Page 1 of 1

OpenVPN is connected, but cannot ping network devices from client

Posted: Sun Feb 21, 2021 8:54 pm
by DevGirl73
I am new to OpenVPN and I was going to setup a Raspberry Pi 4 to be my VPN. but then I realized that my router has OpenVPN server on it already. I set it up on my AN-300-RT-4L2W router according to these instructions: https://www.snapav.com/wcsstore/Extende ... NGuide.pdf
I used the AraknisDNS service for my DNS. When I connect from the client, I can see the client's Ip address on the account in the server, but I can't ping any network devices from the client and the internet passthrough is not working. Here are some of my environment details:
Server: Araknis Networks 300 Series Dual-WAN Gigabit VPN Router
Client: Windows 10 Home OS laptop & Android Galaxy S10

I haven't made any other changes to my router.

Re: OpenVPN is connected, but cannot ping network devices from client

Posted: Tue Feb 23, 2021 3:58 am
by DevGirl73
Ok... correction. I can't ping my computers running windows firewall. I can ping everything else. I really don't know what to open up or how. I'm really out of my element so could use some help.

I think this is another issue... maybe worth a different thread. Internet traffic on the client isn't using the VPN either. I don't know how to pull logs from the openVPN server or client. My server came installed on my router.

Re: OpenVPN is connected, but cannot ping network devices from client

Posted: Tue Feb 23, 2021 7:24 pm
by DevGirl73
I came in here to update that after turning my firewalls off on both the client and server briefly I was able to navigate to the shares on my Win10 desktop using the format of \\computername\share. I can also ssh to my Linux box so now I just have to figure out which firewall rules to change/add? I am clueless on that front. Any thoughts? I think I saw another thread with firewall rules in it. I'll search again.

The other issue I'm still having is that the client's internet connection is still not using the VPN. Is that a server or client issue? or both?
What do I do to route the internet traffic to the VPN?

Re: OpenVPN is connected, but cannot ping network devices from client

Posted: Tue Feb 23, 2021 7:39 pm
by TinCanTech
DevGirl73 wrote:
Tue Feb 23, 2021 7:24 pm
The other issue I'm still having is that the client's internet connection is still not using the VPN
Read you router manual and also the openvpn howto. Again!

Disable your client firewall for all testing.

Re: OpenVPN is connected, but cannot ping network devices from client

Posted: Thu Feb 25, 2021 2:41 pm
by DevGirl73
Thanks for your response, TinCanTech.

I feel like I've read that router manual ad nauseam, but I'll take some time to go through and read some more. It seems that you are saying the answer is there and I'm missing it. I learned about disabling my firewalls for testing the hard way. I'll be doing that while testing from now on & figure out the firewall rules after.

I keep thinking that this would probably be easier if I just used a raspberry pi as the OpenVpn server instead of the one that came installed on my router, but now that I've started down the rabbit hole I don't want to give up on it. I will go through more reading this weekend and if I find the solution I will post it here because I haven't found this specific issue on this forum & hopefully it will help someone else.

Onward! I'll be back...

Re: OpenVPN is connected, but cannot ping network devices from client

Posted: Thu Feb 25, 2021 4:13 pm
by TinCanTech
DevGirl73 wrote:
Thu Feb 25, 2021 2:41 pm
this would probably be easier if I just used a raspberry pi as the OpenVpn server
Probably.
DevGirl73 wrote:
Thu Feb 25, 2021 2:41 pm
instead of the one that came installed on my router, but now that I've started down the rabbit hole I don't want to give up on it
Then you need to learn how your router does it -- We don't support routers.
DevGirl73 wrote:
Sun Feb 21, 2021 8:54 pm
When I connect from the client, I can see the client's Ip address on the account in the server,
Does the account show as "Connected" ?
DevGirl73 wrote:
Sun Feb 21, 2021 8:54 pm
but I can't ping any network devices from the client and the internet passthrough is not working
This is what your router is supposed to do for you and they all do it differently ..

If you post your client log at --verb 4 I'll check if it looks ok.

Re: OpenVPN is connected, but cannot ping network devices from client

Posted: Mon Mar 01, 2021 12:41 am
by DevGirl73
I've made some progress. I can get to the shares behind my firewall using the OpenVPN client now. I was able to set the proper firewall settings. I'm using Windows Defender on a Win 10 Home computer. I followed the advice from this Stack Exchange post.
https://serverfault.com/questions/65197 ... es#tab-top
Basically, I added the VPN client's assigned subnet mask to all of the private profile rules for File and Printer Sharing.
TinCanTech wrote:
Thu Feb 25, 2021 4:13 pm
Read you router manual and also the openvpn howto. Again!
Ok, so I did that & aside from making me woefully embarrassed at not really reading the howto the first time, it made me realize that I need to add the push "redirect-gateway def1" directive in the server configuration file... which I don't think I have access to for OpenVPN on my router. :evil:
I may need to give up on that part. My main goal was connecting to my plex server from outside my network. If I have to continue to use my IpVanish VPN for internet use, I'm ok with that. Routing my internet traffic through OpenVPN would be nice, but ultimately not necessary.
TinCanTech wrote:
Thu Feb 25, 2021 4:13 pm
If you post your client log at --verb 4 I'll check if it looks ok.
I can do that... I learned it from the HowTo ;) Thanks for your help TinCanTech.

