Connected but no Browser surginf (DNS works)

[Brotinger]

Hi,

I´had set up an OpenVPN Server on Raspberry Pi.
The Connection from Windows Clients works fine, but I have problems with one of my Android device.

I am connected successfully to the Server and I also can ping and make an nslookup, for exmaple via the Terminal App, but i cannot access any website via Browser or e.g. via the Amazon App.

Here is my Client-Config:

Code: Select all

dev tun
client
proto udp
remote x.x.x.x port-number
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
tls-auth tls-auth.key 1
ns-cert-type server
comp-lzo
verb 3
tun-mtu 1400 
mssfix 1360
auth SHA512
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256

My Server config:


Any idea?
Searching for a solution for hours now... :-/
Thank You!

[Traffic]

Try removing these from your client config:

tun-mtu 1400
mssfix 1360

tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256

If you also specify tun-mtu & mssfix in your server I would recommend you remove those as well ..

[terrorfrog]

Not an issue with mtu or msfix, if those are the issue you probably wont even abel to nslookup or connect at all

we need server config

did you push route and set route?
do you wanna acess the itnernet trough openvpn?
if yes did you set redirect gateway directive?


i assume you did nslookup only to the default nameserver
that means you can reach local dns but cant go over the gateway which is a routing or firewall error on the gateway

you should try to bing and traceroute internal and external ips

ping server ip on ovpn ip
ping gateway ip at your own network youre conncting too
then ping something outside
make traces to each

should show where the flow stops, i assume not set routes

btw is the openvpn server also your internet gateway or are those different devices ?

[Brotinger]

Here is a paart of my server config:

Code: Select all

push "route 10.8.0.1 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

As I said, i works well on a windows client, though AFTER I set "tun-mtu" and "mssfix".
Yes I wanna route all traffic through this VPN server and access the internet and I can ping external server (like google.com) over the Terminal App from my Android device.

[terrorfrog]

haa hold on,...
android i remeber there somethine i had issues with that ages ago

what anroid version?
i assume rooted
do you use a firewall app on anroid?

which app you use to connect on android?


if you use msfix you should also use
fragment 1360
on both client and server

its possible we have here 2 problems at the same time with similar symptoms
you could also try a telnet www.google.con 80
to see if you get any http traffic in your terminal

[Brotinger]

haa hold on,...
android i remeber there somethine i had issues with that ages ago

what anroid version?
i assume rooted
do you use a firewall app on anroid?

No, I don´t have a Firewall App

which app you use to connect on android?

The OpenVPN Connect App

if you use msfix you should also use
fragment 1360
on both client and server

Ok, I will set it.

its possible we have here 2 problems at the same time with similar symptoms
you could also try a telnet http://www.google.con 80
to see if you get any http traffic in your terminal

Telnet doesn´t work. Ping does work...

[Pippin]

It was asked what Android version.

If 5.1 or up, then try OpenVPN for Android from Arne Schwabe instead of OpenVPN Connect.

[Brotinger]

yes.. Android 5.1.1...i will try the other app, thanks!

[terrorfrog]

try to switch to tcp instead of udp

[Brotinger]

Thanks for your help! With the alternative App it works... I don´t know why, but it works