Unable to access internet from OpenVPN Client in Android only

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See https://forums.openvpn.net/viewtopic.php?f=30&t=21589 for an example.
garras
OpenVpn Newbie
Posts: 3
Joined: Mon Jul 24, 2017 6:02 pm

Unable to access internet from OpenVPN Client in Android only

Postby garras » Mon Jul 24, 2017 7:52 pm

Hello,
I'm not able to connect to websites on Android using OpenVPN Connect but i can connect to the LAN

I have a server setup using on a Raspberry 2 that uses piVpn

/etc/openvpn/server.conf

Code: Select all

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.0.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 192.168.0.72"
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
#crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 1
# Generated for use by PiVPN.io


this is my exported profile:
nexus.ovpn

Code: Select all

client
dev tun
proto udp
remote [my public ip] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
<ca>
-----BEGIN CERTIFICATE-----
            ...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
            ...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
            ...
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
             ...
-----END OpenVPN Static key V1-----
</tls-auth>



On my Ubuntu 16.04 machine I am able to connect without problem, directly from network manager,
after having installed:

Code: Select all

sudo apt-get install openvpn
sudo apt-get install network-manager-openvpn
sudo apt-get install network-manager-openvpn-gnome
sudo apt-get install network-manager-pptp
sudo apt-get install network-manager-vpnc


From my ubuntu 16.04 I am able to connect to the LAN and browse websites.
I can access my devices via ssh and if i browse websites such as
http://whatismyipaddress.com/
I can see my home IP address.

From Android 7 (Nexus 5X) with OpenVPN Client installed (version 1.1.17 (build 76))
I can import the same configuration,
I can connect successfully (both wifi and mobile)
I can ping my home network
I can ssh into my home network

I cannot ping any external website
I cannot browse any external website

for some reasons though i still can seem to receive WhatsApp messages ( that i think runs on port 5223 )
I can run nslookup google.com and I am returned with the correct IP address of the websited, so i don't think it's
a DNS issue.

Note: in the configuratioon above, the DNS is pointing 192.168.0.72 because my vpn server also is the DNS server

Thanks for the help, if more information are needes I will provide them

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2695
Joined: Fri Jun 03, 2016 1:17 pm

Re: Unable to access internet from OpenVPN Client in Android only

Postby TinCanTech » Mon Jul 24, 2017 8:37 pm

Please set --verb 4 in you client and server config and then post your sanitized log files.

Like so:
HOWTO: Request Help ! {2}

garras
OpenVpn Newbie
Posts: 3
Joined: Mon Jul 24, 2017 6:02 pm

Re: Unable to access internet from OpenVPN Client in Android only

Postby garras » Wed Jul 26, 2017 9:14 am

Server logs:

