[Solved] dns_probe_finished_no_internet from android client

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Stay Puft Marshmallow Man
OpenVPN User
Posts: 24
Joined: Sun Feb 12, 2017 5:29 am

[Solved] dns_probe_finished_no_internet from android client

Post by Stay Puft Marshmallow Man » Sun Feb 12, 2017 5:45 am

I am a noob trying to figure out OpenVPN for my home security camera setup. I'll be running OpenVPN from a dedicated computer on my network. I have a 4 piece Eero router. I've been following this guide:
https://community.openvpn.net/openvpn/w ... dows_Guide

I finally got my Samsung S4 to connect to my computer from outside the network. But, when I am connected I can't access any web pages. Here are my config files:
server
server

port 1194

proto udp

dev tun

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key" # This file should be kept secret

dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

keepalive 10 120

tls-auth ta.key 0 # This file is secret

cipher AES-256-CBC

persist-key
persist-tun

status openvpn-status.log

verb 3

explicit-exit-notify 1
client
client

dev tun

proto udp

remote xxxx.ddns.net 1194

resolv-retry infinite

nobind

persist-key
persist-tun

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\jack-s4.crt"
key "C:\\Program Files\\OpenVPN\\config\\jack-s4.key"

remote-cert-tls server

tls-auth ta.key 1

cipher AES-256-CBC

verb 3

Stay Puft Marshmallow Man
OpenVPN User
Posts: 24
Joined: Sun Feb 12, 2017 5:29 am

Re: dns_probe_finished_no_internet from android client

Post by Stay Puft Marshmallow Man » Sun Feb 12, 2017 6:15 am

I forgot to mention I'm running Windows 10 on the server and temporarily disabled the windows firewall just to make sure it wasn't a firewall issue.

Stay Puft Marshmallow Man
OpenVPN User
Posts: 24
Joined: Sun Feb 12, 2017 5:29 am

Re: dns_probe_finished_no_internet from android client

Post by Stay Puft Marshmallow Man » Sun Feb 12, 2017 6:50 am

I am digging around and I think I need to enable ip forwarding. I am trying to follow these steps:
Start -> Right-click My Computer -> Manage
Services
Right-click Routing and Remote Access -> Properties -> Automatic
Right-click Routing and Remote Access -> Start

Next:

Control Panel
Network and Sharing Center
Local Area Connection
Properties
Sharing
Tick the box "Allow other network users to connect through this computer's Internet connection"
From the drop-down list select "Local Area Connection 2", or whatever is the connection name of your TAP server connection.

regedit

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value: IPEnableRouter
Type: REG_DWORD
Data: 0x00000001 (1)


I did everything except the part about the drop down list and selecting my TAP server connection. I can't find that drop down list. I checked the "Allow other network users to connect through this computer's Internet connection" then just hit ok. I never came across a drop down list.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: dns_probe_finished_no_internet from android client

Post by TinCanTech » Sun Feb 12, 2017 10:04 am

Stay Puft Marshmallow Man wrote:I did everything except the part about the drop down list and selecting my TAP server connection. I can't find that drop down list. I checked the "Allow other network users to connect through this computer's Internet connection" then just hit ok. I never came across a drop down list.
I do not believe you need this step in W10.

Try using Wireshark to determine what is happening on your server.

Stay Puft Marshmallow Man
OpenVPN User
Posts: 24
Joined: Sun Feb 12, 2017 5:29 am

Re: dns_probe_finished_no_internet from android client

Post by Stay Puft Marshmallow Man » Mon Feb 13, 2017 7:41 pm

I had to shut off the openvpn server service and restart the openvpn gui but I can now connect to my server from my phone remotely. I am also able to get google to work and do searches. However, that's as far as I can get. If I click on any links while browsing I get the same DNS probe finished error.

Stay Puft Marshmallow Man
OpenVPN User
Posts: 24
Joined: Sun Feb 12, 2017 5:29 am

Re: dns_probe_finished_no_internet from android client

Post by Stay Puft Marshmallow Man » Mon Feb 13, 2017 8:02 pm

Nevermind, I have no idea what is going on. I thought it was working last night after enabling ip forwarding and now it doesn't appear to be. I gotta go back to the drawing board and start over.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: dns_probe_finished_no_internet from android client

Post by TinCanTech » Tue Feb 14, 2017 2:37 pm

What DNS server do you use on your windows 10 machine ?

Stay Puft Marshmallow Man
OpenVPN User
Posts: 24
Joined: Sun Feb 12, 2017 5:29 am

Re: dns_probe_finished_no_internet from android client

Post by Stay Puft Marshmallow Man » Tue Feb 14, 2017 7:28 pm

I think this is my problem:
Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).

I think the problem is with my router. I have a 4 piece Eero and there is no way to modify the routing table. I was attempting to run OpenVPN on my always on Windows 10 machine to allow my phone access to my IP cameras as well as a secure method for accessing the internet when on public wifi. The windows 10 machine is behind the Eero as are all my IP cameras.

So I think I am under "Using routing and OpenVPN not running on the default gateway" of this guide: https://community.openvpn.net/openvpn/w ... AndRouting

I can't modify the routing table and I can't add routes on the LAN clients (IP cameras). So I believe my only to options are to either masquerade all traffic from the VPN clients (which appears to only be possible on a Linux server?) or switch from routing to bridging the OpenVPN server.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: dns_probe_finished_no_internet from android client

Post by TinCanTech » Tue Feb 14, 2017 7:52 pm

Stay Puft Marshmallow Man wrote: I believe my only to options are to either masquerade all traffic from the VPN clients (which appears to only be possible on a Linux server?)
Windows does the same if you set it up correctly .. and that is what you need.

