Getting varying results for the client on different networks

Post Reply
Cloudy_Brain
OpenVpn Newbie
Posts: 4
Joined: Wed Mar 25, 2015 10:49 am

Getting varying results for the client on different networks

Post by Cloudy_Brain » Thu Jul 27, 2017 3:03 am

Hi All,

So I'm away in a foreign country. My server back home is running debian stretch which hosts the latest OpenVPN Access server.

The problem I'm having is... when I'm moving around here from wifi to wifi, only some of them work nicely with my VPN.

So for example I could go to starbucks and join their wifi, connect to my access server at home and I'm able do everything you'd expect, ping other clients in my home lan and have all my data tunneled through my home network. fine...

However when I go back to the airbnb and connect to their wifi, I open my client > connect to my home LAN (Initialization Sequence Completed) but what's different here is that I can't ping or share with any of my home networks clients. I can't even ping the gateway at home. What's strange to me however is that when I go into chrome and check my ip online, it's showing as my home networks IP - so the tunnel is clearly working - but I can't see any of the devices on my home lan.

I can share what my client config looks like (see below) however I can't show you my servers config because as I sit here I can't connect to my server and grab it.

Client config:
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote my-home-ip 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
Terminal feedback:
sudo openvpn config.conf
Thu Jul 27 03:56:28 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Thu Jul 27 03:56:28 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Thu Jul 27 03:56:28 2017 Control Channel Authentication: tls-auth using INLINE static key file
Thu Jul 27 03:56:28 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 27 03:56:28 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 27 03:56:28 2017 Socket Buffers: R=[212992->200000] S=[212992->200000]
Thu Jul 27 03:56:28 2017 UDPv4 link local: [undef]
Thu Jul 27 03:56:28 2017 UDPv4 link remote: [AF_INET]151.229.251.234:1194
Thu Jul 27 03:56:28 2017 TLS: Initial packet from [AF_INET]151.229.251.234:1194, sid=83259475 3af43acb
Thu Jul 27 03:56:28 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jul 27 03:56:29 2017 VERIFY OK: depth=1, CN=OpenVPN CA
Thu Jul 27 03:56:29 2017 VERIFY OK: nsCertType=SERVER
Thu Jul 27 03:56:29 2017 VERIFY OK: depth=0, CN=OpenVPN Server
Thu Jul 27 03:56:29 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jul 27 03:56:29 2017 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Thu Jul 27 03:56:29 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 27 03:56:29 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jul 27 03:56:29 2017 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Thu Jul 27 03:56:29 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 27 03:56:29 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Thu Jul 27 03:56:29 2017 [OpenVPN Server] Peer Connection Initiated with [AF_INET]151.229.251.234:1194
Thu Jul 27 03:56:32 2017 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Thu Jul 27 03:56:32 2017 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-token SESS_ID,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 172.27.234.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 4.4.4.4,register-dns,block-ipv6,ifconfig 172.27.234.107 255.255.255.0'
Thu Jul 27 03:56:32 2017 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.3.10)
Thu Jul 27 03:56:32 2017 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.10)
Thu Jul 27 03:56:32 2017 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.10)
Thu Jul 27 03:56:32 2017 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:18: register-dns (2.3.10)
Thu Jul 27 03:56:32 2017 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.3.10)
Thu Jul 27 03:56:32 2017 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jul 27 03:56:32 2017 OPTIONS IMPORT: explicit notify parm(s) modified
Thu Jul 27 03:56:32 2017 OPTIONS IMPORT: LZO parms modified
Thu Jul 27 03:56:32 2017 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jul 27 03:56:32 2017 OPTIONS IMPORT: route options modified
Thu Jul 27 03:56:32 2017 OPTIONS IMPORT: route-related options modified
Thu Jul 27 03:56:32 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Jul 27 03:56:32 2017 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlp2s0 HWADDR=4c:80:93:b5:d5:47
Thu Jul 27 03:56:32 2017 TUN/TAP device tun0 opened
Thu Jul 27 03:56:32 2017 TUN/TAP TX queue length set to 100
Thu Jul 27 03:56:32 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Jul 27 03:56:32 2017 /sbin/ip link set dev tun0 up mtu 1500
Thu Jul 27 03:56:32 2017 /sbin/ip addr add dev tun0 172.27.234.107/24 broadcast 172.27.234.255
Thu Jul 27 03:56:37 2017 ROUTE remote_host is NOT LOCAL
Thu Jul 27 03:56:37 2017 /sbin/ip route add 151.229.251.234/32 via 192.168.1.254
Thu Jul 27 03:56:37 2017 /sbin/ip route add 0.0.0.0/1 via 172.27.234.1
Thu Jul 27 03:56:37 2017 /sbin/ip route add 128.0.0.0/1 via 172.27.234.1
Thu Jul 27 03:56:37 2017 Initialization Sequence Completed
ifconfig after Initialization Sequence Complete
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.27.234.108 P-t-P:172.27.234.108 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:1336 (1.3 KB)