Code: Select all

Wed Jul 26 10:49:17 2017 us=412170 Current Parameter Settings:
Wed Jul 26 10:49:17 2017 us=412541   config = '/etc/openvpn/server.conf'
Wed Jul 26 10:49:17 2017 us=412630   mode = 1
Wed Jul 26 10:49:17 2017 us=412696   persist_config = DISABLED
Wed Jul 26 10:49:17 2017 us=412760   persist_mode = 1
Wed Jul 26 10:49:17 2017 us=412821   show_ciphers = DISABLED
Wed Jul 26 10:49:17 2017 us=412882   show_digests = DISABLED
Wed Jul 26 10:49:17 2017 us=412943   show_engines = DISABLED
Wed Jul 26 10:49:17 2017 us=413002   genkey = DISABLED
Wed Jul 26 10:49:17 2017 us=413063   key_pass_file = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=413122   show_tls_ciphers = DISABLED
Wed Jul 26 10:49:17 2017 us=413183 Connection profiles [default]:
Wed Jul 26 10:49:17 2017 us=413246   proto = udp
Wed Jul 26 10:49:17 2017 us=413308   local = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=413369   local_port = 1194
Wed Jul 26 10:49:17 2017 us=413429   remote = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=413489   remote_port = 1194
Wed Jul 26 10:49:17 2017 us=413550   remote_float = DISABLED
Wed Jul 26 10:49:17 2017 us=413610   bind_defined = DISABLED
Wed Jul 26 10:49:17 2017 us=413671   bind_local = ENABLED
Wed Jul 26 10:49:17 2017 us=413732   connect_retry_seconds = 5
Wed Jul 26 10:49:17 2017 us=413792   connect_timeout = 10
Wed Jul 26 10:49:17 2017 us=413853   connect_retry_max = 0
Wed Jul 26 10:49:17 2017 us=413913   socks_proxy_server = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=413974   socks_proxy_port = 0
Wed Jul 26 10:49:17 2017 us=414034   socks_proxy_retry = DISABLED
Wed Jul 26 10:49:17 2017 us=414094   tun_mtu = 1500
Wed Jul 26 10:49:17 2017 us=414154   tun_mtu_defined = ENABLED
Wed Jul 26 10:49:17 2017 us=414215   link_mtu = 1500
Wed Jul 26 10:49:17 2017 us=414278   link_mtu_defined = DISABLED
Wed Jul 26 10:49:17 2017 us=414347   tun_mtu_extra = 0
Wed Jul 26 10:49:17 2017 us=414415   tun_mtu_extra_defined = DISABLED
Wed Jul 26 10:49:17 2017 us=414776   mtu_discover_type = -1
Wed Jul 26 10:49:17 2017 us=414859   fragment = 0
Wed Jul 26 10:49:17 2017 us=414922   mssfix = 1450
Wed Jul 26 10:49:17 2017 us=414984   explicit_exit_notification = 0
Wed Jul 26 10:49:17 2017 us=415046 Connection profiles END
Wed Jul 26 10:49:17 2017 us=415107   remote_random = DISABLED
Wed Jul 26 10:49:17 2017 us=415169   ipchange = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=415230   dev = 'tun'
Wed Jul 26 10:49:17 2017 us=415291   dev_type = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=415351   dev_node = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=415411   lladdr = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=415472   topology = 3
Wed Jul 26 10:49:17 2017 us=415531   tun_ipv6 = DISABLED
Wed Jul 26 10:49:17 2017 us=415591   ifconfig_local = '10.8.0.1'
Wed Jul 26 10:49:17 2017 us=415652   ifconfig_remote_netmask = '255.255.255.0'
Wed Jul 26 10:49:17 2017 us=415714   ifconfig_noexec = DISABLED
Wed Jul 26 10:49:17 2017 us=415774   ifconfig_nowarn = DISABLED
Wed Jul 26 10:49:17 2017 us=415835   ifconfig_ipv6_local = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=415896   ifconfig_ipv6_netbits = 0
Wed Jul 26 10:49:17 2017 us=415957   ifconfig_ipv6_remote = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=416017   shaper = 0
Wed Jul 26 10:49:17 2017 us=416077   mtu_test = 0
Wed Jul 26 10:49:17 2017 us=416136   mlock = DISABLED
Wed Jul 26 10:49:17 2017 us=416196   keepalive_ping = 10
Wed Jul 26 10:49:17 2017 us=416256   keepalive_timeout = 120
Wed Jul 26 10:49:17 2017 us=416316   inactivity_timeout = 0
Wed Jul 26 10:49:17 2017 us=416375   ping_send_timeout = 10
Wed Jul 26 10:49:17 2017 us=416435   ping_rec_timeout = 240
Wed Jul 26 10:49:17 2017 us=416494   ping_rec_timeout_action = 2
Wed Jul 26 10:49:17 2017 us=416554   ping_timer_remote = DISABLED
Wed Jul 26 10:49:17 2017 us=416616   remap_sigusr1 = 0
