HTTP traffic doesn't work while connected via VPN

Samples of working configurations.
Locked
sirchango
OpenVpn Newbie
Posts: 2
Joined: Sun Aug 23, 2015 8:05 pm

HTTP traffic doesn't work while connected via VPN

Post by sirchango » Sun Aug 23, 2015 9:45 pm

Hi guys,

I am new to this field of OpenVPN so please take into account while reading mypost. I followed Mel Grubb post step by step on how to setup openVPN server on a RaspberryPi https://melgrubb.wordpress.com/2014/08/ ... openvpn-2/. I can connect without any problem but there two problems that I could not figure out by myself.
The first is redirecting all traffic through the VPN (I either connecting using my smartphone or via laptop).
The second is that I cannot access web pages that lives in my local network when accessing it via VPN - this gets more peculiar since I am able to connect via SSH to machines in my local network over the VPN connection. I ran tcpdump on the RaspberryPi which functions as the OpenVPN server and I can the 3-steps handshake completed followed by few "ACK"s and then a "FIN,ACK" request is sent to the web server from the address used to masqarde the VPN traffic in my local network.

Regargin the first issue - there is lots of information out there but I tried it all and it didn't help - it is most likely I am missing something or I am doing something wrong and this led me into writing this post.

Below is my configuration.
My server configuration:

Code: Select all

local 192.168.11.97 # YOUR PI'S IP ADDRESS
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.11.0 255.255.255.0" # YOUR PI'S IP SUBNET
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 192.168.11.1" # YOUR ROUTER'S IP ADDRESS
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 9
My client configuration:

Code: Select all

client
dev tun
proto udp
remote My_Server_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
<ca>
-----BEGIN CERTIFICATE-----
CA certificate goes here
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
Server certificate goes here
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,8E8C76655EAEAB42

Private Key goes here.
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
Static key goes here
-----END OpenVPN Static key V1-----
</tls-auth>
I used the following command to configure my OpenVPN server to masqurade behhind its IP address all traffic generated by VPN clients:

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.11.97
The routing table of a machine in my local network looks like this:

Code: Select all

===========================================================================
Interface List
 13...64 31 50 20 4e c9 ......Intel(R) 82567LM-3 Gigabit Network Connection
  3...cc e1 d5 29 ae 8e ......Microsoft Wi-Fi Direct Virtual Adapter #2
  5...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
  2...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
 29...00 ff 08 6e bc 94 ......TAP-Windows Adapter V9
 10...cc e1 d5 29 ae 8e ......BUFFALO WI-U2-433DM Wireless LAN Adapter
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 28...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 33...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.11.1   192.168.11.107     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.11.0    255.255.255.0         On-link    192.168.11.107    281
   192.168.11.107  255.255.255.255         On-link    192.168.11.107    281
   192.168.11.255  255.255.255.255         On-link    192.168.11.107    281
     192.168.24.0    255.255.255.0         On-link      192.168.24.1    276
     192.168.24.1  255.255.255.255         On-link      192.168.24.1    276
   192.168.24.255  255.255.255.255         On-link      192.168.24.1    276
    192.168.218.0    255.255.255.0         On-link     192.168.218.1    276
    192.168.218.1  255.255.255.255         On-link     192.168.218.1    276
  192.168.218.255  255.255.255.255         On-link     192.168.218.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.11.107    281
        224.0.0.0        240.0.0.0         On-link     192.168.218.1    276
        224.0.0.0        240.0.0.0         On-link      192.168.24.1    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.11.107    281
  255.255.255.255  255.255.255.255         On-link     192.168.218.1    276
  255.255.255.255  255.255.255.255         On-link      192.168.24.1    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 28    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 28    306 2001::/32                On-link
 28    306 2001:0:9d38:6ab8:28b1:3c98:3f57:f494/128
                                    On-link
  5    276 fe80::/64                On-link
  2    276 fe80::/64                On-link
 28    306 fe80::/64                On-link
 28    306 fe80::28b1:3c98:3f57:f494/128
                                    On-link
  2    276 fe80::548f:66c8:eb73:8894/128
                                    On-link
  5    276 fe80::881c:a46c:6437:3df2/128
                                    On-link
  1    306 ff00::/8                 On-link
 28    306 ff00::/8                 On-link
  5    276 ff00::/8                 On-link
  2    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
The routing table of client connected to the OpenVPN server looks like this:

Code: Select all

===========================================================================
Interface List
 13...64 31 50 20 4e c9 ......Intel(R) 82567LM-3 Gigabit Network Connection
  3...cc e1 d5 29 ae 8e ......Microsoft Wi-Fi Direct Virtual Adapter #2
  5...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
  2...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
 29...00 ff 08 6e bc 94 ......TAP-Windows Adapter V9
 10...cc e1 d5 29 ae 8e ......BUFFALO WI-U2-433DM Wireless LAN Adapter
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 28...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 33...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.43.1    192.168.43.86     25
          0.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     20
    5.102.222.130  255.255.255.255     192.168.43.1    192.168.43.86     25
         10.8.0.0    255.255.255.0         10.8.0.5         10.8.0.6     20
         10.8.0.1  255.255.255.255         10.8.0.5         10.8.0.6     20
         10.8.0.4  255.255.255.252         On-link          10.8.0.6    276
         10.8.0.6  255.255.255.255         On-link          10.8.0.6    276
         10.8.0.7  255.255.255.255         On-link          10.8.0.6    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     20
     192.168.11.0    255.255.255.0         10.8.0.5         10.8.0.6     20
     192.168.24.0    255.255.255.0         On-link      192.168.24.1    276
     192.168.24.1  255.255.255.255         On-link      192.168.24.1    276
   192.168.24.255  255.255.255.255         On-link      192.168.24.1    276
     192.168.43.0    255.255.255.0         On-link     192.168.43.86    281
    192.168.43.86  255.255.255.255         On-link     192.168.43.86    281
   192.168.43.255  255.255.255.255         On-link     192.168.43.86    281
    192.168.218.0    255.255.255.0         On-link     192.168.218.1    276
    192.168.218.1  255.255.255.255         On-link     192.168.218.1    276
  192.168.218.255  255.255.255.255         On-link     192.168.218.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.43.86    281
        224.0.0.0        240.0.0.0         On-link     192.168.218.1    276
        224.0.0.0        240.0.0.0         On-link      192.168.24.1    276
        224.0.0.0        240.0.0.0         On-link          10.8.0.6    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.43.86    281
  255.255.255.255  255.255.255.255         On-link     192.168.218.1    276
  255.255.255.255  255.255.255.255         On-link      192.168.24.1    276
  255.255.255.255  255.255.255.255         On-link          10.8.0.6    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 28    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 28    306 2001::/32                On-link
 28    306 2001:0:9d38:6ab8:ce0:2278:f5f7:fff9/128
                                    On-link
  5    276 fe80::/64                On-link
  2    276 fe80::/64                On-link
 29    276 fe80::/64                On-link
 28    306 fe80::/64                On-link
 28    306 fe80::ce0:2278:f5f7:fff9/128
                                    On-link
 29    276 fe80::4c8b:5ae7:c99c:2aab/128
                                    On-link
  2    276 fe80::548f:66c8:eb73:8894/128
                                    On-link
  5    276 fe80::881c:a46c:6437:3df2/128
                                    On-link
  1    306 ff00::/8                 On-link
 28    306 ff00::/8                 On-link
  5    276 ff00::/8                 On-link
  2    276 ff00::/8                 On-link
 29    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
Logs from server (I was trying to access with a VPN client a web server on 192.168.11.99):

