"Solved" 2 Wifi 1 works only on laptop (not on smartphone) 1 wifi should works on a vpn but it do not

Hello,
i use openwrt version 18.6.2 with 2 wifi one normal and one vpn

topic https://forum.openwrt.org/t/solved-vpn-wifi-and-speed-questions/

1°) All works perfectly but since a couple of days (i change notings one my config) the wifi VPN doesn't works on internet ( DNS_PROBE_FINISHED_NO_INTERNET).

2°) Wy wifi (with no vpn) works fine on my laptop win10 but not works on my android smatphone. is it possible it was a dns pb for both wifi ?

My config .

root@OpenWrt:~# cat /etc/config/network; cat /etc/config/firewall; cat /etc/config/wireless ; cat /etc/config/dhcp ; ip -4 addr ; ip -4 ro ; ip -4 ru

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdb9:99da:a865::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device 'lan_dev'
        option name 'eth0.1'
        option macaddr '50:64:2b:b2:71:cc'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'
        option peerdns '0'
        list dns '208.67.222.222'
        list dns '208.67.220.220'
        list dns '8.8.8.8'
        list dns '8.8.4.4'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 3 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '1 6t'

config interface 'zoogvpn_vpn'
        option proto 'none'
        option ifname 'tun0'
        option metric '10'

config interface 'vpnuser'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option type 'bridge'

config rule
    option in     'vpnuser'
        option lookup '100'

config route 'vpn'
        option 'interface' 'zoogvpn_vpn'
    option 'target' '0.0.0.0'
    option 'netmask' '0.0.0.0'
    option 'table' '100'


config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config zone
        option name 'vpn'
        option input 'REJECT'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option forward 'ACCEPT'
        option network 'zoogvpn_vpn'

config forwarding
        option dest 'wan'
        option src 'lan'

config zone
        option input 'ACCEPT'
        option output 'ACCEPT'
        option name 'vpnuser'
        option forward 'ACCEPT'
        option network 'vpnuser'

config forwarding
        option dest 'vpn'
        option src 'vpnuser'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '80'
        option dest_ip '192.168.1.254'
        option dest_port '80'
        option name 'Jeedom'


config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
        option htmode 'HT20'
        option country '00'
        option legacy_rates '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'Wifi'
        option encryption 'psk2'
        option key '0102030405'

config wifi-device 'radio1'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path 'pci0000:00/0000:00:01.0/0000:02:00.0'
        option htmode 'VHT80'
        option disabled '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option encryption 'none'
        option ssid 'WifiVPN'
        option network 'vpnuser'


config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option serversfile '/tmp/adb_list.overall'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        list dhcp_option '6,208.67.222.222,208.67.220.220'
        list dhcp_option '6,8.8.8.8,8.8.4.4'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'vpnuser'
        option start '100'
        option leasetime '12h'
        option limit '150'
        option interface 'vpnuser'

config host
        option name 'Jimdo'
        option dns '1'
        option mac 'B8:27:EB:0F:88:E9'
        option ip '192.168.1.254'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.0.253/24 brd 192.168.0.255 scope global eth0.2
       valid_lft forever preferred_lft forever
8: br-vpnuser: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.2.1/24 brd 192.168.2.255 scope global br-vpnuser
       valid_lft forever preferred_lft forever
11: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
    inet 10.8.11.6 peer 10.8.11.5/32 scope global tun0
       valid_lft forever preferred_lft forever
default via 192.168.0.254 dev eth0.2  src 192.168.0.253
10.8.11.5 dev tun0 scope link  src 10.8.11.6
192.168.0.0/24 dev eth0.2 scope link  src 192.168.0.253
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1
192.168.2.0/24 dev br-vpnuser scope link  src 192.168.2.1
0:      from all lookup local
1:      from all iif br-vpnuser lookup 100
32766:  from all lookup main
32767:  from all lookup default

Thanks for helps ..

From the vpnuser network client:

nslookup openwrt.org
nslookup openwrt.org 8.8.8.8

hello and thanks,
It look like dns pb :

nslookup openwrt.org
Serveur :   OpenWrt.lan
Address:  192.168.2.1

*** OpenWrt.lan ne parvient pas à trouver openwrt.org : Query refused

nslookup openwrt.org 8.8.8.8
Serveur :   dns.google
Address:  8.8.8.8

Réponse ne faisant pas autorité :
Nom :    openwrt.org
Addresses:  2a03:b0c0:3:d0::1af1:1
          139.59.209.225

https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#upstream_dns_provider

And if you want to avoid DNS leak:

These options should be applied to:

Hello thanks Vpn works fine now !

Any idea why i have pb to have wifi on my android ?

Try ping, tracepath and nslookup from Android:

Hello,

For exemple when i listen a webradio on my smartphone it's cut evry 1 or 2 minutes we can see it with the ping;


bizarely ut's works for nslookup and tracepath but it's takes a lot of more times


An idea ?

43% packet loss

If nothing helps, then it's probably some poor driver compatibility.

