OpenVPN on DD-WRT: connected but no internet

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Mykwon
OpenVpn Newbie
Posts: 1
Joined: Fri Jun 01, 2012 1:34 am

OpenVPN on DD-WRT: connected but no internet

Post by Mykwon » Fri Jun 08, 2012 1:51 am

Hi,

This issue is driving me crazy for weeks now. I'm about to give up so I REALLY NEED HELP!
I'm using Hide My Ass as VPN provider.
I have been able to connect using the OpenVPN GUI in a snap. But I can't make it work on my DD-WRT router.

Even though I can connect easily and I don't see any errors or warnings, I don't have internet capability.
Pinging HMA server using IP works.
Pinging any other server using IP fails
Any nslookup fails (IP or name).

NTP is configured and working.
Disabling firewall conpletely didn't change anything.

I think ultimately router doesn't know how to route packets even though, the OpenVPN server clearly instructs the client to redirect all traffic through the tunnel.
Basically, if I look at /tmp/resolv.dnsmasq while connected, I don't see the OpenDNS entries so I suspect all packets go to the ISP DNS and nothing gets resolved.
I manually edited resolv.dnsmasq while on VPN and I can see that name is getting resolved (getting "Connecting to xxx" instead of "Looking up xxxx" like previously). Yet, DNS name gets resolved now but traffic doesn't go in the tunnel and packets are getting dropped ultimately. I don't know how to make the router redirect the packets through the tunnel as it should, or to normally use the tunnel DNS entries that were pushed without editing the resolv.dnsmasq manually.
That's how far I've been able to go and I hit a wall.

Again, I REALLY NEED HELP!

Below is the information I gathered. Let me know if you need anything else to help me.
A thousand of thanks in advance to whomever will unlock the situation and give me back my night sleep.

I'm using a Linksys E4200 v1.

-- Start DD-WRT version --
DD-WRT v24-sp2 (03/19/12) vpn
(SVN revision 18777)
-- End DD-WRT version --

-- Start NTP config --
NTP Client Enable
Time Zone UTC-05:00
Summer Time (DST) first Sun Apr - last Sun Oct
Server IP/Name 0.ca.pool.ntp.org
-- End client config --

-- Start client config --
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
management 127.0.0.1 5001
management-log-cache 50
verb 4
mute 5
log-append /var/log/openvpncl
writepid /var/log/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
mtu-disc yes
dev tun1
proto udp
cipher bf-cbc
auth sha1
remote 67.231.254.2 53
remote 208.53.158.105 53
remote 208.53.158.106 53
remote 208.53.158.107 53
remote 208.100.63.150 53
remote 208.100.63.151 53
remote 208.100.63.152 53
remote 199.192.204.146 53
remote 199.192.204.138 53
remote 64.120.46.242 53
remote 173.234.157.186 53
remote 108.62.233.138 53
remote 108.62.139.122 53
remote 108.62.138.242 53
remote 208.76.52.164 53
remote 208.76.52.174 53
remote 208.76.52.166 53
remote 216.155.152.132 53
remote 208.167.239.132 53
remote 208.167.231.132 53
remote 184.82.148.114 53
remote 184.82.167.66 53
remote 173.192.223.69 53
remote-random
tls-client
tun-mtu 1500
ns-cert-type server
fast-io
hand-window 60
keepalive 20 120
reneg-sec 0
auth-user-pass /tmp/openvpncl/userpass.conf
auth-nocache
-- End client config --

-- Start route-up.sh --
#!/bin/sh
iptables -I INPUT -i tun1 -j logaccept
iptables -I POSTROUTING -t nat -o tun1 -j MASQUERADE
startservice set_routes
-- End route-up.sh --

-- Start route-down.sh --
#!/bin/sh
iptables -D INPUT -i tun1 -j logaccept
iptables -D POSTROUTING -t nat -o tun1 -j MASQUERADE
-- End route-down.sh --

-- Start OpenVPN logs --
State Server: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: 10.200.5.1 Remote Address:

