Can not access local resources / IOS 11.4 - Asus RT N66U

Post Reply
bedo02
OpenVpn Newbie
Posts: 8
Joined: Thu Aug 30, 2018 12:21 pm

Can not access local resources / IOS 11.4 - Asus RT N66U

Post by bedo02 » Thu Aug 30, 2018 12:32 pm

Hello,

since some time I can not access local ip addresses, only external, when connected via openvpn.

It works if I am connected via WIFI (external, for ex at mc donalds), but not if I am on 3G / LTE
It works for my Win10 laptop.

a Ping on the local IP from IOs works.

Any Idea what might be wrong?

Router Config:
https://photos.app.goo.gl/aPP7sVDV4QMPmCfH8

Code: Select all

client
dev tun
proto udp
remote my.remote.server.org 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>
resolv-retry infinite
nobind

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5006
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by TinCanTech » Thu Aug 30, 2018 4:06 pm

See your log files.

bedo02
OpenVpn Newbie
Posts: 8
Joined: Thu Aug 30, 2018 12:21 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by bedo02 » Thu Sep 13, 2018 2:33 pm

Sorry for the late reply I was abroad.

Log from the Mobile:

Code: Select all

2018-09-13 15:18:12 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Sep 4 2018 09:41:09

2018-09-13 15:18:12 Frame=512/2048/512 mssfix-ctrl=1250

2018-09-13 15:18:12 UNUSED OPTIONS
12 [resolv-retry] [infinite] 
13 [nobind] 

2018-09-13 15:18:12 EVENT: RESOLVE

2018-09-13 15:18:12 Contacting [178.113.107.76]:1194/UDP via UDP

2018-09-13 15:18:12 EVENT: WAIT

2018-09-13 15:18:12 Connecting to [atlantia.zapto.org]:1194 (178.113.107.76) via UDPv4

2018-09-13 15:18:13 EVENT: CONNECTING

2018-09-13 15:18:13 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client

2018-09-13 15:18:13 Creds: Username/Password

2018-09-13 15:18:13 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.1-770
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_BS64DL=1


2018-09-13 15:18:15 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, 
subject name : C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, 
issued on : 2015-06-27 13:49:38
expires on : 2025-06-24 13:49:38
signed using : RSA with SHA1
RSA key size : 1024 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication


2018-09-13 15:18:19 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA

2018-09-13 15:18:19 Session is ACTIVE

2018-09-13 15:18:19 EVENT: GET_CONFIG

2018-09-13 15:18:19 Sending PUSH_REQUEST to server...

2018-09-13 15:18:20 OPTIONS:
0 [route] [192.168.8.0] [255.255.255.0] [vpn_gateway] [500] 
1 [dhcp-option] [DNS] [192.168.8.1] 
2 [route] [192.168.6.1] 
3 [topology] [net30] 
4 [ping] [15] 
5 [ping-restart] [60] 
6 [ifconfig] [192.168.6.6] [192.168.6.5] 


2018-09-13 15:18:20 PROTOCOL OPTIONS:
cipher: BF-CBC
digest: SHA1
compress: LZO
peer ID: -1

2018-09-13 15:18:20 EVENT: ASSIGN_IP

2018-09-13 15:18:20 NIP: preparing TUN network settings

2018-09-13 15:18:20 NIP: init TUN network settings with endpoint: 178.113.107.76

2018-09-13 15:18:20 NIP: adding IPv4 address to network settings 192.168.6.6/255.255.255.252

2018-09-13 15:18:20 NIP: adding (included) IPv4 route 192.168.6.4/30

2018-09-13 15:18:20 NIP: adding (included) IPv4 route 192.168.8.0/24

2018-09-13 15:18:20 NIP: adding (included) IPv4 route 192.168.6.1/32

2018-09-13 15:18:20 NIP: adding DNS 192.168.8.1

2018-09-13 15:18:20 NIP: adding match domain ALL

2018-09-13 15:18:20 NIP: adding DNS specific routes:

2018-09-13 15:18:20 NIP: adding (included) IPv4 route 192.168.8.1/32

2018-09-13 15:18:20 Connected via NetworkExtensionTUN

2018-09-13 15:18:20 Per-Key Data Limit: 48000000/48000000

2018-09-13 15:18:20 LZO-ASYM init swap=0 asym=0

2018-09-13 15:18:20 EVENT: CONNECTED atlantia.zapto.org:1194 (178.113.107.76) via /UDPv4 on NetworkExtensionTUN/192.168.6.6/ gw=[/

and from the Router:

Code: Select all

Sep 13 15:18:13 openvpn[28792]: 89.144.208.221:19292 TLS: Initial packet from [AF_INET]89.144.208.221:19292 (via [AF_INET]192.168.10.2%eth0), sid=b846f650 2472b1b4
Sep 13 15:18:17 openvpn[28792]: 89.144.208.221:19292 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, 
Sep 13 15:18:17 openvpn[28792]: 89.144.208.221:19292 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, 
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 TLS: Username/Password authentication succeeded for username 'xxx' 
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 [client] Peer Connection Initiated with [AF_INET]89.144.208.221:19292 (via [AF_INET]192.168.10.2%eth0)
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 MULTI_sva: pool returned IPv4=192.168.6.6, IPv6=(Not enabled)
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 MULTI: Learn: 192.168.6.6 -> client/89.144.208.221:19292
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 MULTI: primary virtual IP for client/89.144.208.221:19292: 192.168.6.6
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 PUSH: Received control message: 'PUSH_REQUEST'
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 send_push_reply(): safe_cap=940
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.8.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.8.1,route 192.168.6.1,topology net30,ping 15,ping-restart 60,ifconfig 192.168.6.6 192.168.6.5' (status=1)
What shall I look for? If I type any 192.168.8.xxx address (for ex, NAS) This routing does not shows up in these log files.
I am getting authorized but can not access local IPs.

Thank you.
Last edited by bedo02 on Fri Sep 14, 2018 9:34 am, edited 1 time in total.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5006
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by TinCanTech » Thu Sep 13, 2018 2:59 pm

Your server log may also be of some use.

But your client log suggests everything is ok. What IP can you not ping ?

As for this:
bedo02 wrote:
Thu Aug 30, 2018 12:32 pm
It works if I am connected via WIFI (external, for ex at mc donalds), but not if I am on 3G / LTE
I do not know ..

bedo02
OpenVpn Newbie
Posts: 8
Joined: Thu Aug 30, 2018 12:21 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by bedo02 » Fri Sep 14, 2018 9:09 am

and from the Router:

Code: Select all

Sep 13 15:18:13 openvpn[28792]: 89.144.208.221:19292 TLS: Initial packet from [AF_INET]89.144.208.221:19292 (via [AF_INET]192.168.10.2%eth0), sid=b846f650 2472b1b4
Sep 13 15:18:17 openvpn[28792]: 89.144.208.221:19292 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, 
Sep 13 15:18:17 openvpn[28792]: 89.144.208.221:19292 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, 
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 TLS: Username/Password authentication succeeded for username 'xxx' 
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 [client] Peer Connection Initiated with [AF_INET]89.144.208.221:19292 (via [AF_INET]192.168.10.2%eth0)
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 MULTI_sva: pool returned IPv4=192.168.6.6, IPv6=(Not enabled)
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 MULTI: Learn: 192.168.6.6 -> client/89.144.208.221:19292
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 MULTI: primary virtual IP for client/89.144.208.221:19292: 192.168.6.6
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 PUSH: Received control message: 'PUSH_REQUEST'
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 send_push_reply(): safe_cap=940
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.8.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.8.1,route 192.168.6.1,topology net30,ping 15,ping-restart 60,ifconfig 192.168.6.6 192.168.6.5' (status=1)
What shall I look for? If I type any 192.168.8.xxx address (for ex, NAS) This routing does not shows up in these log files.
I am getting authorized but can not access local IPs.

Thank you.

bedo02
OpenVpn Newbie
Posts: 8
Joined: Thu Aug 30, 2018 12:21 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by bedo02 » Fri Sep 14, 2018 9:13 am

Yes sorry, I have posted 2 post, because I had some troubles with posting it in 1 posting, but it was not posted ? But I have posted now the router log in the post

I can ping any internal address. This is the strange part. I do not get the html sites. I have on the IP level my devices like : Smart Home Server, NAS, Network Printer, IP Cams, which I can not access via Browser. But Pinging them works.

bedo02
OpenVpn Newbie
Posts: 8
Joined: Thu Aug 30, 2018 12:21 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by bedo02 » Fri Sep 14, 2018 9:46 am

I just notice. My Client got the address:

2018-09-13 15:18:20 NIP: adding IPv4 address to network settings 192.168.6.6/255.255.255.252

Which by router settings are :
IP : 192.168.6.xxx - so OK
Netmask: 255.255.255.0 !!! and not 255.255.255.252 -> might this be the issue? And if, how to fix it?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5006
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by TinCanTech » Fri Sep 14, 2018 11:37 am

What IP addresses does the server have configured ?

bedo02
OpenVpn Newbie
Posts: 8
Joined: Thu Aug 30, 2018 12:21 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by bedo02 » Fri Sep 14, 2018 7:12 pm

Local network 192.168.8.1
and all the resources 192.168.8.xxx

VPN - 192.168.6.xxx

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5006
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by TinCanTech » Fri Sep 14, 2018 8:03 pm

Then the IP address 192.168.6.6 255.255.255.252 is correct.

See --topology in The Manual v24x

bedo02
OpenVpn Newbie
Posts: 8
Joined: Thu Aug 30, 2018 12:21 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by bedo02 » Sun Sep 23, 2018 4:33 am

any idea what might be wrong?


Sent from my iPhone using Tapatalk

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5006
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by TinCanTech » Sun Sep 23, 2018 11:16 am

bedo02 wrote:
Fri Sep 14, 2018 9:13 am
I can ping any internal address. This is the strange part. I do not get the html sites. I have on the IP level my devices like : Smart Home Server, NAS, Network Printer, IP Cams, which I can not access via Browser. But Pinging them works.
If you can ping them then your VPN is working.

If you mean "browser" as in http then make sure your devices support http.

If you mean "browser" as in "network browser" (Windows networking) then that does not work over a tunnel because a tunnel does not support broadcast packets.

See:
https://community.openvpn.net/openvpn/w ... wsBrowsing

bedo02
OpenVpn Newbie
Posts: 8
Joined: Thu Aug 30, 2018 12:21 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by bedo02 » Sun Sep 23, 2018 4:21 pm

This devices have an integrated http sever so, yes the can be accessed via internet browser (like chrome)

I can ping those devices on 3g and connected via vpn, but this devices are not accessible via internet browser (like chrome)

if i am connected via WIFI in a foreign network outside my house and I connect via vpn, then this devices respond also via web browser - mean i can call the each individual http web interface, by calling the IP like 193.168.8.111

and also i have no problems when i am at home - so in the “intranet”

the difference is in the 3g / wifi connection.




Sent from my iPhone using Tapatalk

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5006
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by TinCanTech » Sun Sep 23, 2018 5:18 pm

bedo02 wrote:
Sun Sep 23, 2018 4:21 pm
the difference is in the 3g / wifi connection
TinCanTech wrote:
Thu Sep 13, 2018 2:59 pm
As for this:
bedo02 wrote:
Thu Aug 30, 2018 12:32 pm
It works if I am connected via WIFI (external, for ex at mc donalds), but not if I am on 3G / LTE
I do not know ..
You can contact me privately if you want to [ tincanteksup <at> gmail ] .. maybe we can work together.

Post Reply