openvpn client connected but can't browse any internet

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
View previous topic :: View next topic  
Author Message
ta2ta2
DD-WRT Novice


Joined: 22 May 2018
Posts: 23
PostPosted: Tue May 22, 2018 12:06    Post subject: openvpn client connected but can't browse any internet Reply with quote
Hello,

I'm newbie to the whole routing, please bear with my limited knowledge ..

I'm running DD-WRT v3.0-r35965M kongat (05/17/18 ) over my Linksys EA8500 as main router at my home.

I have SmartyDNS package for the VPN... following their openvpn client instructions to connect to VPN got me connected under Status >> openvpn. however, I was never be able to browse any internet from any device connected to this router.

I tried lots of firewall commands and other tips found them here and there with no success.. Please assist Smile

below is client log hope it helps:

Code:


Clientlog:
20180521 22:51:12 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20180521 22:51:12 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20180521 22:51:12 I OpenVPN 2.4.5 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 17 2018
20180521 22:51:12 I library versions: OpenSSL 1.1.0h 27 Mar 2018 LZO 2.09
20180521 22:51:12 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20180521 22:51:12 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20180521 22:51:12 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20180521 22:51:13 I TCP/UDP: Preserving recently used remote address: [AF_INET]199.115.116.83:5555
20180521 22:51:13 Socket Buffers: R=[180224->180224] S=[180224->180224]
20180521 22:51:13 I UDPv4 link local: (not bound)
20180521 22:51:13 I UDPv4 link remote: [AF_INET]199.115.116.83:5555
20180521 22:51:13 TLS: Initial packet from [AF_INET]199.115.116.83:5555 sid=978cd2f1 1fe17c90
20180521 22:51:13 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20180521 22:51:13 VERIFY OK: depth=2 C=GB ST=Greater Manchester L=Salford O=COMODO CA Limited CN=COMODO RSA Certification Authority
20180521 22:51:13 VERIFY OK: depth=1 C=GB ST=Greater Manchester L=Salford O=COMODO CA Limited CN=COMODO RSA Domain Validation Secure Server CA
20180521 22:51:13 VERIFY OK: depth=0 OU=Domain Control Validated OU=PositiveSSL Wildcard CN=.smartydns.com
20180521 22:51:14 NOTE: --mute triggered...
20180521 22:51:14 1 variation(s) on previous 3 message(s) suppressed by --mute
20180521 22:51:14 I [ .smartydns.com] Peer Connection Initiated with [AF_INET]199.115.116.83:5555
20180521 22:51:15 SENT CONTROL [*.smartydns.com]: 'PUSH_REQUEST' (status=1)
20180521 22:51:18 PUSH: Received control message: 'PUSH_REPLY ping 3 ping-restart 10 ifconfig 10.6.0.85 10.6.0.86 dhcp-option DNS 8.8.8.8 dhcp-option DNS 8.8.4.4 route-gateway 10.6.0.86 redirect-gateway def1'
20180521 22:51:18 OPTIONS IMPORT: timers and/or timeouts modified
20180521 22:51:18 NOTE: --mute triggered...
20180521 22:51:18 4 variation(s) on previous 3 message(s) suppressed by --mute
20180521 22:51:18 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
20180521 22:51:18 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
20180521 22:51:18 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
20180521 22:51:18 NOTE: --mute triggered...
20180521 22:51:18 1 variation(s) on previous 3 message(s) suppressed by --mute
20180521 22:51:18 I TUN/TAP device tun1 opened
20180521 22:51:18 TUN/TAP TX queue length set to 100
20180521 22:51:18 D do_ifconfig tt->did_ifconfig_ipv6_setup=0
20180521 22:51:18 I /sbin/ifconfig tun1 10.6.0.85 pointopoint 10.6.0.86 mtu 1500
20180521 22:51:18 /sbin/route add -net 199.115.116.83 netmask 255.255.255.255 gw 91.75.172.1
20180521 22:51:18 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.6.0.86
20180521 22:51:18 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.6.0.86
20180521 22:51:18 I Initialization Sequence Completed
20180521 22:53:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180521 22:53:13 D MANAGEMENT: CMD 'state'
20180521 22:53:13 MANAGEMENT: Client disconnected
20180521 22:53:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180521 22:53:13 D MANAGEMENT: CMD 'state'
20180521 22:53:13 MANAGEMENT: Client disconnected
20180521 22:53:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180521 22:53:14 D MANAGEMENT: CMD 'state'
20180521 22:53:14 MANAGEMENT: Client disconnected
20180521 22:53:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180521 22:53:14 D MANAGEMENT: CMD 'status 2'
20180521 22:53:14 MANAGEMENT: Client disconnected
20180521 22:53:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180521 22:53:14 D MANAGEMENT: CMD 'log 500'
20180521 22:53:14 MANAGEMENT: Client disconnected
20180521 22:57:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180521 22:57:30 D MANAGEMENT: CMD 'state'
20180521 22:57:30 MANAGEMENT: Client disconnected
20180521 22:57:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180521 22:57:30 D MANAGEMENT: CMD 'state'
20180521 22:57:30 MANAGEMENT: Client disconnected
20180521 22:57:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180521 22:57:30 D MANAGEMENT: CMD 'state'
20180521 22:57:30 MANAGEMENT: Client disconnected
20180521 22:57:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180521 22:57:30 D MANAGEMENT: CMD 'status 2'
20180521 22:57:30 MANAGEMENT: Client disconnected
20180521 22:57:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180521 22:57:30 D MANAGEMENT: CMD 'log 500'
19700101 04:00:00
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12893
Location: Netherlands
PostPosted: Tue May 22, 2018 12:26    Post subject: Reply with quote
Can you show us a picture of the OpenVPN Setup page (scramble password and user name)
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
ta2ta2
DD-WRT Novice


