i.e. if I ping from my computer connected to the router's hotspot I have no internet access:
Code: Select all
[user@client ~]$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Destination Port Unreachable
I tried doing a factory reset on the router and then the following different methods:
a) copying the settings from the VPN providers ovpn file into the router's VPN settings
(openvpn connects but no internet)
b) default ovpn with username and password
(openvpn connects but no internet)
c) default ovpn but with the following two lines added:
Code: Select all
redirect-gateway def1
dhcp-option DNS 192.168.1.1
SSH into the router
But the router has internet access through the VPN tunnel because if I SSH into the router and ping the internet the pings are successful to both 1.1.1.1 and any website.
I know these requests are going through my VPN tunnel because
Code: Select all
curl ifconfig.me
Option (c) above seems preferable though because if I `curl ifconfig.me` but without the two redirect-gateway lines added to the ovpn config file, curl is not successful in returning an IP:
Code: Select all
curl: (6) Couldn't resolve host 'ifconfig.me'
Code: Select all
cat /proc/sys/net/ipv4/ip_forward
1
`"/etc/sysctl.d/10-default.conf"` contains the following line:
Code: Select all
net.ipv4.ip_forward=1
Because after all, this section in the router's GUI configuration is empty:
Network > Firewall > NAT Rules > Source NAT > "This section contains no values yet"
Im used to the NAT table in iptables having a rule resembling:
Code: Select all
iptables -t nat -A POSTROUTING -o [interface] -j MASQUERADE
Code: Select all
$ iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 98 packets, 5127 bytes)
pkts bytes target prot opt in out source destination
98 5127 prerouting_rule all -- any any anywhere anywhere /* !fw3: Custom prerouting rule chain */
98 5127 zone_lan_prerouting all -- br-lan any anywhere anywhere /* !fw3 */
0 0 zone_wan_prerouting all -- eth1 any anywhere anywhere /* !fw3 */
0 0 zone_wan_prerouting all -- wwan0 any anywhere anywhere /* !fw3 */
0 0 zone_wan_prerouting all -- qmimux0 any anywhere anywhere /* !fw3 */
0 0 zone_openvpn_prerouting all -- tun_+ any anywhere anywhere /* !fw3 */
Chain INPUT (policy ACCEPT 77 packets, 4035 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 14 packets, 909 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 28 packets, 1323 bytes)
pkts bytes target prot opt in out source destination
35 1749 postrouting_rule all -- any any anywhere anywhere /* !fw3: Custom postrouting rule chain */
21 840 zone_lan_postrouting all -- any br-lan anywhere anywhere /* !fw3 */
0 0 zone_wan_postrouting all -- any eth1 anywhere anywhere /* !fw3 */
0 0 zone_wan_postrouting all -- any wwan0 anywhere anywhere /* !fw3 */
7 426 zone_wan_postrouting all -- any qmimux0 anywhere anywhere /* !fw3 */
0 0 zone_openvpn_postrouting all -- any tun_+ anywhere anywhere /* !fw3 */
Chain postrouting_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain postrouting_openvpn_rule (1 references)
pkts bytes target prot opt in out source destination
Chain postrouting_rule (1 references)
pkts bytes target prot opt in out source destination
Chain postrouting_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_openvpn_rule (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_rule (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain zone_lan_postrouting (1 references)
pkts bytes target prot opt in out source destination
21 840 postrouting_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan postrouting rule chain */
Chain zone_lan_prerouting (1 references)
pkts bytes target prot opt in out source destination
98 5127 prerouting_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan prerouting rule chain */
Chain zone_openvpn_postrouting (1 references)
pkts bytes target prot opt in out source destination
0 0 postrouting_openvpn_rule all -- any any anywhere anywhere /* !fw3: Custom openvpn postrouting rule chain */
0 0 MASQUERADE all -- any any anywhere anywhere /* !fw3 */
Chain zone_openvpn_prerouting (1 references)
pkts bytes target prot opt in out source destination
0 0 prerouting_openvpn_rule all -- any any anywhere anywhere /* !fw3: Custom openvpn prerouting rule chain */
Chain zone_wan_postrouting (3 references)
pkts bytes target prot opt in out source destination
7 426 postrouting_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan postrouting rule chain */
7 426 MASQUERADE all -- any any anywhere anywhere /* !fw3 */
Chain zone_wan_prerouting (3 references)
pkts bytes target prot opt in out source destination
0 0 prerouting_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan prerouting rule chain */
Code: Select all
client
dev tun
proto udp
remote [VPN service provider] 1197
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-256-cbc
auth sha256
tls-client
remote-cert-tls server
auth-user-pass
compress
verb 1
reneg-sec 0
disable-occ
redirect-gateway def1
dhcp-option DNS 192.168.1.1
<crl-verify>
-----BEGIN X509 CRL-----
[text omitted]
-----END X509 CRL-----
</crl-verify>
<ca>
-----BEGIN CERTIFICATE-----
[text omitted]
-----END CERTIFICATE-----
</ca>