Code: Select all

Sun Aug 23 21:16:48 2015 us=541566 MULTI: multi_create_instance called
Sun Aug 23 21:16:48 2015 us=542189 37.26.149.251:4808 Re-using SSL/TLS context
Sun Aug 23 21:16:48 2015 us=542439 37.26.149.251:4808 LZO compression initialized
Sun Aug 23 21:16:48 2015 us=543780 37.26.149.251:4808 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Aug 23 21:16:48 2015 us=543957 37.26.149.251:4808 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Aug 23 21:16:48 2015 us=544239 37.26.149.251:4808 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Sun Aug 23 21:16:48 2015 us=544393 37.26.149.251:4808 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Sun Aug 23 21:16:48 2015 us=544572 37.26.149.251:4808 Local Options hash (VER=V4): 'a2e63101'
Sun Aug 23 21:16:48 2015 us=544703 37.26.149.251:4808 Expected Remote Options hash (VER=V4): '272f1b58'
RSun Aug 23 21:16:48 2015 us=545001 37.26.149.251:4808 TLS: Initial packet from [AF_INET]37.26.149.251:4808, sid=bf04a963 cc193aaf
WRRWRWRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRSun Aug 23 21:16:49 2015 us=698554 37.26.149.251:4808 VERIFY OK: depth=1, /C=**/ST=*****/L=******/O=Home/OU=********/CN=********/name=*******/emailAddress=MY_EMAIL_ADDRESS
Sun Aug 23 21:16:49 2015 us=700069 37.26.149.251:4808 VERIFY OK: depth=0, /C=**/ST=*****/L=********/O=Home/OU=*********/CN=changuito/name=*******/emailAddress=MY_EMAIL_ADDRESS
WRWRWRWRWRWRWRWRSun Aug 23 21:16:49 2015 us=894447 37.26.149.251:4808 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Aug 23 21:16:49 2015 us=894614 37.26.149.251:4808 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Aug 23 21:16:49 2015 us=894713 37.26.149.251:4808 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Aug 23 21:16:49 2015 us=894814 37.26.149.251:4808 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WWWRRRSun Aug 23 21:16:49 2015 us=980680 37.26.149.251:4808 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Aug 23 21:16:49 2015 us=980913 37.26.149.251:4808 [changuito] Peer Connection Initiated with [AF_INET]37.26.149.251:4808
Sun Aug 23 21:16:49 2015 us=981155 changuito/37.26.149.251:4808 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=48c7:db7e:80be:f876:34eb:fd76:d47a:3378
Sun Aug 23 21:16:49 2015 us=981508 changuito/37.26.149.251:4808 MULTI: Learn: 10.8.0.6 -> changuito/37.26.149.251:4808
Sun Aug 23 21:16:49 2015 us=981621 changuito/37.26.149.251:4808 MULTI: primary virtual IP for changuito/37.26.149.251:4808: 10.8.0.6
RSun Aug 23 21:16:52 2015 us=42806 changuito/37.26.149.251:4808 PUSH: Received control message: 'PUSH_REQUEST'
Sun Aug 23 21:16:52 2015 us=42966 changuito/37.26.149.251:4808 send_push_reply(): safe_cap=960
Sun Aug 23 21:16:52 2015 us=43261 changuito/37.26.149.251:4808 SENT CONTROL [changuito]: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,route 10.8.0.0 255.255.255.0,route 192.168.11.0 255.255.255.0,dhcp-option DNS 192.168.11.1,redirect-gateway def1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
WWWWWRRRRRSun Aug 23 21:16:52 2015 us=240667 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:16:52 2015 us=242512 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:16:52 2015 us=243443 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:16:52 2015 us=320978 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:16:52 2015 us=340742 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:16:52 2015 us=393736 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:16:52 2015 us=400685 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:16:52 2015 us=433983 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:16:52 2015 us=441161 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:16:52 2015 us=441488 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:16:52 2015 us=441965 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
.
.
.
RSun Aug 23 21:17:55 2015 us=801222 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:17:55 2015 us=802176 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RwrWRwrWRwrWRSun Aug 23 21:18:04 2015 us=841824 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:18:04 2015 us=842574 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:18:05 2015 us=241574 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:18:05 2015 us=242344 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
rWRSun Aug 23 21:18:12 2015 us=850104 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:18:12 2015 us=850646 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:18:13 2015 us=40959 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:18:13 2015 us=41892 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
rWRWRwrWRwrWRwRwrWrWRwrWRwrWRwRwrWrWRwRwrWRwrWrWRwRwrWrWRwRwrWRwrWRwrWrWRwrWrWrWRwRwrWrWrWrWrWrWrWRwRwRwRwrWrWRwRwrWrWRwRwrWrWRwRwrWRwrWRwRwrWRwRwRwrWRwRwrWRwRwrWRwRwrWRwRwrWRwRwrWrWrWRwRwRwrWRwRwrWRwrWRwRwrWRwRwRwrWRwRwrWRwRwrWRwRwrWRwrWRwRwRwrWRwRwrWRwRwrWRwRwrWRwrWRwRwrWRwRwrWRwrWRwRwRwrWRwRwrWRwRwrWrWrWRwRwRwrWRwRwrWRwRwrWRwRwrWRwRwrWrWRwRwRwRwrWrWRwRwrWRSun Aug 23 21:19:14 2015 us=896637 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:19:14 2015 us=897299 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
rWRSun Aug 23 21:19:15 2015 us=336106 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
RSun Aug 23 21:19:15 2015 us=337037 changuito/37.26.149.251:4808 MULTI: bad source address from client [fe80::4c8b:5ae7:c99c:2aab], packet dropped
WRWWWWWWWWWrWrWrWrWrWrWrWSun Aug 23 21:21:04 2015 us=329310 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Sun Aug 23 21:21:04 2015 us=331432 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
WrWrWrWrWSun Aug 23 21:21:16 2015 us=728458 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Sun Aug 23 21:21:16 2015 us=729874 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Sun Aug 23 21:21:16 2015 us=730831 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Sun Aug 23 21:21:16 2015 us=731860 read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=113)
rWrWSun Aug 23 21:21:20 2015 us=648860 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Sun Aug 23 21:21:20 2015 us=649635 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
WWWWWWSun Aug 23 21:22:21 2015 us=771009 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Sun Aug 23 21:22:21 2015 us=777778 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
WWSun Aug 23 21:22:42 2015 us=147406 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Sun Aug 23 21:22:42 2015 us=154249 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
WWSun Aug 23 21:23:02 2015 us=474849 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Sun Aug 23 21:23:02 2015 us=475814 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
WSun Aug 23 21:23:20 2015 us=534100 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
WSun Aug 23 21:23:26 2015 us=714797 changuito/37.26.149.251:4808 [changuito] Inactivity timeout (--ping-restart), restarting
Sun Aug 23 21:23:26 2015 us=715076 changuito/37.26.149.251:4808 SIGUSR1[soft,ping-restart] received, client-instance restarting
And finally - the logs from client:

Code: Select all

Sun Aug 23 23:53:43 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  4 2015
Sun Aug 23 23:53:43 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Enter Management Password:
Sun Aug 23 23:55:30 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Aug 23 23:55:30 2015 Control Channel Authentication: tls-auth using INLINE static key file
Sun Aug 23 23:55:30 2015 UDPv4 link local: [undef]
Sun Aug 23 23:55:30 2015 UDPv4 link remote: [AF_INET]5.102.222.130:1194
Sun Aug 23 23:55:32 2015 [RaspberryPi2] Peer Connection Initiated with [AF_INET]5.102.222.130:1194
Sun Aug 23 23:55:34 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Aug 23 23:55:34 2015 open_tun, tt->ipv6=0
Sun Aug 23 23:55:34 2015 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{086EBC94-0443-4F25-A3D6-1F00BC931BDA}.tap
Sun Aug 23 23:55:34 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {086EBC94-0443-4F25-A3D6-1F00BC931BDA} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sun Aug 23 23:55:34 2015 Successful ARP Flush on interface [29] {086EBC94-0443-4F25-A3D6-1F00BC931BDA}
Sun Aug 23 23:55:39 2015 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists.   [status=5010 if_index=29]
Sun Aug 23 23:55:39 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Aug 23 23:55:39 2015 Initialization Sequence Completed
Sun Aug 23 23:57:38 2015 ROUTE: route deletion failed using DeleteIpForwardEntry: Element not found.  
Sun Aug 23 23:57:38 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Aug 23 23:57:38 2015 SIGTERM[hard,] received, process exiting
Thanks for your help.

sirchango
OpenVpn Newbie
Posts: 2
Joined: Sun Aug 23, 2015 8:05 pm

Re: HTTP traffic doesn't work while connected via VPN

Post by sirchango » Sat Aug 29, 2015 9:33 am

Can I get some help guys? I didn't get any response yet and I find it hard to believe that no one knows how to tackle the problem I describe in this post. :-(

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: HTTP traffic doesn't work while connected via VPN

Post by Traffic » Mon Sep 28, 2015 10:59 am

This all looks normal, the problem you experience appear to be because your server and client are both in the subnet 192.168.11.0/24

Try again with your client on a different network. eg: From a friends home.

Locked