Joined: 22 May 2018
Posts: 23
PostPosted: Tue May 22, 2018 12:43    Post subject: Reply with quote
Thanks for your swift reply.

Sure, please find attached
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12893
Location: Netherlands
PostPosted: Tue May 22, 2018 14:07    Post subject: Reply with quote
Enable both NAT and Firewall protection unless smartydns tells you otherwise.
I took a quick glance and the log and settings show nothing out of the ordinary.
Try a different server
Try port 443 with TCP (1194 is sometimes blocked)
Try different settings for LZO compression.

Post State and Status on the OpenVPN Status page so that we can see of it shows Connected (which should be according to the log) and under Status we can see if there are TCP/UDP read and writes

You could try a ping or traceroute to see where it is blocked.

You do not need any firewall commands so delete all (ddwrt takes care of this)
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
ta2ta2
DD-WRT Novice


Joined: 22 May 2018
Posts: 23
PostPosted: Tue May 22, 2018 15:37    Post subject: Reply with quote
It always says connected. But not able to ping/ browse any websites.
Back to top View user's profile Send private message
ta2ta2
DD-WRT Novice


Joined: 22 May 2018
Posts: 23
PostPosted: Tue May 22, 2018 16:30    Post subject: Reply with quote
This what SmartyDNS setup should look like. I replicated the same. However, I will give your suggestion a try and revert.

https://www.smartydns.com/wp-content/themes/smartydns/images/tutorials/vpn/openvpn/dd-wrt/set-up-openvpn-dd-wrt-routers-4.png
Back to top View user's profile Send private message
ta2ta2
DD-WRT Novice


Joined: 22 May 2018
Posts: 23
PostPosted: Tue May 22, 2018 17:02    Post subject: Reply with quote
well here is my ping and traceroute results looks like. even they are getting response I'm not able to browse any websites..

Code:

traceroute to www.google.com (172.217.12.228), 64 hops max, 52 byte packets
 1  192.168.1.1 (192.168.1.1)  1.827 ms  1.745 ms  0.983 ms
 2  10.0.0.3 (10.0.0.3)  203.059 ms  203.286 ms  202.799 ms
 3  v627.ce01.wdc-01.us.leaseweb.net (199.115.116.124)  203.170 ms *  202.914 ms
 4  * * be-2.br02.wdc-01.us.leaseweb.net (108.59.15.100)  203.875 ms
 5  * po-1.bb02.wdc-01.leaseweb.net (31.31.39.8)  205.693 ms *
 6  xe-1-0-0.bb10.wdc-10.leaseweb.net (31.31.34.95)  204.497 ms * *
 7  * * *
 8  108.170.240.97 (108.170.240.97)  205.010 ms * *
 9  * * 108.170.232.19 (108.170.232.19)  204.759 ms
10  * iad30s15-in-f4.1e100.net (172.217.12.228)  206.299 ms *