Hello, i have add a new wifi on mode AC channel 36 and now it's ok for my wifi on my smartphone.
however myvpnwifi doesn't works again )- i don't undersdant the dns look's works :

nslookup openwrt.org
Serveur :   OpenWrt.lan
Address:  192.168.2.1

Réponse ne faisant pas autorité :
Nom :    openwrt.org
Addresses:  2a03:b0c0:3:d0::1af1:1
          139.59.209.225

but ping doesn't works :

ping www.openwrt.org

Envoi d’une requête 'ping' sur wiki-01.infra.openwrt.org [139.59.209.225] avec 32 octets de données :
Délai d’attente de la demande dépassé.

The pb can by ly vpn provider ?

Regards

It is possible, though the domain name is resolved properly.
So, the DNS reply is either cached, or comes not via the VPN but from another source, e.g. from the router.
Try tracert, restart the VPN, check the system log.
If it is the VPN issue, then tune the keepalive option.

Hello i try with a ipconfig /flusdns and here the log openvpn.log i don't anderstand a lot of things...

Sun Jul 21 22:47:09 2019 event_wait : Interrupted system call (code=4)
Sun Jul 21 22:47:09 2019 Closing TUN/TAP interface
Sun Jul 21 22:47:09 2019 /sbin/ifconfig tun0 0.0.0.0
Sun Jul 21 22:47:09 2019 /sbin/ifconfig tun0 del fd78:486:1c09:568f::1001/64
Sun Jul 21 22:47:09 2019 /etc/openvpn/downdns tun0 1500 1552 10.8.11.10 10.8.11.9 init
Sun Jul 21 22:47:09 2019 SIGTERM[hard,] received, process exiting
Sun Jul 21 22:47:14 2019 OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Jul 21 22:47:14 2019 library versions: OpenSSL 1.0.2s  28 May 2019, LZO 2.10
Sun Jul 21 22:47:14 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Jul 21 22:47:14 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Jul 21 22:47:14 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]23.229.0.242:1194
Sun Jul 21 22:47:14 2019 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Jul 21 22:47:14 2019 UDP link local: (not bound)
Sun Jul 21 22:47:14 2019 UDP link remote: [AF_INET]23.229.0.242:1194
Sun Jul 21 22:47:14 2019 TLS: Initial packet from [AF_INET]23.229.0.242:1194, sid=cbe11d55 972cfb59
Sun Jul 21 22:47:14 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jul 21 22:47:14 2019 VERIFY OK: depth=1, C=US, ST=UTAH, L=Salt Lake, O=ZoogTV, OU=AMER1 VPN, CN=ZoogTV CA, emailAddress=support@zoogtv.com
Sun Jul 21 22:47:14 2019 VERIFY OK: depth=0, C=US, ST=UTAH, L=Salt Lake, O=ZoogTV, OU=AMER1 VPN, CN=server, emailAddress=support@zoogtv.com
Sun Jul 21 22:47:15 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Sun Jul 21 22:47:15 2019 [server] Peer Connection Initiated with [AF_INET]23.229.0.242:1194
Sun Jul 21 22:47:16 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Jul 21 22:47:16 2019 PUSH: Received control message: 'PUSH_REPLY,sndbuf 393216,rcvbuf 393216,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1 ipv6,tun-ipv6,route 10.8.11.1,topology net30,ping 10,ping-restart 120,ifconfig-ipv6 fd78:486:1c09:568f::1003/64 fd78:486:1c09:568f::1,ifconfig 10.8.11.18 10.8.11.17,peer-id 1,cipher AES-256-GCM'
Sun Jul 21 22:47:16 2019 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Sun Jul 21 22:47:16 2019 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Sun Jul 21 22:47:16 2019 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Sun Jul 21 22:47:16 2019 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Sun Jul 21 22:47:16 2019 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jul 21 22:47:16 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Jul 21 22:47:16 2019 Socket Buffers: R=[163840->327680] S=[163840->327680]
Sun Jul 21 22:47:16 2019 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jul 21 22:47:16 2019 OPTIONS IMPORT: peer-id set
Sun Jul 21 22:47:16 2019 OPTIONS IMPORT: adjusting link_mtu to 1624
Sun Jul 21 22:47:16 2019 OPTIONS IMPORT: data channel crypto options modified
Sun Jul 21 22:47:16 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Jul 21 22:47:16 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Jul 21 22:47:16 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Jul 21 22:47:16 2019 TUN/TAP device tun0 opened
Sun Jul 21 22:47:16 2019 TUN/TAP TX queue length set to 100
Sun Jul 21 22:47:16 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Sun Jul 21 22:47:16 2019 /sbin/ifconfig tun0 10.8.11.18 pointopoint 10.8.11.17 mtu 1500
Sun Jul 21 22:47:16 2019 /sbin/ifconfig tun0 add fd78:486:1c09:568f::1003/64
Sun Jul 21 22:47:16 2019 /etc/openvpn/updns tun0 1500 1552 10.8.11.18 10.8.11.17 init
Sun Jul 21 22:47:16 2019 Initialization Sequence Completed

What's "then tune the keepalive option" mean ?

Regards

It makes the client to reconnect if the server does not reply for a while.

1 Like

I closed this post i have no more Wifi pb thanks for your help i will open a vpn topic for the rest.

Thanks

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.