VPN established but not traffic through Tun0 interface

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
Morgoth
OpenVpn Newbie
Posts: 1
Joined: Thu Jul 13, 2023 9:28 am

VPN established but not traffic through Tun0 interface

Post by Morgoth » Thu Jul 13, 2023 10:11 am

Hi all,

I set a VPN server on my VPS. Actually there are two client connected, a raspberry in my house and my smartphone. the VPN works fine, the tunnel is esatblished, the interface Tun0 is up and the default route point pass all the traffic through tun inerface.
My smartphone is dual-sim and using both providers the vpn is established: in one case (wind) i can reach the other client (the raspberry in my hose), in the other case (vodafone) i cant.

I did some test on my linux VM using the vodafone sim as hotspot and i have identical issue.

Here is the openvpn log on the linux machine with vodafone hotspot

Code: Select all

2023-07-13 11:39:48 Unrecognized option or missing or extra parameter(s) in Checkpoint_Ale.ovpn:19: block-outside-dns (2.6.3)
2023-07-13 11:39:48 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2023-07-13 11:39:48 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-07-13 11:39:48 library versions: OpenSSL 3.0.9 30 May 2023, LZO 2.10
2023-07-13 11:39:48 DCO version: N/A
2023-07-13 11:39:48 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:53
2023-07-13 11:39:48 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-07-13 11:39:48 UDPv4 link local: (not bound)
2023-07-13 11:39:48 UDPv4 link remote: [AF_INET]x.x.x.x:53
2023-07-13 11:39:48 TLS: Initial packet from [AF_INET]x.x.x.x:53, sid=51be6313 4fb304b5
2023-07-13 11:39:48 VERIFY OK: depth=1, CN=cn_felf0MS5mO5CCNHU
2023-07-13 11:39:48 VERIFY KU OK
2023-07-13 11:39:48 Validating certificate extended key usage
2023-07-13 11:39:48 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-07-13 11:39:48 VERIFY EKU OK
2023-07-13 11:39:48 VERIFY X509NAME OK: CN=server_iph7VxXrIITLHoY4
2023-07-13 11:39:48 VERIFY OK: depth=0, CN=server_iph7VxXrIITLHoY4
2023-07-13 11:39:49 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bit ECprime256v1, signature: ecdsa-with-SHA256
2023-07-13 11:39:49 [server_iph7VxXrIITLHoY4] Peer Connection Initiated with [AF_INET]x.x.x.x:53
2023-07-13 11:39:49 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-07-13 11:39:49 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-07-13 11:39:49 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 1.0.0.1,dhcp-option DNS 1.1.1.1,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 1,cipher AES-128-GCM'
2023-07-13 11:39:49 OPTIONS IMPORT: --ifconfig/up options modified
2023-07-13 11:39:49 OPTIONS IMPORT: route options modified
2023-07-13 11:39:49 OPTIONS IMPORT: route-related options modified
2023-07-13 11:39:49 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-07-13 11:39:49 net_route_v4_best_gw query: dst 0.0.0.0
2023-07-13 11:39:49 net_route_v4_best_gw result: via 192.168.122.1 dev eth0
2023-07-13 11:39:49 ROUTE_GATEWAY 192.168.122.1/255.255.255.0 IFACE=eth0 HWADDR=52:54:00:4e:86:33
2023-07-13 11:39:49 TUN/TAP device tun0 opened
2023-07-13 11:39:49 net_iface_mtu_set: mtu 1500 for tun0
2023-07-13 11:39:49 net_iface_up: set tun0 up
2023-07-13 11:39:49 net_addr_v4_add: 10.8.0.2/24 dev tun0
2023-07-13 11:39:49 net_route_v4_add: x.x.x.x/32 via 192.168.122.1 dev [NULL] table 0 metric -1
2023-07-13 11:39:49 net_route_v4_add: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
2023-07-13 11:39:49 net_route_v4_add: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
2023-07-13 11:39:49 Initialization Sequence Completed
2023-07-13 11:39:49 Data Channel: cipher 'AES-128-GCM', peer-id: 1
2023-07-13 11:39:49 Timers: ping 10, ping-restart 120
2023-07-13 11:39:49 Protocol options: explicit-exit-notify 1
Here the interface stats and a traffic capture

Code: Select all

┌──(root㉿Sauron)-[~]
└─# ifconfig tun0 
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.2  netmask 255.255.255.0  destination 10.8.0.2
        inet6 fe80::4aa3:4d91:4e7f:ed4e  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 114  bytes 9252 (9.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

                                                                                                                     
┌──(root㉿Sauron)-[~]
└─# tcpdump -i tun0 host 10.8.0.3
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on tun0, link-type RAW (Raw IP), snapshot length 262144 bytes
12:03:24.686923 IP 10.8.0.2 > 10.8.0.3: ICMP echo request, id 35472, seq 1, length 64
12:03:25.706539 IP 10.8.0.2 > 10.8.0.3: ICMP echo request, id 35472, seq 2, length 64
12:03:43.779242 IP 10.8.0.2.36558 > 10.8.0.3.https: Flags [S], seq 3859445343, win 64240, options [mss 1460,sackOK,TS val 1757539582 ecr 0,nop,wscale 7], length 0
12:03:44.810392 IP 10.8.0.2.36558 > 10.8.0.3.https: Flags [S], seq 3859445343, win 64240, options [mss 1460,sackOK,TS val 1757540613 ecr 0,nop,wscale 7], length 0
As you can see the Tun0 interface send packets (as shown in the capture) but doesn't receive anything (RX=0).

If I try the same tests using the wind sim as hotspot, everything works fine.
Actually i think that the problem seems to be related to the provider... do you have any idea to figure it out?

Thx in advance
A.
Top
Post Reply

Return to “OpenVPN Connect (Android)”