PING 8.8.8.8 (8.8.8.8): 56 data bytes
Request timeout for icmp_seq 0
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=204.253 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=203.608 ms
Request timeout for icmp_seq 3
64 bytes from 8.8.8.8: icmp_seq=4 ttl=56 time=206.818 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=56 time=204.208 ms
Request timeout for icmp_seq 6
Request timeout for icmp_seq 7
Request timeout for icmp_seq 8
Request timeout for icmp_seq 9
Request timeout for icmp_seq 10
Request timeout for icmp_seq 11
Request timeout for icmp_seq 12
Request timeout for icmp_seq 13
64 bytes from 8.8.8.8: icmp_seq=14 ttl=56 time=203.745 ms
Request timeout for icmp_seq 15
Request timeout for icmp_seq 16
Request timeout for icmp_seq 17
Request timeout for icmp_seq 18
Request timeout for icmp_seq 19
64 bytes from 8.8.8.8: icmp_seq=20 ttl=56 time=207.072 ms
64 bytes from 8.8.8.8: icmp_seq=21 ttl=56 time=204.170 ms
64 bytes from 8.8.8.8: icmp_seq=22 ttl=56 time=204.567 ms
64 bytes from 8.8.8.8: icmp_seq=23 ttl=56 time=203.288 ms
Request timeout for icmp_seq 24
Request timeout for icmp_seq 25
64 bytes from 8.8.8.8: icmp_seq=26 ttl=56 time=206.156 ms
Request timeout for icmp_seq 27
64 bytes from 8.8.8.8: icmp_seq=28 ttl=56 time=205.291 ms
Request timeout for icmp_seq 29
64 bytes from 8.8.8.8: icmp_seq=30 ttl=56 time=275.207 ms
64 bytes from 8.8.8.8: icmp_seq=31 ttl=56 time=204.636 ms
Request timeout for icmp_seq 32
Request timeout for icmp_seq 33
Request timeout for icmp_seq 34
Request timeout for icmp_seq 35
Request timeout for icmp_seq 36
Request timeout for icmp_seq 37
Request timeout for icmp_seq 38
Request timeout for icmp_seq 39
Request timeout for icmp_seq 40
Request timeout for icmp_seq 41
Request timeout for icmp_seq 42
64 bytes from 8.8.8.8: icmp_seq=43 ttl=56 time=204.542 ms
Request timeout for icmp_seq 44
64 bytes from 8.8.8.8: icmp_seq=45 ttl=56 time=204.046 ms
64 bytes from 8.8.8.8: icmp_seq=46 ttl=56 time=204.395 ms
Request timeout for icmp_seq 47
Request timeout for icmp_seq 48
Request timeout for icmp_seq 49
64 bytes from 8.8.8.8: icmp_seq=50 ttl=56 time=203.860 ms
64 bytes from 8.8.8.8: icmp_seq=51 ttl=56 time=206.963 ms
64 bytes from 8.8.8.8: icmp_seq=52 ttl=56 time=204.114 ms
64 bytes from 8.8.8.8: icmp_seq=53 ttl=56 time=204.170 ms
64 bytes from 8.8.8.8: icmp_seq=54 ttl=56 time=204.227 ms
64 bytes from 8.8.8.8: icmp_seq=55 ttl=56 time=206.505 ms
Request timeout for icmp_seq 56
Request timeout for icmp_seq 57
Request timeout for icmp_seq 58
64 bytes from 8.8.8.8: icmp_seq=59 ttl=56 time=204.460 ms
Request timeout for icmp_seq 60
Request timeout for icmp_seq 61
64 bytes from 8.8.8.8: icmp_seq=62 ttl=56 time=205.506 ms
Request timeout for icmp_seq 63
Request timeout for icmp_seq 64
Request timeout for icmp_seq 65
Request timeout for icmp_seq 66
Request timeout for icmp_seq 67
Request timeout for icmp_seq 68
64 bytes from 8.8.8.8: icmp_seq=69 ttl=56 time=204.741 ms
Request timeout for icmp_seq 70
Request timeout for icmp_seq 71
Request timeout for icmp_seq 72
Request timeout for icmp_seq 73
64 bytes from 8.8.8.8: icmp_seq=74 ttl=56 time=204.777 ms
64 bytes from 8.8.8.8: icmp_seq=75 ttl=56 time=203.805 ms
Request timeout for icmp_seq 76
64 bytes from 8.8.8.8: icmp_seq=77 ttl=56 time=204.092 ms
Request timeout for icmp_seq 78
64 bytes from 8.8.8.8: icmp_seq=79 ttl=56 time=206.346 ms
64 bytes from 8.8.8.8: icmp_seq=80 ttl=56 time=205.694 ms
64 bytes from 8.8.8.8: icmp_seq=81 ttl=56 time=239.478 ms
64 bytes from 8.8.8.8: icmp_seq=82 ttl=56 time=329.625 ms
Request timeout for icmp_seq 83
Request timeout for icmp_seq 84
Request timeout for icmp_seq 85
Request timeout for icmp_seq 86
Request timeout for icmp_seq 87
64 bytes from 8.8.8.8: icmp_seq=88 ttl=56 time=208.459 ms
64 bytes from 8.8.8.8: icmp_seq=89 ttl=56 time=205.343 ms
64 bytes from 8.8.8.8: icmp_seq=90 ttl=56 time=333.556 ms
Request timeout for icmp_seq 91
64 bytes from 8.8.8.8: icmp_seq=92 ttl=56 time=206.812 ms
64 bytes from 8.8.8.8: icmp_seq=93 ttl=56 time=203.992 ms
64 bytes from 8.8.8.8: icmp_seq=94 ttl=56 time=204.256 ms
64 bytes from 8.8.8.8: icmp_seq=95 ttl=56 time=204.433 ms
64 bytes from 8.8.8.8: icmp_seq=96 ttl=56 time=204.259 ms
64 bytes from 8.8.8.8: icmp_seq=97 ttl=56 time=204.047 ms
Request timeout for icmp_seq 98
Request timeout for icmp_seq 99
Request timeout for icmp_seq 100
64 bytes from 8.8.8.8: icmp_seq=101 ttl=56 time=205.690 ms
64 bytes from 8.8.8.8: icmp_seq=102 ttl=56 time=256.300 ms
64 bytes from 8.8.8.8: icmp_seq=103 ttl=56 time=204.477 ms

