 13:24:02 2019 daemon.notice openvpn(cyberghost_de)[9588]: /sbin/ifconfig tun0 0.0.0.0
Wed Apr 10 13:24:02 2019 daemon.notice openvpn(cyberghost_de)[9588]: SIGTERM[hard,] received, process exiting
Wed Apr 10 13:24:02 2019 daemon.notice openvpn(cyberghost_de)[9779]: OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Apr 10 13:24:02 2019 daemon.notice openvpn(cyberghost_de)[9779]: library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.10
Wed Apr 10 13:24:02 2019 daemon.notice openvpn(cyberghost_de)[9779]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.232.23.23:443
Wed Apr 10 13:24:02 2019 daemon.notice openvpn(cyberghost_de)[9779]: UDP link local (bound): [AF_INET][undef]:443
Wed Apr 10 13:24:02 2019 daemon.notice openvpn(cyberghost_de)[9779]: UDP link remote: [AF_INET]185.232.23.23:443
Wed Apr 10 13:24:03 2019 daemon.warn openvpn(cyberghost_de)[9779]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1574'
Wed Apr 10 13:24:03 2019 daemon.warn openvpn(cyberghost_de)[9779]: WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
Wed Apr 10 13:24:03 2019 daemon.notice openvpn(cyberghost_de)[9779]: [CyberGhost VPN Server Node frankfurt-s35] Peer Connection Initiated with [AF_INET]185.232.23.23:443
Wed Apr 10 13:24:04 2019 daemon.notice openvpn(cyberghost_de)[9779]: TUN/TAP device tun0 opened
Wed Apr 10 13:24:04 2019 daemon.notice openvpn(cyberghost_de)[9779]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Apr 10 13:24:04 2019 daemon.notice openvpn(cyberghost_de)[9779]: /sbin/ifconfig tun0 10.248.200.186 pointopoint 10.248.200.185 mtu 1500
Wed Apr 10 13:24:04 2019 daemon.notice openvpn(cyberghost_de)[9779]: Initialization Sequence Completed
root@LEDE:~# 
root@LEDE:~# 
root@LEDE:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
^C
--- 1.1.1.1 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

no more dh warning, but link-mtu and mtu-dynamic. If I try to set mtu-dynamic it seems to be ignored.

Didn't find any constraints on OpenVPN versions documented by the VPN provider.

  • Try to test with link_mtu=1300.
  • Try to increase OpenVPN log verbosity.
1 Like

with a new conf i managed to get rid of all warnings:

root@LEDE:~# service log restart; service openvpn restart
root@LEDE:~# sleep 10; logread -e openvpn
Wed Apr 10 21:13:50 2019 daemon.err openvpn(cyberghost2_de)[12110]: event_wait : Interrupted system call (code=4)
Wed Apr 10 21:13:50 2019 daemon.notice openvpn(cyberghost2_de)[12110]: SIGTERM received, sending exit notification to peer
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12110]: TCP/UDP: Closing socket
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12110]: SIGTERM[soft,exit-with-notification] received, process exiting
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.10
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: LZO compression initializing
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: Control Channel MTU parms [ L:1626 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: Data Channel MTU parms [ L:1626 D:1200 EF:126 EB:407 ET:0 EL:3 ]
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: Fragmentation MTU parms [ L:1626 D:1300 EF:125 EB:407 ET:1 EL:3 ]
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1574,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1574,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.216.33.173:443
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: UDP link local: (not bound)
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: UDP link remote: [AF_INET]185.216.33.173:443
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: TLS: Initial packet from [AF_INET]185.216.33.173:443, sid=2aff17ff 75295eba
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: VERIFY OK: depth=1, C=RO, L=Bucharest, O=CyberGhost S.A., CN=CyberGhost Root CA, emailAddress=info@cyberghost.ro
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: VERIFY KU OK
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: Validating certificate extended key usage
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: VERIFY EKU OK
Wed Apr 10 21:13:52 2019 daemon.notice openvpn(cyberghost2_de)[12208]: VERIFY OK: depth=0, C=RO, L=Bucharest, O=CyberGhost S.A., CN=CyberGhost VPN Server Node frankfurt-s40, emailAddress=info@cyberghost.ro