Wed Jul 26 10:49:17 2017 us=416677   persist_tun = ENABLED
Wed Jul 26 10:49:17 2017 us=416737   persist_local_ip = DISABLED
Wed Jul 26 10:49:17 2017 us=416798   persist_remote_ip = DISABLED
Wed Jul 26 10:49:17 2017 us=416859   persist_key = ENABLED
Wed Jul 26 10:49:17 2017 us=416918   passtos = DISABLED
Wed Jul 26 10:49:17 2017 us=416978   resolve_retry_seconds = 1000000000
Wed Jul 26 10:49:17 2017 us=417095   username = 'nobody'
Wed Jul 26 10:49:17 2017 us=417160   groupname = 'nogroup'
Wed Jul 26 10:49:17 2017 us=417220   chroot_dir = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=417280   cd_dir = '/etc/openvpn'
Wed Jul 26 10:49:17 2017 us=417340   writepid = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=417399   up_script = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=417459   down_script = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=417519   down_pre = DISABLED
Wed Jul 26 10:49:17 2017 us=417579   up_restart = DISABLED
Wed Jul 26 10:49:17 2017 us=417639   up_delay = DISABLED
Wed Jul 26 10:49:17 2017 us=417699   daemon = ENABLED
Wed Jul 26 10:49:17 2017 us=417759   inetd = 0
Wed Jul 26 10:49:17 2017 us=417819   log = ENABLED
Wed Jul 26 10:49:17 2017 us=417878   suppress_timestamps = DISABLED
Wed Jul 26 10:49:17 2017 us=417939   nice = 0
Wed Jul 26 10:49:17 2017 us=417999   verbosity = 4
Wed Jul 26 10:49:17 2017 us=418059   mute = 0
Wed Jul 26 10:49:17 2017 us=418119   gremlin = 0
Wed Jul 26 10:49:17 2017 us=418179   status_file = '/var/log/openvpn-status.log'
Wed Jul 26 10:49:17 2017 us=418241   status_file_version = 3
Wed Jul 26 10:49:17 2017 us=418301   status_file_update_freq = 20
Wed Jul 26 10:49:17 2017 us=418361   occ = ENABLED
Wed Jul 26 10:49:17 2017 us=418421   rcvbuf = 65536
Wed Jul 26 10:49:17 2017 us=418481   sndbuf = 65536
Wed Jul 26 10:49:17 2017 us=418540   mark = 0
Wed Jul 26 10:49:17 2017 us=418600   sockflags = 0
Wed Jul 26 10:49:17 2017 us=418660   fast_io = DISABLED
Wed Jul 26 10:49:17 2017 us=418720   lzo = 7
Wed Jul 26 10:49:17 2017 us=418779   route_script = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=418839   route_default_gateway = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=418901   route_default_metric = 0
Wed Jul 26 10:49:17 2017 us=418967   route_noexec = DISABLED
Wed Jul 26 10:49:17 2017 us=419029   route_delay = 0
Wed Jul 26 10:49:17 2017 us=419092   route_delay_window = 30
Wed Jul 26 10:49:17 2017 us=419153   route_delay_defined = DISABLED
Wed Jul 26 10:49:17 2017 us=419215   route_nopull = DISABLED
Wed Jul 26 10:49:17 2017 us=419275   route_gateway_via_dhcp = DISABLED
Wed Jul 26 10:49:17 2017 us=419337   max_routes = 100
Wed Jul 26 10:49:17 2017 us=419398   allow_pull_fqdn = DISABLED
Wed Jul 26 10:49:17 2017 us=419460   management_addr = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=419522   management_port = 0
Wed Jul 26 10:49:17 2017 us=419582   management_user_pass = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=419643   management_log_history_cache = 250
Wed Jul 26 10:49:17 2017 us=419705   management_echo_buffer_size = 100
Wed Jul 26 10:49:17 2017 us=419767   management_write_peer_info_file = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=419830   management_client_user = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=419892   management_client_group = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=419954   management_flags = 0
Wed Jul 26 10:49:17 2017 us=420014   shared_secret_file = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=420076   key_direction = 1
Wed Jul 26 10:49:17 2017 us=420137   ciphername_defined = ENABLED
Wed Jul 26 10:49:17 2017 us=420199   ciphername = 'AES-256-CBC'
Wed Jul 26 10:49:17 2017 us=420260   authname_defined = ENABLED
Wed Jul 26 10:49:17 2017 us=420321   authname = 'SHA256'
Wed Jul 26 10:49:17 2017 us=420382   prng_hash = 'SHA1'
Wed Jul 26 10:49:17 2017 us=420443   prng_nonce_secret_len = 16
