Fix google cloud print through a mobile hotspot

[argyrg]

First post from a confused individual...

Hope someone can help, please

I'm trying to get openvpn working to test a possible solution to a problem with using google cloud print with classic printers when using the connection of a mobile phone hotspot rather than a conventional wifi / ethernet connection through a local router.

I can print to my printer when it's connected via USB to the computer (Raspberry Pi 3 B+) by either ethernet or wifi, but, if I switch the Pi's wifi connection to my mobile phone (which is my ultimate objective) then I can no longer print because the printer shows as being offline. Searches on this subject suggest that my service provider (Vodafone UK) might be the cause of this and other's suggest that a VPN might fix it. I'm hoping that a VPN will fix it because I'm looking for a fix that will be mobile network independent.

My set up is Raspberry Pi 3 B+ running the latest version of Raspbian Desktop (stretch).

I have a Hetzner cloud server on which I installed openvpn using this as a reference and which ran very smoothly.

https://github.com/angristan/openvpn-install

I didn't modify anything, I just installed and configured the openvpn server using the relevant and correct details.

I then followed this to install and access openvpn as a client on my Pi

https://pchelp.ricmedia.com/connect-vpn-using-openvpn-ubuntu-debian/

So far so good. I then copied the ovpn file for my account from the server to the client and ran sudo openvpn --config /etc/openvpn/me.ovpn which stopped at the line which says "Initialization Sequence Completed" which I understand means that everything is working and ready to use without any errors (I had to comment out one line which was causing a "block-outside-dns" error).

I'm pretty sure that the issue I am facing is DNS related because when I attempt to access the internet through the Pi I can not browse to a website. I can get ping responses from an IP address but not a domain name and I can ssh from my windows 7 laptop to the Pi but I can not resolve an IP address.

So far I'm testing the vpn using my wifi connection, not the mobile phone hotspot.
I've used
sudo systemd-resolve --status
which shows

Global
DNS Servers: 212.159.6.10
212.159.6.9
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test

Link 8 (tun0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no

Link 3 (wlan0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no

Link 2 (eth0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no

and I've tried changing my UK Plusnet DNS IP Addresses to Google's 8.8.8.8 and 8.8.4.4 without any change in my ability to browse.

So, I'm hoping that someone out there in vpn-land can help me to understand, and fix, whatever it is that I am missing.

To summarise, my aim is to have my raspberry pi endpoints use the openvpn server to traverse the internet connection which I provide through my mobile phone in the hope that this will enable google cloud print to operate correctly with my classic printer.

Many thanks in anticipation

argyrg

Sat Mar 2 11:13:15 2019 OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018
Sat Mar 2 11:13:15 2019 library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.08
Sat Mar 2 11:13:15 2019 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sat Mar 2 11:13:15 2019 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Mar 2 11:13:15 2019 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sat Mar 2 11:13:15 2019 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Mar 2 11:13:15 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]159.69.7.156:1194
Sat Mar 2 11:13:15 2019 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sat Mar 2 11:13:15 2019 UDP link local: (not bound)
Sat Mar 2 11:13:15 2019 UDP link remote: [AF_INET]159.69.7.156:1194
Sat Mar 2 11:13:15 2019 TLS: Initial packet from [AF_INET]159.69.7.156:1194, sid=0f4f1537 5ac6cd9b
Sat Mar 2 11:13:15 2019 VERIFY OK: depth=1, CN=cn_W0ulBoBQjyXgMUEw
Sat Mar 2 11:13:15 2019 Validating certificate key usage
Sat Mar 2 11:13:15 2019 ++ Certificate has key usage 00a0, expects 00a0
Sat Mar 2 11:13:15 2019 VERIFY KU OK
Sat Mar 2 11:13:15 2019 Validating certificate extended key usage
Sat Mar 2 11:13:15 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Mar 2 11:13:15 2019 VERIFY EKU OK
Sat Mar 2 11:13:15 2019 VERIFY X509NAME OK: CN=server_baOUcI0m0z2674zq
Sat Mar 2 11:13:15 2019 VERIFY OK: depth=0, CN=server_baOUcI0m0z2674zq
Sat Mar 2 11:13:16 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES128-GCM-SHA256
Sat Mar 2 11:13:16 2019 [server_baOUcI0m0z2674zq] Peer Connection Initiated with [AF_INET]159.69.7.156:1194
Sat Mar 2 11:13:17 2019 SENT CONTROL [server_baOUcI0m0z2674zq]: 'PUSH_REQUEST' (status=1)
Sat Mar 2 11:13:17 2019 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 1,cipher AES-128-GCM'
Sat Mar 2 11:13:17 2019 OPTIONS IMPORT: timers and/or timeouts modified
Sat Mar 2 11:13:17 2019 OPTIONS IMPORT: --ifconfig/up options modified
Sat Mar 2 11:13:17 2019 OPTIONS IMPORT: route options modified
Sat Mar 2 11:13:17 2019 OPTIONS IMPORT: route-related options modified
Sat Mar 2 11:13:17 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Mar 2 11:13:17 2019 OPTIONS IMPORT: peer-id set
Sat Mar 2 11:13:17 2019 OPTIONS IMPORT: adjusting link_mtu to 1624
Sat Mar 2 11:13:17 2019 OPTIONS IMPORT: data channel crypto options modified
Sat Mar 2 11:13:17 2019 Data Channel Encrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
Sat Mar 2 11:13:17 2019 Data Channel Decrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
Sat Mar 2 11:13:17 2019 ROUTE_GATEWAY 192.168.255.1/255.255.255.0 IFACE=wlan0 HWADDR=b8:27:eb:5c:71:46
Sat Mar 2 11:13:17 2019 TUN/TAP device tun0 opened
Sat Mar 2 11:13:17 2019 TUN/TAP TX queue length set to 100
Sat Mar 2 11:13:17 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Mar 2 11:13:17 2019 /sbin/ip link set dev tun0 up mtu 1500
Sat Mar 2 11:13:17 2019 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Sat Mar 2 11:13:17 2019 /sbin/ip route add 159.69.7.156/32 via 192.168.255.1
Sat Mar 2 11:13:17 2019 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Sat Mar 2 11:13:17 2019 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Sat Mar 2 11:13:17 2019 Initialization Sequence Completed