Page 1 of 1

OpenVPN connects but not working in corporate network

Posted: Fri Feb 01, 2019 3:53 pm
by Gauk
Hi All,

We have a wifi at work which is restricted by some website blocking system, which is filtering porn and such. At home I have an ASUS RT-AC68U running openvpn server. On my android I use Open VPN Connect. It works fine everywhere else except at work.

First I tried the default settings and it would not connect. So I changed the port from 1194 to 11944 and now the app is connecting to the router, I can see the client showing up in the router clients list. But I cannot get any internet or home lan connection.

Here is a log from the app:

Code: Select all

15:23:26.093 -- ----- OpenVPN Start ----- 

 

15:23:26.095 -- EVENT: CORE_THREAD_ACTIVE 

 

15:23:26.106 -- Frame=512/2048/512 mssfix-ctrl=1250 

 

15:23:26.109 -- UNUSED OPTIONS 

5 [ncp-ciphers] [AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC]  

13 [resolv-retry] [infinite]  

14 [nobind]  

 

 

15:23:26.111 -- EVENT: RESOLVE 

 

15:23:26.119 -- Contacting 111.22.333.44:11944 via TCP 

 

15:23:26.122 -- EVENT: WAIT 

 

15:23:26.197 -- Connecting to [xxxx.asuscomm.com]:11944 (111.22.333.44) via TCPv4 

 

15:23:26.323 -- EVENT: CONNECTING 

 

15:23:26.329 -- Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client 

 

15:23:26.332 -- Creds: Username/Password 

 

15:23:26.335 -- Peer Info: 

IV_GUI_VER=OC30Android 

IV_VER=3.2 

IV_PLAT=android 

IV_NCP=2 

IV_TCPNL=1 

IV_PROTO=2 

IV_LZO=1 

IV_BS64DL=1 

 

 

15:23:26.597 -- VERIFY OK : depth=0 

cert. version     : 3 

serial number     : 01 

issuer name       : C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain 

subject name      : C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain 

issued  on        : 2014-10-19 20:19:11 

expires on        : 2024-10-16 20:19:11 

signed using      : RSA with SHA1 

RSA key size      : 1024 bits 

basic constraints : CA=false 

cert. type        : SSL Server 

key usage         : Digital Signature, Key Encipherment 

ext key usage     : TLS Web Server Authentication 

 

 

15:23:26.867 -- SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 

 

15:23:26.871 -- Session is ACTIVE 

 

15:23:26.872 -- EVENT: GET_CONFIG 

 

15:23:26.890 -- Sending PUSH_REQUEST to server... 

 

15:23:27.147 -- OPTIONS: 

0 [route] [192.168.1.0] [255.255.255.0] [vpn_gateway] [500]  

1 [dhcp-option] [DNS] [192.168.1.1]  

2 [redirect-gateway] [def1]  

3 [route-gateway] [10.8.0.1]  

4 [topology] [subnet]  

5 [ping] [15]  

6 [ping-restart] [60]  

7 [ifconfig] [10.8.0.2] [255.255.255.0]  

8 [peer-id] [0]  

9 [cipher] [AES-128-GCM]  

 

 

15:23:27.153 -- PROTOCOL OPTIONS: 

  cipher: AES-128-GCM 

  digest: SHA512 

  compress: LZO 

  peer ID: 0 

 

15:23:27.155 -- EVENT: ASSIGN_IP 

 

15:23:27.382 -- TunPersist: saving tun context: 

Session Name: xxxx.asuscomm.com 

Layer: OSI_LAYER_3 

Remote Address: 111.22.333.44 

Tunnel Addresses: 

  10.8.0.2/24 -> 10.8.0.1 

Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ] 

Block IPv6: no 

Add Routes: 

  192.168.1.0/24 [METRIC=500] 

Exclude Routes: 

DNS Servers: 

  192.168.1.1 

Search Domains: 

 

 

15:23:27.385 -- Connected via tun 

 

15:23:27.387 -- LZO-ASYM init swap=0 asym=0 

 

15:23:27.440 -- EVENT: CONNECTED info='username@xxxx.asuscomm.com:11944 (111.22.333.44) via /TCPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]' trans=TO_CONNECTED 

 

15:39:21.342 -- EVENT: DISCONNECTED trans=TO_DISCONNECTED 

 

15:39:21.381 -- EVENT: CORE_THREAD_INACTIVE 

 

15:39:21.383 -- Tunnel bytes per CPU second: 0 

 

15:39:21.384 -- ----- OpenVPN Stop ----- 
Any ideas how to fix this? because the exact same setup works fine outside of the work wifi. Thanks!

Re: OpenVPN connects but not working in corporate network

Posted: Fri Feb 01, 2019 5:56 pm
by TinCanTech
Ref: OpenVPN connects but not working in corporate network

Please contact your network administrator.

Re: OpenVPN connects but not working in corporate network

Posted: Sat Feb 02, 2019 7:08 am
by Gauk
TinCanTech wrote:
Fri Feb 01, 2019 5:56 pm
Ref: OpenVPN connects but not working in corporate network

Please contact your network administrator.
They are not going to help me. The interesting thing is that other VPN apps are working, such as TOR and vpnshield. So it looks like there is something wrong with the settings.

Re: OpenVPN connects but not working in corporate network

Posted: Sat Feb 02, 2019 2:50 pm
by TinCanTech
According to what you have posted your VPN is working and you are using redirect-gateway
So, you need to consult your router manual to find out how to setup your router to use OpenVPN
as a server. It is probably just a couple of switches in your router admin pages.

Re: OpenVPN connects but not working in corporate network

Posted: Thu Feb 07, 2019 2:03 pm
by Gauk
I tried multiple settings combinations. Nothing helps. This is frustrating, because other VPN apps on my phone are working fine.