Can not access local resources / IOS 11.4 - Asus RT N66U

Post Reply
bedo02
OpenVpn Newbie
Posts: 6
Joined: Thu Aug 30, 2018 12:21 pm

Can not access local resources / IOS 11.4 - Asus RT N66U

Post by bedo02 » Thu Aug 30, 2018 12:32 pm

Hello,

since some time I can not access local ip addresses, only external, when connected via openvpn.

It works if I am connected via WIFI (external, for ex at mc donalds), but not if I am on 3G / LTE
It works for my Win10 laptop.

a Ping on the local IP from IOs works.

Any Idea what might be wrong?

Router Config:
https://photos.app.goo.gl/aPP7sVDV4QMPmCfH8

Code: Select all

client
dev tun
proto udp
remote my.remote.server.org 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>
resolv-retry infinite
nobind

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4803
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by TinCanTech » Thu Aug 30, 2018 4:06 pm

See your log files.

bedo02
OpenVpn Newbie
Posts: 6
Joined: Thu Aug 30, 2018 12:21 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by bedo02 » Thu Sep 13, 2018 2:33 pm

Sorry for the late reply I was abroad.

Log from the Mobile:

Code: Select all

2018-09-13 15:18:12 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Sep 4 2018 09:41:09

2018-09-13 15:18:12 Frame=512/2048/512 mssfix-ctrl=1250

2018-09-13 15:18:12 UNUSED OPTIONS
12 [resolv-retry] [infinite] 
13 [nobind] 

2018-09-13 15:18:12 EVENT: RESOLVE

2018-09-13 15:18:12 Contacting [178.113.107.76]:1194/UDP via UDP

2018-09-13 15:18:12 EVENT: WAIT

2018-09-13 15:18:12 Connecting to [atlantia.zapto.org]:1194 (178.113.107.76) via UDPv4

2018-09-13 15:18:13 EVENT: CONNECTING

2018-09-13 15:18:13 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client

2018-09-13 15:18:13 Creds: Username/Password

2018-09-13 15:18:13 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.1-770
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_BS64DL=1


2018-09-13 15:18:15 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, 
subject name : C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, 
issued on : 2015-06-27 13:49:38
expires on : 2025-06-24 13:49:38
signed using : RSA with SHA1
RSA key size : 1024 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication


2018-09-13 15:18:19 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA

2018-09-13 15:18:19 Session is ACTIVE

2018-09-13 15:18:19 EVENT: GET_CONFIG

2018-09-13 15:18:19 Sending PUSH_REQUEST to server...

2018-09-13 15:18:20 OPTIONS:
0 [route] [192.168.8.0] [255.255.255.0] [vpn_gateway] [500] 
1 [dhcp-option] [DNS] [192.168.8.1] 
2 [route] [192.168.6.1] 
3 [topology] [net30] 
4 [ping] [15] 
5 [ping-restart] [60] 
6 [ifconfig] [192.168.6.6] [192.168.6.5] 


2018-09-13 15:18:20 PROTOCOL OPTIONS:
cipher: BF-CBC
digest: SHA1
compress: LZO
peer ID: -1

2018-09-13 15:18:20 EVENT: ASSIGN_IP

2018-09-13 15:18:20 NIP: preparing TUN network settings

2018-09-13 15:18:20 NIP: init TUN network settings with endpoint: 178.113.107.76

2018-09-13 15:18:20 NIP: adding IPv4 address to network settings 192.168.6.6/255.255.255.252

2018-09-13 15:18:20 NIP: adding (included) IPv4 route 192.168.6.4/30

2018-09-13 15:18:20 NIP: adding (included) IPv4 route 192.168.8.0/24

2018-09-13 15:18:20 NIP: adding (included) IPv4 route 192.168.6.1/32

2018-09-13 15:18:20 NIP: adding DNS 192.168.8.1

2018-09-13 15:18:20 NIP: adding match domain ALL

2018-09-13 15:18:20 NIP: adding DNS specific routes:

2018-09-13 15:18:20 NIP: adding (included) IPv4 route 192.168.8.1/32

2018-09-13 15:18:20 Connected via NetworkExtensionTUN

2018-09-13 15:18:20 Per-Key Data Limit: 48000000/48000000

2018-09-13 15:18:20 LZO-ASYM init swap=0 asym=0

2018-09-13 15:18:20 EVENT: CONNECTED atlantia.zapto.org:1194 (178.113.107.76) via /UDPv4 on NetworkExtensionTUN/192.168.6.6/ gw=[/

and from the Router:

Code: Select all

Sep 13 15:18:13 openvpn[28792]: 89.144.208.221:19292 TLS: Initial packet from [AF_INET]89.144.208.221:19292 (via [AF_INET]192.168.10.2%eth0), sid=b846f650 2472b1b4
Sep 13 15:18:17 openvpn[28792]: 89.144.208.221:19292 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, 
Sep 13 15:18:17 openvpn[28792]: 89.144.208.221:19292 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, 
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 TLS: Username/Password authentication succeeded for username 'xxx' 
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 [client] Peer Connection Initiated with [AF_INET]89.144.208.221:19292 (via [AF_INET]192.168.10.2%eth0)
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 MULTI_sva: pool returned IPv4=192.168.6.6, IPv6=(Not enabled)
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 MULTI: Learn: 192.168.6.6 -> client/89.144.208.221:19292
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 MULTI: primary virtual IP for client/89.144.208.221:19292: 192.168.6.6
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 PUSH: Received control message: 'PUSH_REQUEST'
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 send_push_reply(): safe_cap=940
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.8.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.8.1,route 192.168.6.1,topology net30,ping 15,ping-restart 60,ifconfig 192.168.6.6 192.168.6.5' (status=1)
What shall I look for? If I type any 192.168.8.xxx address (for ex, NAS) This routing does not shows up in these log files.
I am getting authorized but can not access local IPs.

Thank you.
Last edited by bedo02 on Fri Sep 14, 2018 9:34 am, edited 1 time in total.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4803
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by TinCanTech » Thu Sep 13, 2018 2:59 pm

Your server log may also be of some use.

But your client log suggests everything is ok. What IP can you not ping ?

As for this:
bedo02 wrote:
Thu Aug 30, 2018 12:32 pm
It works if I am connected via WIFI (external, for ex at mc donalds), but not if I am on 3G / LTE
I do not know ..

bedo02
OpenVpn Newbie
Posts: 6
Joined: Thu Aug 30, 2018 12:21 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by bedo02 » Fri Sep 14, 2018 9:09 am

and from the Router:

Code: Select all

Sep 13 15:18:13 openvpn[28792]: 89.144.208.221:19292 TLS: Initial packet from [AF_INET]89.144.208.221:19292 (via [AF_INET]192.168.10.2%eth0), sid=b846f650 2472b1b4
Sep 13 15:18:17 openvpn[28792]: 89.144.208.221:19292 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, 
Sep 13 15:18:17 openvpn[28792]: 89.144.208.221:19292 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, 
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 TLS: Username/Password authentication succeeded for username 'xxx' 
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
Sep 13 15:18:19 openvpn[28792]: 89.144.208.221:19292 [client] Peer Connection Initiated with [AF_INET]89.144.208.221:19292 (via [AF_INET]192.168.10.2%eth0)
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 MULTI_sva: pool returned IPv4=192.168.6.6, IPv6=(Not enabled)
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 MULTI: Learn: 192.168.6.6 -> client/89.144.208.221:19292
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 MULTI: primary virtual IP for client/89.144.208.221:19292: 192.168.6.6
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 PUSH: Received control message: 'PUSH_REQUEST'
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 send_push_reply(): safe_cap=940
Sep 13 15:18:19 openvpn[28792]: client/89.144.208.221:19292 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.8.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.8.1,route 192.168.6.1,topology net30,ping 15,ping-restart 60,ifconfig 192.168.6.6 192.168.6.5' (status=1)
What shall I look for? If I type any 192.168.8.xxx address (for ex, NAS) This routing does not shows up in these log files.
I am getting authorized but can not access local IPs.

Thank you.

bedo02
OpenVpn Newbie
Posts: 6
Joined: Thu Aug 30, 2018 12:21 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by bedo02 » Fri Sep 14, 2018 9:13 am

Yes sorry, I have posted 2 post, because I had some troubles with posting it in 1 posting, but it was not posted ? But I have posted now the router log in the post

I can ping any internal address. This is the strange part. I do not get the html sites. I have on the IP level my devices like : Smart Home Server, NAS, Network Printer, IP Cams, which I can not access via Browser. But Pinging them works.

bedo02
OpenVpn Newbie
Posts: 6
Joined: Thu Aug 30, 2018 12:21 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by bedo02 » Fri Sep 14, 2018 9:46 am

I just notice. My Client got the address:

2018-09-13 15:18:20 NIP: adding IPv4 address to network settings 192.168.6.6/255.255.255.252

Which by router settings are :
IP : 192.168.6.xxx - so OK
Netmask: 255.255.255.0 !!! and not 255.255.255.252 -> might this be the issue? And if, how to fix it?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4803
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by TinCanTech » Fri Sep 14, 2018 11:37 am

What IP addresses does the server have configured ?

bedo02
OpenVpn Newbie
Posts: 6
Joined: Thu Aug 30, 2018 12:21 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by bedo02 » Fri Sep 14, 2018 7:12 pm

Local network 192.168.8.1
and all the resources 192.168.8.xxx

VPN - 192.168.6.xxx

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4803
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can not access local resources / IOS 11.4 - Asus RT N66U

Post by TinCanTech » Fri Sep 14, 2018 8:03 pm

Then the IP address 192.168.6.6 255.255.255.252 is correct.

See --topology in The Manual v24x

Post Reply