Wed Jul 26 10:49:17 2017 us=420505   keysize = 0
Wed Jul 26 10:49:17 2017 us=420566   engine = DISABLED
Wed Jul 26 10:49:17 2017 us=420629   replay = ENABLED
Wed Jul 26 10:49:17 2017 us=420695   mute_replay_warnings = DISABLED
Wed Jul 26 10:49:17 2017 us=420763   replay_window = 64
Wed Jul 26 10:49:17 2017 us=420826   replay_time = 15
Wed Jul 26 10:49:17 2017 us=420886   packet_id_file = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=420947   use_iv = ENABLED
Wed Jul 26 10:49:17 2017 us=421008   test_crypto = DISABLED
Wed Jul 26 10:49:17 2017 us=421067   tls_server = ENABLED
Wed Jul 26 10:49:17 2017 us=421128   tls_client = DISABLED
Wed Jul 26 10:49:17 2017 us=421189   key_method = 2
Wed Jul 26 10:49:17 2017 us=421249   ca_file = '/etc/openvpn/easy-rsa/pki/ca.crt'
Wed Jul 26 10:49:17 2017 us=421353   ca_path = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=421417   dh_file = '/etc/openvpn/easy-rsa/pki/dh2048.pem'
Wed Jul 26 10:49:17 2017 us=421480   cert_file = '/etc/openvpn/easy-rsa/pki/issued/server.crt'
Wed Jul 26 10:49:17 2017 us=421543   priv_key_file = '/etc/openvpn/easy-rsa/pki/private/server.key'
Wed Jul 26 10:49:17 2017 us=421606   pkcs12_file = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=421667   cipher_list = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=421726   tls_verify = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=421786   tls_export_cert = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=421847   verify_x509_type = 0
Wed Jul 26 10:49:17 2017 us=421907   verify_x509_name = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=421968   crl_file = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=422029   ns_cert_type = 0
Wed Jul 26 10:49:17 2017 us=422089   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422150   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422210   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422271   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422332   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422392   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422451   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422510   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422570   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422628   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422689   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422749   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422810   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422869   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422929   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=422997   remote_cert_ku[i] = 0
Wed Jul 26 10:49:17 2017 us=423068   remote_cert_eku = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=423132   ssl_flags = 192
Wed Jul 26 10:49:17 2017 us=423194   tls_timeout = 2
Wed Jul 26 10:49:17 2017 us=423254   renegotiate_bytes = 0
Wed Jul 26 10:49:17 2017 us=423314   renegotiate_packets = 0
Wed Jul 26 10:49:17 2017 us=423375   renegotiate_seconds = 3600
Wed Jul 26 10:49:17 2017 us=423436   handshake_window = 60
Wed Jul 26 10:49:17 2017 us=423497   transition_window = 3600
Wed Jul 26 10:49:17 2017 us=423557   single_session = DISABLED
Wed Jul 26 10:49:17 2017 us=423616   push_peer_info = DISABLED
Wed Jul 26 10:49:17 2017 us=423675   tls_exit = DISABLED
Wed Jul 26 10:49:17 2017 us=423736   tls_auth_file = '/etc/openvpn/easy-rsa/pki/ta.key'