wlp2s0 Link encap:Ethernet HWaddr 4c:80:93:b5:d5:47
inet addr:192.168.1.81 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::5e9f:6730:4269:1ce4/64 Scope:Link
inet6 addr: 2001:56a:7561:9900:ccf6:a280:a629:9b83/64 Scope:Global
inet6 addr: 2001:56a:7561:9900:9cd8:a87:10e9:eaa0/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:55759 errors:0 dropped:0 overruns:0 frame:0
TX packets:23474 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:63970289 (63.9 MB) TX bytes:4307127 (4.3 MB)
Help appreciated.

Cloudy_Brain
OpenVpn Newbie
Posts: 4
Joined: Wed Mar 25, 2015 10:49 am

Re: Getting varying results for the client on different networks

Post by Cloudy_Brain » Thu Jul 27, 2017 3:36 am

and here's a traceroute to google dns
traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 172.27.234.1 (172.27.234.1) 305.402 ms 305.318 ms 305.356 ms
2 * * *
3 192.168.0.1 (192.168.0.1) 305.491 ms 305.535 ms 305.547 ms
4 97e7fec2.skybroadband.com (151.231.254.194) 306.076 ms 306.110 ms 306.148 ms
5 be502.pr2.hobir.isp.sky.com (2.120.11.48) 305.386 ms 305.540 ms 305.622 ms
6 74.125.49.150 (74.125.49.150) 305.285 ms 317.299 ms 317.083 ms
7 108.170.246.129 (108.170.246.129) 316.686 ms * 108.170.246.225 (108.170.246.225) 316.660 ms
8 216.239.58.59 (216.239.58.59) 316.776 ms 209.85.244.241 (209.85.244.241) 316.384 ms 209.85.245.223 (209.85.245.223) 316.259 ms
9 google-public-dns-a.google.com (8.8.8.8) 316.332 ms 316.255 ms 315.923 ms
and a failing ping to a client on my home lan
ping 192.168.1.110
PING 192.168.1.110 (192.168.1.110) 56(84) bytes of data.
From 192.168.1.81 icmp_seq=1 Destination Host Unreachable
From 192.168.1.81 icmp_seq=2 Destination Host Unreachable
From 192.168.1.81 icmp_seq=3 Destination Host Unreachable
From 192.168.1.81 icmp_seq=4 Destination Host Unreachable
From 192.168.1.81 icmp_seq=5 Destination Host Unreachable
From 192.168.1.81 icmp_seq=6 Destination Host Unreachable
^C
--- 192.168.1.110 ping statistics ---
7 packets transmitted, 0 received, +6 errors, 100% packet loss, time 6183ms
pipe 4
I can go up the road to another WiFi, and try through that, and the ping will work just fine. The problem is probably staring me in the face but I can't see it! :(

novaflash
OpenVPN Expert
Posts: 440
Joined: Fri Apr 13, 2012 8:43 pm

Re: Getting varying results for the client on different networks

Post by novaflash » Thu Jul 27, 2017 7:54 am

Yeah the problem here is most likely that you're using 192.168.1.0/24 as a subnet. This is an extremely common subnet. Please re-IP your home network to something more unique and the problems shouldn't occur anymore.

Cloudy_Brain
OpenVpn Newbie
Posts: 4
Joined: Wed Mar 25, 2015 10:49 am

Re: Getting varying results for the client on different networks

Post by Cloudy_Brain » Thu Jul 27, 2017 2:54 pm

novaflash wrote:Yeah the problem here is most likely that you're using 192.168.1.0/24 as a subnet. This is an extremely common subnet. Please re-IP your home network to something more unique and the problems shouldn't occur anymore.
Ok thanks Nova, I wasn't aware of this. I'll change to a different subnet when I get home.

At least that gives me piece of mind that it's not something in my setup.

Post Reply