openvpn client connects to server but no internet

[mpro]

Hi
I have configured a openvpn client to connect to a comercial openvpn server.
The client connects but no internet
Can you help me?

Here's the log:


un Oct 6 14:04:31 2019 OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Oct 6 14:04:31 2019 library versions: OpenSSL 1.0.2t 10 Sep 2019, LZO 2.10
Sun Oct 6 14:04:32 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Oct 6 14:04:32 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Oct 6 14:04:32 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.201.69:1194
Sun Oct 6 14:04:32 2019 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Oct 6 14:04:32 2019 UDP link local: (not bound)
Sun Oct 6 14:04:32 2019 UDP link remote: [AF_INET]37.120.201.69:1194
Sun Oct 6 14:04:32 2019 TLS: Initial packet from [AF_INET]37.120.201.69:1194, sid=5cad6952 85a0fb95
Sun Oct 6 14:04:32 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 6 14:04:32 2019 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
Sun Oct 6 14:04:32 2019 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
Sun Oct 6 14:04:32 2019 VERIFY KU OK
Sun Oct 6 14:04:32 2019 Validating certificate extended key usage
Sun Oct 6 14:04:32 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Oct 6 14:04:32 2019 VERIFY EKU OK
Sun Oct 6 14:04:32 2019 VERIFY OK: depth=0, CN=it-mil-v020.prod.surfshark.com
Sun Oct 6 14:04:33 2019 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1581'
Sun Oct 6 14:04:33 2019 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Sun Oct 6 14:04:33 2019 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
Sun Oct 6 14:04:33 2019 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
Sun Oct 6 14:04:33 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Oct 6 14:04:33 2019 [it-mil-v020.prod.surfshark.com] Peer Connection Initiated with [AF_INET]37.120.201.69:1194
Sun Oct 6 14:04:34 2019 SENT CONTROL [it-mil-v020.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
Sun Oct 6 14:04:34 2019 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.4 255.255.255.0,peer-id 2,cipher AES-256-GCM'
Sun Oct 6 14:04:34 2019 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.4.5)
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Oct 6 14:04:34 2019 Socket Buffers: R=[163840->327680] S=[163840->327680]
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: route options modified
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: route-related options modified
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: peer-id set
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: adjusting link_mtu to 1624
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: data channel crypto options modified
Sun Oct 6 14:04:34 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Oct 6 14:04:34 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 6 14:04:34 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 6 14:04:34 2019 TUN/TAP device tun0 opened
Sun Oct 6 14:04:34 2019 TUN/TAP TX queue length set to 100
Sun Oct 6 14:04:34 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Oct 6 14:04:34 2019 /sbin/ifconfig tun0 10.8.8.4 netmask 255.255.255.0 mtu 1500 broadcast 10.8.8.255
Sun Oct 6 14:04:34 2019 /sbin/route add -net 37.120.201.69 netmask 255.255.255.255 gw 192.168.1.254
Sun Oct 6 14:04:34 2019 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Sun Oct 6 14:04:34 2019 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Sun Oct 6 14:04:34 2019 Initialization Sequence Completed
Sun Oct 6 14:05:19 2019 event_wait : Interrupted system call (code=4)
Sun Oct 6 14:05:19 2019 SIGTERM received, sending exit notification to peer
Sun Oct 6 14:05:20 2019 /sbin/route del -net 37.120.201.69 netmask 255.255.255.255
Sun Oct 6 14:05:20 2019 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Sun Oct 6 14:05:20 2019 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Sun Oct 6 14:05:20 2019 Closing TUN/TAP interface
Sun Oct 6 14:05:20 2019 /sbin/ifconfig tun0 0.0.0.0
Sun Oct 6 14:05:20 2019 SIGTERM[soft,exit-with-notification] received, process exiting

[TinCanTech]

Linux requires a script to change DNS servers.

Then add this to your client config:

Code: Select all

script-security 2
up /etc/openvpn/update-resolv-conf.sh
down  /etc/openvpn/update-resolv-conf.sh

The script should already be present, if not you can find it here:
https://github.com/alfredopalhares/open ... esolv-conf

As for accessing the internet over the VPN, we cannot help you with that,
please contact your service provider.

[mpro]

Hi TinCanTech
many tks for your answer

I'm runing openvpn in openwrt

That script runs in openwrt?
best regards

My tun0 interface

Type: Ethernet Adapter
Device: tun0
Connected: yes
MAC: 00:00:00:00:00:00
RX: 0 B (0 Pkts.)
TX: 27.92 KB (112 Pkts.)

tun0
Protocol: Unmanaged
Uptime: 0h 0m 10s
MAC: 00:00:00:00:00:00
RX: 0 B (0 Pkts.)
TX: 27.92 KB (112 Pkts.)

It sends but is not receiving (even with or without your proposed changes)

best regards