Wed Jul 26 10:49:17 2017 us=423799   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=423860   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=423922   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=423984   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=424045   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=424106   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=424167   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=424229   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=424290   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=424351   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=424412   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=424546   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=424618   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=424680   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=424742   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=424803   pkcs11_protected_authentication = DISABLED
Wed Jul 26 10:49:17 2017 us=424866   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=424928   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=424989   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=425051   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=425153   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=425219   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=425280   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=425342   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=425403   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=425466   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=425528   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=425590   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=425652   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=425714   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=425776   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=425838   pkcs11_private_mode = 00000000
Wed Jul 26 10:49:17 2017 us=425899   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=425981   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426048   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426111   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426173   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426234   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426296   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426357   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426419   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426480   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426541   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426603   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426664   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426726   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426786   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426848   pkcs11_cert_private = DISABLED
Wed Jul 26 10:49:17 2017 us=426911   pkcs11_pin_cache_period = -1
Wed Jul 26 10:49:17 2017 us=426975   pkcs11_id = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=427037   pkcs11_id_management = DISABLED
Wed Jul 26 10:49:17 2017 us=427107   server_network = 10.8.0.0
Wed Jul 26 10:49:17 2017 us=427186   server_netmask = 255.255.255.0
Wed Jul 26 10:49:17 2017 us=427258   server_network_ipv6 = ::
Wed Jul 26 10:49:17 2017 us=427320   server_netbits_ipv6 = 0
Wed Jul 26 10:49:17 2017 us=427387   server_bridge_ip = 0.0.0.0
Wed Jul 26 10:49:17 2017 us=427455   server_bridge_netmask = 0.0.0.0
Wed Jul 26 10:49:17 2017 us=427522   server_bridge_pool_start = 0.0.0.0
Wed Jul 26 10:49:17 2017 us=427590   server_bridge_pool_end = 0.0.0.0
Wed Jul 26 10:49:17 2017 us=427652   push_entry = 'route 10.8.0.1 255.255.255.255'
Wed Jul 26 10:49:17 2017 us=427714   push_entry = 'route 10.8.0.0 255.255.255.0'
Wed Jul 26 10:49:17 2017 us=427776   push_entry = 'route 192.168.0.0 255.255.255.0'
Wed Jul 26 10:49:17 2017 us=427837   push_entry = 'dhcp-option DNS 192.168.0.72'
Wed Jul 26 10:49:17 2017 us=427899   push_entry = 'redirect-gateway def1'
Wed Jul 26 10:49:17 2017 us=427960   push_entry = 'route-gateway 10.8.0.1'
Wed Jul 26 10:49:17 2017 us=428021   push_entry = 'topology subnet'
Wed Jul 26 10:49:17 2017 us=428082   push_entry = 'ping 10'