Back to top View user's profile Send private message
ta2ta2
DD-WRT Novice


Joined: 22 May 2018
Posts: 23
PostPosted: Tue May 22, 2018 17:22    Post subject: Reply with quote
Actually I was running the ping and traceroute from my Macbook over the wifi connection...

Excuse my limited knowledge here...if you want me to perform more tests please let me know..
Back to top View user's profile Send private message
ta2ta2
DD-WRT Novice


Joined: 22 May 2018
Posts: 23
PostPosted: Tue May 22, 2018 18:01    Post subject: Reply with quote
Just restarted the client ...

now I'm not able to traceroute www.google.com and also not able to ping www.google.com

however, i was able to ping 8.8.8.8...

Also still no internet browsing after reseting the browser cache (chrome)
Back to top View user's profile Send private message
ta2ta2
DD-WRT Novice


Joined: 22 May 2018
Posts: 23
PostPosted: Tue May 22, 2018 18:13    Post subject: Reply with quote
hmmm Sad any idea how to get things rolling?

I tried to use the PPTP, all went well however I can't bypass destination IP and some of my devices using PPTP .. only openvpn I presume? any alternatives?
Back to top View user's profile Send private message
ta2ta2
DD-WRT Novice


Joined: 22 May 2018
Posts: 23
PostPosted: Tue May 22, 2018 18:28    Post subject: Reply with quote
Yes dear, I made sure to validate my IP all the time, also I'm using their Bypass transparent DNS proxy script ... it is just so odd not able to browse after all

I'm using this one https://www.smartydns.com/support/bypass-transparent-dns-proxy-dd-wrt-router/

Code:

You are using our DNS servers.
Your IP address (91.75.173.112) appear to be validated.
Your websites region is set to US.
Back to top View user's profile Send private message
ta2ta2
DD-WRT Novice


Joined: 22 May 2018
Posts: 23
PostPosted: Tue May 22, 2018 19:09    Post subject: Reply with quote
I have observed the WAN IP doesn't match the remote IP address when I'm connected to the openvpn and therefore I don't have internet access...

However when connected using the PPTP my WAN IP matches the remote IP address.. and I'm able to browse internet normally ..please see attached if that make any sense?
Back to top View user's profile Send private message
ta2ta2
DD-WRT Novice


Joined: 22 May 2018
Posts: 23
PostPosted: Tue May 22, 2018 19:32    Post subject: Reply with quote
Thanks for the explanation... I'm just going nuts here as I'm not able to get the openvpn to work..
Back to top View user's profile Send private message
ta2ta2
DD-WRT Novice


Joined: 22 May 2018
Posts: 23
PostPosted: Tue May 22, 2018 19:39    Post subject: Reply with quote
Much appreciated... that would be great if you can confirm from your end the root cause of this issue..
Back to top View user's profile Send private message
ta2ta2
DD-WRT Novice


Joined: 22 May 2018
Posts: 23
PostPosted: Wed May 23, 2018 19:12    Post subject: Reply with quote
I reinstalled fresh copy of the dd-wrt, then configured the openvpn with the basic, again I get connected under the status > openvpn but still no actual internet connection available on any of the devices ... Sad
Back to top View user's profile Send private message
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum