VPN connected, but no device response

zdenek.sofr · July 13, 2019, 8:15am

dears
can you tell me, what I’m doing wrong? Turris 3.11.5, installed OpenVPN, left deafult config

Firewall setup:

(přijmout = accept, odmítnout = reject)

OpenVPN client on my Mac succsefully connect.

2019-07-13 08:37:08.030715 /sbin/route add -net 192.168.250.0 10.111.111.5 255.255.255.0
add net 192.168.250.0: gateway 10.111.111.5
2019-07-13 08:37:08.035355 /sbin/route add -net 10.111.111.1 10.111.111.5 255.255.255.255
add net 10.111.111.1: gateway 10.111.111.5
2019-07-13 08:37:08.038342 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
2019-07-13 08:37:08.038363 Initialization Sequence Completed
2019-07-13 08:37:08.038398 MANAGEMENT: >STATE:1562999828,CONNECTED,SUCCESS,10.111.111.6,target_public,1194,
2019-07-13 08:37:08.182944 *Tunnelblick: No ‘connected.sh’ script to execute
2019-07-13 08:37:08.264730 *Tunnelblick: DNS address 10.111.111.1 is being routed through the VPN
2019-07-13 08:37:13.717945 *Tunnelblick: This computer’s apparent public IP address (my_public) was unchanged after the connection was made

After connecting to VPN evetything stops working. Internet, I can’t access nothing in VPN network, even Turris (not on public, not on 192.168.250.1, not on 10.111.111.1)

the task is get access from anywehere to RDP and other services in 192.168.250.x behind Turris via OpenVpn

any help is welcome

thanks, Zdeněk

zaantar · July 14, 2019, 8:24am

I have a similar issue… does anyone have any ideas?

It doesn’t work for me for any combination of those settings in Foris, despite the fact that the OpenVPN client on Windows 10 manages to connect successfully.

My firewall setup is identical to the one of @zdenek.sofr.

Any help or guidance will be much appreciated.

jklaas · July 14, 2019, 1:14pm

Can you do things like ping the Turris from the client?
If you can, then the VPN is connected fine.
Can you ping the end point from the client?
If you can ping the Turris, but can’t ping the endpoint, then there’s probably a routing issue.

zdenek.sofr · July 15, 2019, 4:20am

ping to 10.111.111.1, also 192.168.250.1 = request timeout, the same for whatever address in 192.168.250.x segment

i’ve no idea, what’s wrong. I just

get turris working for LAN (wifi off) - worked fine
installed all updates - worked fine (about a month)
installed OpenVPN plugin - still worked fine about a week
Applied settings for OpenVPN (default) and created .conf
changed firewall settings, cause by default there was rule Lan=>WAN, VPN (but I would like to have VPN as a “part” of LAN, so I changed the rule to Lan, VPN => WAN - I hope, I get it right)

some more details fron Win client

OpenVPN - connected
Ipconfig says: 10.111.111.6/255.255.255.2, no default GW, no DNS, address of DHCP server 10.111.111.5

Access to my LAN (192.168.1.x) and also public internet - OK, Access to whatever IP in 10.111.111.x or 192.168.250.x doesn´t work

if I get it right, routes are added by OpenVPN Client:

Mon Jul 15 07:28:14 2019 TAP-Windows Driver Version 9.23
Mon Jul 15 07:28:14 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.111.111.6/255.255.255.252 on interface {C983BA08-B86C-4FF2-A466-3AA168A30A72} [DHCP-serv: 10.111.111.5, lease-time: 31536000]
Mon Jul 15 07:28:14 2019 Successful ARP Flush on interface [20] {C983BA08-B86C-4FF2-A466-3AA168A30A72}
Mon Jul 15 07:28:14 2019 MANAGEMENT: >STATE:1563168494,ASSIGN_IP,10.111.111.6,
Mon Jul 15 07:28:19 2019 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Mon Jul 15 07:28:19 2019 MANAGEMENT: >STATE:1563168499,ADD_ROUTES,
Mon Jul 15 07:28:19 2019 C:\Windows\system32\route.exe ADD 192.168.250.0 MASK 255.255.255.0 10.111.111.5
Mon Jul 15 07:28:19 2019 Route addition via service succeeded
Mon Jul 15 07:28:19 2019 C:\Windows\system32\route.exe ADD 10.111.111.1 MASK 255.255.255.255 10.111.111.5
Mon Jul 15 07:28:19 2019 Route addition via service succeeded
Mon Jul 15 07:28:19 2019 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Mon Jul 15 07:28:19 2019 Initialization Sequence Completed
Mon Jul 15 07:28:19 2019 MANAGEMENT: >STATE:1563168499,CONNECTED,SUCCESS,10.111.111.6,public_ip_of_turris,1194,

Thanks, Zdeněk

jklaas · July 15, 2019, 2:59pm

That your ping to the PTP connection gateway (10.111.111.1) is timing out indicates there’s likely a firewall issue.

zdenek.sofr · July 16, 2019, 6:53am

@jklaas - could be… but this is something out of my level… I´ve tried to turn off local (windows) firewall - didn´t help. Tried on another ISP (to be sure, it´s not problem on my LAN). I can access SSH remotely, but no idea, what to check
in Luci I can see “vpn_turris_rule”

(means “whatever host via UDP on WAN” to “whatever IP of router:1194 on this device”)

so I gues it should be working…

ricmik · July 16, 2019, 8:18am

Did you try rebooting your Turris after enabling OpenVPN?
I had the same issue, and the problem was that the routing table lacked the routing information to the VPN. This was solved by a reboot.

zdenek.sofr · July 17, 2019, 4:20pm

@ricmik after restart i´m not able to connect at all
Wed Jul 17 18:18:30 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jul 17 18:18:30 2019 TLS Error: TLS handshake failed

but I´m able to login to turris and forris, so network is OK

ricmik · July 19, 2019, 9:59am

Are you connecting to your router by IP or hostname?
Maybe the external IP has changed after the reboot and the DNS record is out of date, or the OpenVPN configuration is incorrect if you’re connecting by IP?

zdenek.sofr · July 19, 2019, 11:19am

IP, which is static

i didn’t change the conf, that’s wha I’m confused …

Thanks

The_ERROR · June 23, 2023, 3:55pm

same problem here… Was any one able to fix it somehow?