Wed Jul 26 10:49:17 2017 us=428141   push_entry = 'ping-restart 120'
Wed Jul 26 10:49:17 2017 us=428202   ifconfig_pool_defined = ENABLED
Wed Jul 26 10:49:17 2017 us=428268   ifconfig_pool_start = 10.8.0.2
Wed Jul 26 10:49:17 2017 us=428335   ifconfig_pool_end = 10.8.0.253
Wed Jul 26 10:49:17 2017 us=428403   ifconfig_pool_netmask = 255.255.255.0
Wed Jul 26 10:49:17 2017 us=428465   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=428526   ifconfig_pool_persist_refresh_freq = 600
Wed Jul 26 10:49:17 2017 us=428586   ifconfig_ipv6_pool_defined = DISABLED
Wed Jul 26 10:49:17 2017 us=428652   ifconfig_ipv6_pool_base = ::
Wed Jul 26 10:49:17 2017 us=428714   ifconfig_ipv6_pool_netbits = 0
Wed Jul 26 10:49:17 2017 us=428774   n_bcast_buf = 256
Wed Jul 26 10:49:17 2017 us=428834   tcp_queue_limit = 64
Wed Jul 26 10:49:17 2017 us=428930   real_hash_size = 256
Wed Jul 26 10:49:17 2017 us=428994   virtual_hash_size = 256
Wed Jul 26 10:49:17 2017 us=429055   client_connect_script = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=429116   learn_address_script = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=429177   client_disconnect_script = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=429238   client_config_dir = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=429299   ccd_exclusive = DISABLED
Wed Jul 26 10:49:17 2017 us=429358   tmp_dir = '/tmp'
Wed Jul 26 10:49:17 2017 us=429421   push_ifconfig_defined = DISABLED
Wed Jul 26 10:49:17 2017 us=429494   push_ifconfig_local = 0.0.0.0
Wed Jul 26 10:49:17 2017 us=429563   push_ifconfig_remote_netmask = 0.0.0.0
Wed Jul 26 10:49:17 2017 us=429625   push_ifconfig_ipv6_defined = DISABLED
Wed Jul 26 10:49:17 2017 us=429691   push_ifconfig_ipv6_local = ::/0
Wed Jul 26 10:49:17 2017 us=429767   push_ifconfig_ipv6_remote = ::
Wed Jul 26 10:49:17 2017 us=429831   enable_c2c = ENABLED
Wed Jul 26 10:49:17 2017 us=429892   duplicate_cn = ENABLED
Wed Jul 26 10:49:17 2017 us=429952   cf_max = 0
Wed Jul 26 10:49:17 2017 us=430011   cf_per = 0
Wed Jul 26 10:49:17 2017 us=430071   max_clients = 1024
Wed Jul 26 10:49:17 2017 us=430131   max_routes_per_client = 256
Wed Jul 26 10:49:17 2017 us=430193   auth_user_pass_verify_script = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=430254   auth_user_pass_verify_script_via_file = DISABLED
Wed Jul 26 10:49:17 2017 us=430315   port_share_host = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=430376   port_share_port = 0
Wed Jul 26 10:49:17 2017 us=430435   client = DISABLED
Wed Jul 26 10:49:17 2017 us=430495   pull = DISABLED
Wed Jul 26 10:49:17 2017 us=430555   auth_user_pass_file = '[UNDEF]'
Wed Jul 26 10:49:17 2017 us=430623 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 27 2017
Wed Jul 26 10:49:17 2017 us=430736 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Wed Jul 26 10:49:17 2017 us=431819 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Wed Jul 26 10:49:17 2017 us=433893 Diffie-Hellman initialized with 2048 bit key
Wed Jul 26 10:49:17 2017 us=436338 Control Channel Authentication: using '/etc/openvpn/easy-rsa/pki/ta.key' as a OpenVPN static key file
Wed Jul 26 10:49:17 2017 us=436522 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Jul 26 10:49:17 2017 us=436613 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Jul 26 10:49:17 2017 us=436701 TLS-Auth MTU parms [ L:1570 D:178 EF:78 EB:0 ET:0 EL:0 ]
Wed Jul 26 10:49:17 2017 us=436819 Socket Buffers: R=[163840->131072] S=[163840->131072]
Wed Jul 26 10:49:17 2017 us=438103 TUN/TAP device tun0 opened
Wed Jul 26 10:49:17 2017 us=438347 TUN/TAP TX queue length set to 100
Wed Jul 26 10:49:17 2017 us=438507 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Jul 26 10:49:17 2017 us=438663 /sbin/ip link set dev tun0 up mtu 1500
Wed Jul 26 10:49:17 2017 us=447358 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Wed Jul 26 10:49:17 2017 us=456225 Data Channel MTU parms [ L:1570 D:1450 EF:70 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jul 26 10:49:17 2017 us=460708 GID set to nogroup