Try:
viewtopic.php?f=7&t=7806

I still use that for pointers.

There are other examples as well.

Stay Puft Marshmallow Man
OpenVPN User
Posts: 24
Joined: Sun Feb 12, 2017 5:29 am

Re: dns_probe_finished_no_internet from android client

Post by Stay Puft Marshmallow Man » Wed Feb 15, 2017 12:47 am

I followed everything in that thread. I did all the changes in Windows... Routing and remote access...sharing the LAN connection...and the registry change.

Here are my server and client config files
server
port 1194
proto udp
dev tun
server 10.8.0.0 255.255.255.0

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"

keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC

persist-key
persist-tun

verb 3

explicit-exit-notify 1
client
client
dev tun
proto udp

remote XXX.ddns.net 1194

resolv-retry infinite
nobind

persist-key
persist-tun

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\jack-s4.crt"
key "C:\\Program Files\\OpenVPN\\config\\jack-s4.key"
remote-cert-tls server

tls-auth ta.key 1

cipher AES-256-CBC

verb 3
explicit-exit-notify 2
ping 10
ping-restart 60

route-method exe
route-delay 2


From my Samsung S4 connected via cell data I can ping the server on both it's 192.168.7.x ip and 10.8.0.1. But I can't ping any of my IP cameras or 8.8.8.8. I've read through the other example at the top of the forum page:
https://secure-computing.net/wiki/index ... PN/Routing

and it has a section addressing what I need to do:
https://secure-computing.net/wiki/index.php/Graph

But it says I need to add a route to my router, which I am unable to do, or to each client, which I am also unable to do.

I am assuming all 3 windows changes (Routing/remote access, sharing the LAN connection, and the Regedit) are the equivalent of masquerading on Linux. So if that's not working, there might be an issue with the way Eero handles this? Should I just try bridging the server instead?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: dns_probe_finished_no_internet from android client

Post by TinCanTech » Wed Feb 15, 2017 12:49 pm

Stay Puft Marshmallow Man wrote:I am assuming all 3 windows changes (Routing/remote access, sharing the LAN connection, and the Regedit) are the equivalent of masquerading on Linux. So if that's not working, there might be an issue with the way Eero handles this?
Sharing the LAN connection is supposed to enable NAT (a.k.a. masquerade) on your windows server ..

Either you have done something wrong or windows is being windows and not working because microsoft have bjorked something.

Try this:
https://community.openvpn.net/openvpn/wiki/NatHack
Stay Puft Marshmallow Man wrote:Should I just try bridging the server instead?
Stay Puft Marshmallow Man wrote:I finally got my Samsung S4 to connect to my computer from outside the network
--dev tap and phones generally do not work.

Stay Puft Marshmallow Man
OpenVPN User
Posts: 24
Joined: Sun Feb 12, 2017 5:29 am

Re: dns_probe_finished_no_internet from android client

Post by Stay Puft Marshmallow Man » Thu Feb 16, 2017 5:38 pm

Thank you TinCanTech for your help and patience. I was finally able to get it to work. I was running TeamViewer and it was preventing OpenVPN from working properly. I shut it down and I was able to access the other IPs on my local network.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: dns_probe_finished_no_internet from android client

Post by TinCanTech » Fri Feb 17, 2017 1:01 pm

That is not useful .. what does TeamViewer do that interferes with Openvpn ?

Stay Puft Marshmallow Man
OpenVPN User
Posts: 24
Joined: Sun Feb 12, 2017 5:29 am

Re: dns_probe_finished_no_internet from android client

Post by Stay Puft Marshmallow Man » Sat Feb 18, 2017 4:40 am

I am not sure exactly. TeamViewer is a remote desktop ap and I think it must have been interfering with the windows routing and remote access. If I connect to the server from a remote location via TeamViewer I can't then connect to the server from my phone and get access to the other devices on the LAN.

Stay Puft Marshmallow Man
OpenVPN User
Posts: 24
Joined: Sun Feb 12, 2017 5:29 am

Re: dns_probe_finished_no_internet from android client

Post by Stay Puft Marshmallow Man » Sat Feb 18, 2017 8:20 am

I don't know what happened but it stopped working again. I have no idea if Teamviewer had anything to do with it or not. It was working fine for the day and now I am back where I started. Today it was working fine with my windows firewall on. Now I have to turn off the firewall just to be able to ping the server both at it's 10.8.0.1 and its 192.xxx.x.x addresses from my S4 client. But even with the firewall off I can't ping anything else on my LAN or 8.8.8.8.

I installed OpenVPN on a new Windows 10 machine tonight and I am having the exact same issues.

Stay Puft Marshmallow Man
OpenVPN User
Posts: 24
Joined: Sun Feb 12, 2017 5:29 am

Re: dns_probe_finished_no_internet from android client

Post by Stay Puft Marshmallow Man » Sat Feb 18, 2017 8:02 pm

For some reason my Tap driver was set to "use the following IP address" and had an address in the 192.168.1.x range. I never set that but something filled it in. My router is on the 192.168.2.x and OpenVPN is 10.x.x.x. I changed it back to "Obtain an IP address automatically" and it is working again, even with the windows firewall back on.

Post Reply