Code: Select all

2/27/2021, 11:13:06 PM OpenVPN core 3.git::662eae9a win x86_64 64-bit built on Oct 27 2020 12:49:07
⏎2/27/2021, 11:13:06 PM Frame=512/2048/512 mssfix-ctrl=1250
⏎2/27/2021, 11:13:06 PM UNUSED OPTIONS
5 [resolv-retry] [infinite] 
6 [nobind] 
7 [persist-key] 
8 [persist-tun] 
10 [verb] [4] 
⏎2/27/2021, 11:13:06 PM EVENT: RESOLVE ⏎2/27/2021, 11:13:06 PM EVENT: WAIT ⏎2/27/2021, 11:13:06 PM WinCommandAgent: transmitting bypass route to ***.***.***.***
{
	"host" : "***.***.***.***",
	"ipv6" : false
}

⏎2/27/2021, 11:13:06 PM Connecting to [thednsname.araknisdns.com]:1194 (***.***.***.***) via TCPv4
⏎2/27/2021, 11:13:06 PM EVENT: CONNECTING ⏎2/27/2021, 11:13:06 PM Tunnel Options:V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
⏎2/27/2021, 11:13:06 PM Creds: UsernameEmpty/PasswordEmpty
⏎2/27/2021, 11:13:06 PM Peer Info:
IV_VER=3.git::662eae9a
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
IV_GUI_VER=OCWindows_3.2.2-1455
IV_SSO=openurl

⏎2/27/2021, 11:13:07 PM SSL Handshake: CN=araknis, TLSv1, cipher SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
⏎2/27/2021, 11:13:07 PM Session is ACTIVE
⏎2/27/2021, 11:13:07 PM Sending PUSH_REQUEST to server...
⏎2/27/2021, 11:13:07 PM EVENT: GET_CONFIG ⏎2/27/2021, 11:13:07 PM OPTIONS:
0 [route] [192.168.1.0] [255.255.255.0] 
1 [route] [172.0.0.0] [255.255.255.0] 
2 [topology] [net30] 
3 [ping] [10] 
4 [ping-restart] [120] 
5 [ifconfig] [172.0.0.6] [172.0.0.5] 

⏎2/27/2021, 11:13:07 PM PROTOCOL OPTIONS:
  cipher: AES-128-CBC
  digest: SHA1
  compress: NONE
  peer ID: -1
⏎2/27/2021, 11:13:07 PM CAPTURED OPTIONS:
Session Name: thednsname.araknisdns.com
Layer: OSI_LAYER_3
Remote Address: ***.***.***.***
Tunnel Addresses:
  172.0.0.6/30 -> 172.0.0.5 [net30]
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
  192.168.1.0/24
  172.0.0.0/24
Exclude Routes:
DNS Servers:
Search Domains:

⏎2/27/2021, 11:13:07 PM EVENT: ASSIGN_IP ⏎2/27/2021, 11:13:07 PM SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
	"confirm_event" : "a013000000000000",
	"destroy_event" : "d813000000000000",
	"tun" : 
	{
		"adapter_domain_suffix" : "",
		"add_routes" : 
		[
			{
				"address" : "192.168.1.0",
				"gateway" : "",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 24
			},
			{
				"address" : "172.0.0.0",
				"gateway" : "",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 24
			}
		],
		"block_ipv6" : false,
		"layer" : 3,
		"mtu" : 0,
		"remote_address" : 
		{
			"address" : "***.***.***.***",
			"ipv6" : false
		},
		"reroute_gw" : 
		{
			"flags" : 256,
			"ipv4" : false,
			"ipv6" : false
		},
		"route_metric_default" : -1,
		"session_name" : "thednsname.araknisdns.com",
		"tunnel_address_index_ipv4" : 0,
		"tunnel_address_index_ipv6" : -1,
		"tunnel_addresses" : 
		[
			{
				"address" : "172.0.0.6",
				"gateway" : "172.0.0.5",
				"ipv6" : false,
				"metric" : -1,
				"net30" : true,
				"prefix_length" : 30
			}
		]
	},
	"wintun" : false
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{80609D91-786D-47C7-ADD5-723078B485D8}' index=11 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\.\Global\{80609D91-786D-47C7-ADD5-723078B485D8}.tap" SUCCEEDED
TAP-Windows Driver Version 9.24
ActionDeleteAllRoutesOnInterface iface_index=11
netsh interface ip set interface 11 metric=1
Ok.
netsh interface ip set address 11 static 172.0.0.6 255.255.255.252 gateway=172.0.0.5 store=active
IPHelper: add route 192.168.1.0/24 11 172.0.0.5 metric=-1
IPHelper: add route 172.0.0.0/24 11 172.0.0.5 metric=-1
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP handle: 9c17000000000000
⏎2/27/2021, 11:13:07 PM Connected via TUN_WIN
⏎2/27/2021, 11:13:07 PM EVENT: CONNECTED thednsname.araknisdns.com:1194 (***.***.***.***) via /TCPv4 on TUN_WIN/172.0.0.6/ gw=[172.0.0.5/]⏎

Re: OpenVPN is connected, but cannot ping network devices from client

Posted: Mon Mar 01, 2021 2:02 am
by TinCanTech
DevGirl73 wrote:
Mon Mar 01, 2021 12:41 am
realize that I need to add the push "redirect-gateway def1" directive in the server configuration file... which I don't think I have access to for OpenVPN on my router
I bet you do ..

However, you can probably add this to your client config and it does the same:

Code: Select all

redirect-gateway def1
No need to push from the server.
DevGirl73 wrote:
Mon Mar 01, 2021 12:41 am
2/27/2021, 11:13:06 PM OpenVPN core 3.git
Sorry, I don't support that version.

Use the one found here:
https://openvpn.net/community-downloads/