Wed Jul 26 10:49:17 2017 us=461206 UID set to nobody
Wed Jul 26 10:49:17 2017 us=461429 UDPv4 link local (bound): [undef]
Wed Jul 26 10:49:17 2017 us=461659 UDPv4 link remote: [undef]
Wed Jul 26 10:49:17 2017 us=461793 MULTI: multi_init called, r=256 v=256
Wed Jul 26 10:49:17 2017 us=462428 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Wed Jul 26 10:49:17 2017 us=462739 Initialization Sequence Completed
Wed Jul 26 10:49:38 2017 us=310202 MULTI: multi_create_instance called
Wed Jul 26 10:49:38 2017 us=310820 {{[client's public IP}}:43058 Re-using SSL/TLS context
Wed Jul 26 10:49:38 2017 us=311177 {{[client's public IP}}:43058 LZO compression initialized
Wed Jul 26 10:49:38 2017 us=312485 {{[client's public IP}}:43058 Control Channel MTU parms [ L:1570 D:178 EF:78 EB:0 ET:0 EL:0 ]
Wed Jul 26 10:49:38 2017 us=312661 {{[client's public IP}}:43058 Data Channel MTU parms [ L:1570 D:1450 EF:70 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jul 26 10:49:38 2017 us=313094 {{[client's public IP}}:43058 Local Options String: 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Wed Jul 26 10:49:38 2017 us=313200 {{[client's public IP}}:43058 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Wed Jul 26 10:49:38 2017 us=313466 {{[client's public IP}}:43058 Local Options hash (VER=V4): '8a3b3cca'
Wed Jul 26 10:49:38 2017 us=313625 {{[client's public IP}}:43058 Expected Remote Options hash (VER=V4): '73e43c96'
Wed Jul 26 10:49:38 2017 us=313851 {{[client's public IP}}:43058 TLS: Initial packet from [AF_INET]{{[client's public IP}}:43058, sid=e5ff3d6a 0a3a6aa7
Wed Jul 26 10:49:39 2017 us=91478 {{[client's public IP}}:43058 VERIFY OK: depth=1, CN=ChangeMe
Wed Jul 26 10:49:39 2017 us=93722 {{[client's public IP}}:43058 VERIFY OK: depth=0, CN=nexus
Wed Jul 26 10:49:39 2017 us=347285 {{[client's public IP}}:43058 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Jul 26 10:49:39 2017 us=347504 {{[client's public IP}}:43058 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Jul 26 10:49:39 2017 us=347599 {{[client's public IP}}:43058 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Jul 26 10:49:39 2017 us=347686 {{[client's public IP}}:43058 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Jul 26 10:49:39 2017 us=396094 {{[client's public IP}}:43058 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Jul 26 10:49:39 2017 us=396287 {{[client's public IP}}:43058 [nexus] Peer Connection Initiated with [AF_INET]{{[client's public IP}}:43058
Wed Jul 26 10:49:39 2017 us=396432 nexus/{{[client's public IP}}:43058 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Wed Jul 26 10:49:39 2017 us=396665 nexus/{{[client's public IP}}:43058 MULTI: Learn: 10.8.0.2 -> nexus/{{[client's public IP}}:43058
Wed Jul 26 10:49:39 2017 us=396750 nexus/{{[client's public IP}}:43058 MULTI: primary virtual IP for nexus/{{[client's public IP}}:43058: 10.8.0.2
Wed Jul 26 10:49:39 2017 us=396963 nexus/{{[client's public IP}}:43058 PUSH: Received control message: 'PUSH_REQUEST'
Wed Jul 26 10:49:39 2017 us=397046 nexus/{{[client's public IP}}:43058 send_push_reply(): safe_cap=940
Wed Jul 26 10:49:39 2017 us=397196 nexus/{{[client's public IP}}:43058 SENT CONTROL [nexus]: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,route 10.8.0.0 255.255.255.0,route 192.168.0.0 255.255.255.0,dhcp-option DNS 192.168.0.72,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)
Wed Jul 26 10:49:53 2017 us=761548 nexus/{{[client's public IP}}:43058 MULTI: bad source address from client [192.168.1.122], packet dropped
Wed Jul 26 10:49:53 2017 us=761996 nexus/{{[client's public IP}}:43058 MULTI: bad source address from client [192.168.1.122], packet dropped
Wed Jul 26 10:50:10 2017 us=948195 nexus/{{[client's public IP}}:43058 MULTI: bad source address from client [192.168.1.122], packet dropped