but tracert shows clearly the vpn isn't used:

root@LEDE:~# traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 38 byte packets
 1  192.168.0.254 (192.168.0.254)  0.848 ms  0.611 ms  0.585 ms
 2  ama63-1-88-188-201-254.fbx.proxad.net (88.188.201.254)  21.375 ms  20.137 ms  21.361 ms
 3  213.228.36.190 (213.228.36.190)  22.743 ms  21.150 ms  21.370 ms
 4  194.149.165.77 (194.149.165.77)  27.015 ms  26.278 ms  27.791 ms
 5  194.149.166.50 (194.149.166.50)  27.148 ms  25.822 ms  26.042 ms
 6  *  *  *
 7  *  *  *
 8  212.73.205.22 (212.73.205.22)  28.598 ms  37.555 ms  26.994 ms
 9  one.one.one.one (1.1.1.1)  27.020 ms  26.165 ms  27.336 ms
root@LEDE:~# 

turns out, openvpn does not even create a tun interface now! ???

The connection is not fully established until you see:

Initialization Sequence Completed

2 Likes

thats it! i finally got it to work, in the previous config simply username + pass where missing (duh!). would have expected a warning, but the only hint is indeed the missing 'Initialization Sequence Completed' .

Now, moving forward, how would i set only individual clients in my network to route via vpn instead of making it the default route each time openvpn gets started ?

2 Likes

VPN Policy-Based Routing + Web UI -- Discussion

1 Like

Mind sharing your new openvpn config, I'd like to know what where the exact change(s) you made to resolve all the warnings?

argh, i didn't use vpn for some days and did not do any intentional changes to my setup regarding VPN. But its broken again. Packages do not get routed through VPN as intended:

root@LEDE:~# service log restart; service openvpn restart
root@LEDE:~# sleep 10; logread -e openvpn
Fri Apr 12 20:14:15 2019 daemon.err openvpn(cyberghost3_de)[6268]: event_wait : Interrupted system call (code=4)
Fri Apr 12 20:14:15 2019 daemon.notice openvpn(cyberghost3_de)[6268]: SIGTERM received, sending exit notification to peer
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: TCP/UDP: Closing socket
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: /sbin/route del -net 10.253.200.1 netmask 255.255.255.255
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: /sbin/route del -net 185.230.127.67 netmask 255.255.255.255
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: Closing TUN/TAP interface
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: /sbin/ifconfig tun0 0.0.0.0
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[6268]: SIGTERM[soft,exit-with-notification] received, process exiting
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.10
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: LZO compression initializing
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Control Channel MTU parms [ L:1626 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Data Channel MTU parms [ L:1626 D:1200 EF:126 EB:407 ET:0 EL:3 ]
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Fragmentation MTU parms [ L:1626 D:1300 EF:125 EB:407 ET:1 EL:3 ]
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1574,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1574,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.230.127.67:443
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: UDP link local: (not bound)
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: UDP link remote: [AF_INET]185.230.127.67:443
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: TLS: Initial packet from [AF_INET]185.230.127.67:443, sid=89c190ff f0be5db8
Fri Apr 12 20:14:18 2019 daemon.warn openvpn(cyberghost3_de)[7171]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: VERIFY OK: depth=1, C=RO, L=Bucharest, O=CyberGhost S.A., CN=CyberGhost Root CA, emailAddress=info@cyberghost.ro
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: VERIFY KU OK
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Validating certificate extended key usage
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: VERIFY EKU OK
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: VERIFY OK: depth=0, C=RO, L=Bucharest, O=CyberGhost S.A., CN=CyberGhost VPN Server Node berlin-s04, emailAddress=info@cyberghost.ro
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Fri Apr 12 20:14:18 2019 daemon.notice openvpn(cyberghost3_de)[7171]: [CyberGhost VPN Server Node berlin-s04] Peer Connection Initiated with [AF_INET]185.230.127.67:443
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: SENT CONTROL [CyberGhost VPN Server Node berlin-s04]: 'PUSH_REQUEST' (status=1)
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: PUSH: Received control message: 'PUSH_REPLY,sndbuf 393216,rcvbuf 393216,comp-lzo no,redirect-gateway def1,dhcp-option DNS 185.93.180.131,dhcp-option DNS 194.187.251.67,dhcp-option DNS 38.132.106.139,route 10.253.200.1,topology net30,ifconfig 10.253.202.126 10.253.202.125,peer-id 15,cipher AES-256-GCM'
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: compression parms modified
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Socket Buffers: R=[163840->327680] S=[163840->327680]
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: --ifconfig/up options modified
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: route options modified
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: peer-id set
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: adjusting link_mtu to 1629
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: OPTIONS IMPORT: data channel crypto options modified
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Data Channel: using negotiated cipher 'AES-256-GCM'
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Data Channel MTU parms [ L:1557 D:1200 EF:57 EB:407 ET:0 EL:3 ]
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: TUN/TAP device tun0 opened
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: TUN/TAP TX queue length set to 100
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Apr 12 20:14:19 2019 daemon.notice openvpn(cyberghost3_de)[7171]: /sbin/ifconfig tun0 10.253.202.126 pointopoint 10.253.202.125 mtu 1500
Fri Apr 12 20:14:25 2019 daemon.notice openvpn(cyberghost3_de)[7171]: /sbin/route add -net 185.230.127.67 netmask 255.255.255.255 gw 192.168.0.254
Fri Apr 12 20:14:25 2019 daemon.notice openvpn(cyberghost3_de)[7171]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.253.202.125
Fri Apr 12 20:14:25 2019 daemon.notice openvpn(cyberghost3_de)[7171]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.253.202.125
Fri Apr 12 20:14:25 2019 daemon.notice openvpn(cyberghost3_de)[7171]: /sbin/route add -net 10.253.200.1 netmask 255.255.255.255 gw 10.253.202.125
Fri Apr 12 20:14:25 2019 daemon.notice openvpn(cyberghost3_de)[7171]: Initialization Sequence Completed
root@LEDE:~# traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 38 byte packets
 1  192.168.0.254 (192.168.0.254)  0.522 ms  0.419 ms  0.412 ms
 2  ama63-1-88-188-201-254.fbx.proxad.net (88.188.201.254)  20.411 ms  20.835 ms  19.664 ms
 3  213.228.36.190 (213.228.36.190)  21.315 ms  21.882 ms  21.133 ms
 4  194.149.165.77 (194.149.165.77)  26.762 ms^C
root@LEDE:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.253.202.125  128.0.0.0       UG    0      0        0 tun0
default         192.168.0.254   0.0.0.0         UG    0      0        0 eth1
10.253.200.1    10.253.202.125  255.255.255.255 UGH   0      0        0 tun0
10.253.202.125  *               255.255.255.255 UH    0      0        0 tun0
128.0.0.0       10.253.202.125  128.0.0.0       UG    0      0        0 tun0
185.230.127.67  192.168.0.254   255.255.255.255 UGH   0      0        0 eth1
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
192.168.1.0     *               255.255.255.0   U     10     0        0 br-lan

any idea what might be wrong ?

here you go

config openvpn 'cyberghost3_de'              
        option client '1'                    
        list remote 'xxx'   
        option port '443'                    
        option dev 'tun'                     
        option proto 'udp'                   
        option resolv_retry 'infinite'      
        option redirect_gateway 'def1'    
        option persist_key '1'            
        option persist_tun '1'            
        option nobind '1'                 
        option cipher 'AES-256-CBC'       
        option auth 'SHA256'              
        option ping '5'               
        option ping_exit '60'         
        option ping_timer_rem '1'     
        option explicit_exit_notify '2'
        option script_security '2'     
        option remote_cert_tls 'server'
        option route_delay '5'         
        option tun_mtu '1500'          
        option fragment '1300'         
        option mssfix '1200'           
        option verb '4'                
        option comp_lzo 'yes'          
        option key 'xxx'
        option ca 'xxx'  
        option cert 'xxx'
        option auth_user_pass 'xxx'              
        option enabled '1'        
1 Like

turns out installing mwan broke the vpn setup. anyone knows how to use mwan and openvpn in parallel with proper routing ??

I don't use mwan3, so I'm not sure about it, but here's a similar topic:

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.