Connected, but can't access any server/site
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Feb 04, 2017 10:42 am
Connected, but can't access any server/site
I imported the conf files from my Windows PC (where OpenVPN (GUI) works). The only chnage I had to make was uncommenting the "fragment"-line.
On android (And 5.1.1, sMIUI) the VPN connection can be established (and I get an IP assigned) BUT neither from the borwser nor from the termux app I can ping/access any site neither by hostname nor ip.
My conf is as follows:
---------------
client
dev tun
resolv-retry infinite
nobind
hand-window 10
<connection>
remote <ip of openvpn server> 443 tcp
</connection>
persist-key
persist-tun
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
tls-remote <gw host name>
key-direction 1
<tls-auth>
...
</tls-auth>
cipher BF-CBC
verb 3
tun-mtu 1400
;fragment 1300
mssfix
no-replay
redirect-gateway def1
-------------
I also tried the settings from my Mac (OSX), which are as follows:
------------------
remote <ip of vpn server> 1194 udp
pull
tls-client
persist-key
;fragment 1300
redirect-gateway def1
nobind
persist-tun
comp-lzo
dev tun
tun-mtu 1400
hand-window 10
resolv-retry infinite
mssfix
no-replay
cipher BF-CBC
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
tls-remote <gw hostname>
key-direction 1
<tls-auth>
...
</tls-auth>
-----------------
Any help/advice appreciated
-Clemens
On android (And 5.1.1, sMIUI) the VPN connection can be established (and I get an IP assigned) BUT neither from the borwser nor from the termux app I can ping/access any site neither by hostname nor ip.
My conf is as follows:
---------------
client
dev tun
resolv-retry infinite
nobind
hand-window 10
<connection>
remote <ip of openvpn server> 443 tcp
</connection>
persist-key
persist-tun
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
tls-remote <gw host name>
key-direction 1
<tls-auth>
...
</tls-auth>
cipher BF-CBC
verb 3
tun-mtu 1400
;fragment 1300
mssfix
no-replay
redirect-gateway def1
-------------
I also tried the settings from my Mac (OSX), which are as follows:
------------------
remote <ip of vpn server> 1194 udp
pull
tls-client
persist-key
;fragment 1300
redirect-gateway def1
nobind
persist-tun
comp-lzo
dev tun
tun-mtu 1400
hand-window 10
resolv-retry infinite
mssfix
no-replay
cipher BF-CBC
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
tls-remote <gw hostname>
key-direction 1
<tls-auth>
...
</tls-auth>
-----------------
Any help/advice appreciated
-Clemens
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connected, but can't access any server/site
What about your server config and log files ?
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Feb 04, 2017 10:42 am
Re: Connected, but can't access any server/site
Thanks for the fast reply.
I can't access these easily...at least not on the weekend.
Again "OpenVPN Android" does connect. Also I have no problems with the OpenVPN connection from Windows (using OpenVPN GUI), nor from my Mac (using Viscoyity)
I can't access these easily...at least not on the weekend.
Again "OpenVPN Android" does connect. Also I have no problems with the OpenVPN connection from Windows (using OpenVPN GUI), nor from my Mac (using Viscoyity)
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Feb 04, 2017 10:42 am
Re: Connected, but can't access any server/site
Kernel IP routing table
192.168.15.152 being the IP I get assigend from the VPN server
Code: Select all
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.198.6.92 * 255.255.255.252 U 0 0 0 rmnet_data0
192.168.15.152 * 255.255.255.252 U 0 0 0 tun0
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connected, but can't access any server/site
It looks like you have not redirected your gateway.fx3000se wrote:the VPN connection can be established (and I get an IP assigned) BUT neither from the borwser nor from the termux app I can ping/access any site neither by hostname nor ip.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Feb 04, 2017 10:42 am
Re: Connected, but can't access any server/site
sorry for asking, but what exactly does that mean?It looks like you have not redirected your gateway.
Where/how would I have to do that?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Feb 04, 2017 10:42 am
Re: Connected, but can't access any server/site
Thanks for the link that I have read before
I do have
I do have
Code: Select all
redirect-gateway def1
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connected, but can't access any server/site
Yes but:
I suggest you post your client log.
this suggests it is not working properly.fx3000se wrote:Kernel IP routing table192.168.15.152 being the IP I get assigend from the VPN serverCode: Select all
$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.198.6.92 * 255.255.255.252 U 0 0 0 rmnet_data0 192.168.15.152 * 255.255.255.252 U 0 0 0 tun0
I suggest you post your client log.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Feb 04, 2017 10:42 am
Re: Connected, but can't access any server/site
where/how can I access the client log?
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Feb 04, 2017 10:42 am
Re: Connected, but can't access any server/site
found the "Log" menu option. I am seeing
Code: Select all
...
... -- TUN write error: write_some: Invalid argument
... -- Session invalidated: KEEPALIVE_TIMEOUT
... -- Client terminated, restaring in 2...
...
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connected, but can't access any server/site
You need to check your complete server log.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Feb 04, 2017 10:42 am
Re: Connected, but can't access any server/site
Unfortunately I had no chance to contact IT yet.
Nevertheless I'd like to ask whether certain UserAgents(e.g. mobiles) can be "filtered" serverside? But why then would it (let) connect at all?
Also (me not being netwrok-specialist):
what is "wrong" with my route output. How should it look?
Thanks
Nevertheless I'd like to ask whether certain UserAgents(e.g. mobiles) can be "filtered" serverside? But why then would it (let) connect at all?
Also (me not being netwrok-specialist):
what is "wrong" with my route output. How should it look?
Thanks