client logs

Code: Select all

10:59:12015 - - OpenVPN Start
10:59:12019 - EVENT: CORE_THREAD_ACTIVE
10:59:12039 - Frame=512/2048/512 mssfix-ctrl=1250
10:59:12052 - UNUSED OPTIONS
4 [resoIv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
11 [verify-x509-name] [server] [name]
15 [verb] [4]

10:59:12052 - EVENT: RESOLVE
10:59:12492 - Contacting {{server public ip}}:1194 via UDP
10:59:12493 - EVENT: WAIT
10:59:12497 - Connecting to [{{server public address}}]:1194
(151.4245184) via UDPV4
10:59:12571 - EVENT: CONNECTING
10:59:12577 - Tunnel Options:V4,dev-type tun,link-mtu
1570,tun-mtu 1500,proto UDPV4,comp-lzo,keydir 1,cipher
AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method
2,tIs-client
10:59:12578 - Crede: UsernameEmpty/PasswordEmpty
10:59:12579 - Peer Info:
IV_GUI_VER=net.openvpn.connect.android 1.1.17-76
IV_VER=3.0.12
lV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1

10:59:13250 - VERIFY OK: depth=1
cert. version : 3
serial number : C7:AO:70:7A:DB:13:EO:D3
issuer name : CN=ChangeMe
subject name : CN=ChangeMe
issued on : 2017-07-15 12:20:00
expires on : 2027-07-13 12:20:00
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign

10:59:13250 - VERIFY OK: depth=0
cert. version : 3
serial number : 80:64:5C:39:C6:FC:
46:D6:84:01:C6:D5:65:36:8F:BD
issuer name : CN=ChangeMe
subject name : CN=server
issued on : 2017-07-15 12:20:30
expires on : 2027-07-13 12:20:30
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication

10:59:14009 - SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHAB84
10:59:14010 - Session is ACTIVE
10:59:14011 - EVENT: GET_CONFIG
10:59:14026 - Sending PUSH_REQUEST to server...
10:59:14059 - OPTIONS:
0 [route] [10.80.11 [255255255255]
1 [route] [10.80.01 [255.2552550]
2 [route] [192.168.001 [255.2552550]
3 [dhcp-option] [DNS] [192.168.0.72]
4 {redirect-gateway] [def1]
5 [route-gateway] [10.80.11
6 [topology] [subnet]
7 [ping] [10]
8 {ping-restart] [1201
9 [ifconfig] [10.80.21 [255.2552550]

10:59:14060 - PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA256
compress: LZO
peer ID: -1
10:59:14.061 - EVENT: ASSIGN_IP
10:59:14.099 - Connected via tun
10:59:14.100 - EVENT: CONNECTED info='@{{server address}}:1194 ({{server public IP}}) via /UDPv4 on tun/10.8.0.2/'
trans=TO_CONNECTED
10:59:14.105 - LZO-ASYM init swap=0 asym=0


Please let me know if this is helpful or something else is needed
Thanks for the help

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2695
Joined: Fri Jun 03, 2016 1:17 pm

Re: Unable to access internet from OpenVPN Client in Android only

Postby TinCanTech » Wed Jul 26, 2017 10:45 am

Please see:
HOWTO: Routing all client traffic (including web-traffic) through the VPN

Also,
    NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.

:arrow: Never use 192.168.0.0/24 or 192.168.1.0/24 (or other common subnets) for your OpenVPN Server LAN :!:

    You are advised to change your server LAN to a more unique RFC1918 compliant subnet.
    For example: 192.168.143.0/24

garras
OpenVpn Newbie
Posts: 3
Joined: Mon Jul 24, 2017 6:02 pm

Re: Unable to access internet from OpenVPN Client in Android only

Postby garras » Wed Jul 26, 2017 11:37 am

I've solved my issue. Turns out the PiVPN configuration was conflicting with my PiHole server,
my fault for not mentioning I had that running too,

Here's the solution I used:
https://github.com/pivpn/pivpn/issues/1 ... -264220615


Return to “Server Administration”

Who is online

Users browsing this forum: No registered users and 4 guests