Status

Log Serverlog Clientlog 20120607 21:16:54 I OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] built on Mar 19 2012
20120607 21:16:54 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001
20120607 21:16:54 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120607 21:16:54 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120607 21:16:54 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120607 21:16:54 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
20120607 21:16:54 Local Options String: 'V4 dev-type tun link-mtu 1541 tun-mtu 1500 proto UDPv4 cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120607 21:16:54 Expected Remote Options String: 'V4 dev-type tun link-mtu 1541 tun-mtu 1500 proto UDPv4 cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120607 21:16:54 Local Options hash (VER=V4): '3514370b'
20120607 21:16:54 Expected Remote Options hash (VER=V4): '239669a8'
20120607 21:16:54 I UDPv4 link local: [undef]
20120607 21:16:54 I UDPv4 link remote: 208.53.158.106:53
20120607 21:16:54 TLS: Initial packet from 208.53.158.106:53 sid=2e08f94a e93daef9
20120607 21:16:54 VERIFY OK: depth=1 /C=UK/ST=NR/L=Attleborough/O=Hide_My_Ass__Pro/OU=VPN/CN=vpn.hidemyass.com/emailAddress=ca@hidemyass.com
20120607 21:16:54 VERIFY OK: nsCertType=SERVER
20120607 21:16:54 VERIFY OK: depth=0 /C=UK/ST=NR/L=Attleborough/O=Hide_My_Ass__Pro/OU=VPN/CN=server/emailAddress=vpn@hidemyass.com
20120607 21:16:56 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20120607 21:16:56 NOTE: --mute triggered...
20120607 21:16:56 4 variation(s) on previous 5 message(s) suppressed by --mute
20120607 21:16:56 I [server] Peer Connection Initiated with 208.53.158.106:53
20120607 21:16:58 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
20120607 21:16:58 PUSH: Received control message: 'PUSH_REPLY topology subnet route-gateway 10.200.4.1 dhcp-option DNS 208.67.222.222 dhcp-option DNS 208.67.220.220 ping 10 ping-restart 90 redirect-gateway def1 ifconfig 10.200.5.1 255.255.252.0'
20120607 21:16:58 OPTIONS IMPORT: timers and/or timeouts modified
20120607 21:16:58 OPTIONS IMPORT: --ifconfig/up options modified
20120607 21:16:58 OPTIONS IMPORT: route options modified
20120607 21:16:58 NOTE: --mute triggered...
20120607 21:16:58 2 variation(s) on previous 5 message(s) suppressed by --mute
20120607 21:16:58 I TUN/TAP device tun1 opened
20120607 21:16:58 TUN/TAP TX queue length set to 100
20120607 21:16:58 I /sbin/ifconfig tun1 10.200.5.1 netmask 255.255.252.0 mtu 1500 broadcast 10.200.7.255
20120607 21:16:58 /sbin/route add -net 208.53.158.106 netmask 255.255.255.255 gw 184.163.228.1
20120607 21:16:58 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.200.4.1
20120607 21:16:58 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.200.4.1
20120607 21:16:58 I Initialization Sequence Completed
20120607 21:17:59 MANAGEMENT: Client connected from 127.0.0.1:5001
20120607 21:17:59 D MANAGEMENT: CMD 'state'
20120607 21:17:59 MANAGEMENT: Client disconnected
20120607 21:17:59 MANAGEMENT: Client connected from 127.0.0.1:5001
20120607 21:17:59 D MANAGEMENT: CMD 'state'
20120607 21:17:59 MANAGEMENT: Client disconnected
20120607 21:17:59 MANAGEMENT: Client connected from 127.0.0.1:5001
20120607 21:17:59 D MANAGEMENT: CMD 'state'
20120607 21:17:59 MANAGEMENT: Client disconnected
20120607 21:17:59 MANAGEMENT: Client connected from 127.0.0.1:5001
20120607 21:17:59 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
-- End OpenVPN logs --

Post Reply