Connected, but can't access any server/site

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
fx3000se
OpenVpn Newbie
Posts: 8
Joined: Sat Feb 04, 2017 10:42 am

Connected, but can't access any server/site

Post by fx3000se » Sat Feb 04, 2017 11:23 am

I imported the conf files from my Windows PC (where OpenVPN (GUI) works). The only chnage I had to make was uncommenting the "fragment"-line.
On android (And 5.1.1, sMIUI) the VPN connection can be established (and I get an IP assigned) BUT neither from the borwser nor from the termux app I can ping/access any site neither by hostname nor ip.

My conf is as follows:
---------------
client
dev tun
resolv-retry infinite
nobind
hand-window 10

<connection>
remote <ip of openvpn server> 443 tcp
</connection>

persist-key
persist-tun

<ca>
...
</ca>

<cert>
...
</cert>

<key>
...
</key>

tls-remote <gw host name>

key-direction 1
<tls-auth>
...
</tls-auth>

cipher BF-CBC

verb 3

tun-mtu 1400
;fragment 1300
mssfix
no-replay

redirect-gateway def1
-------------
I also tried the settings from my Mac (OSX), which are as follows:
------------------
remote <ip of vpn server> 1194 udp
pull
tls-client

persist-key
;fragment 1300

redirect-gateway def1
nobind
persist-tun
comp-lzo
dev tun
tun-mtu 1400
hand-window 10
resolv-retry infinite
mssfix
no-replay
cipher BF-CBC

<ca>
...
</ca>

<cert>
...
</cert>

<key>
...
</key>

tls-remote <gw hostname>

key-direction 1
<tls-auth>
...
</tls-auth>
-----------------

Any help/advice appreciated
-Clemens

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connected, but can't access any server/site

Post by TinCanTech » Sat Feb 04, 2017 11:30 am

What about your server config and log files ?

fx3000se
OpenVpn Newbie
Posts: 8
Joined: Sat Feb 04, 2017 10:42 am

Re: Connected, but can't access any server/site

Post by fx3000se » Sat Feb 04, 2017 12:50 pm

Thanks for the fast reply.
I can't access these easily...at least not on the weekend.
Again "OpenVPN Android" does connect. Also I have no problems with the OpenVPN connection from Windows (using OpenVPN GUI), nor from my Mac (using Viscoyity)

fx3000se
OpenVpn Newbie
Posts: 8
Joined: Sat Feb 04, 2017 10:42 am

Re: Connected, but can't access any server/site

Post by fx3000se » Sat Feb 04, 2017 2:04 pm

Kernel IP routing table

Code: Select all

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.198.6.92     *               255.255.255.252 U     0      0        0 rmnet_data0
192.168.15.152  *               255.255.255.252 U     0      0        0 tun0
192.168.15.152 being the IP I get assigend from the VPN server

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connected, but can't access any server/site

Post by TinCanTech » Sat Feb 04, 2017 6:36 pm

fx3000se wrote:the VPN connection can be established (and I get an IP assigned) BUT neither from the borwser nor from the termux app I can ping/access any site neither by hostname nor ip.
It looks like you have not redirected your gateway.

fx3000se
OpenVpn Newbie
Posts: 8
Joined: Sat Feb 04, 2017 10:42 am

Re: Connected, but can't access any server/site

Post by fx3000se » Sat Feb 04, 2017 8:02 pm

It looks like you have not redirected your gateway.
sorry for asking, but what exactly does that mean?
Where/how would I have to do that?


fx3000se
OpenVpn Newbie
Posts: 8
Joined: Sat Feb 04, 2017 10:42 am

Re: Connected, but can't access any server/site

Post by fx3000se » Sun Feb 05, 2017 2:12 pm

Thanks for the link that I have read before ;)
I do have

Code: Select all

redirect-gateway def1

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connected, but can't access any server/site

Post by TinCanTech » Sun Feb 05, 2017 2:34 pm

Yes but:
fx3000se wrote:Kernel IP routing table

Code: Select all

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.198.6.92     *               255.255.255.252 U     0      0        0 rmnet_data0
192.168.15.152  *               255.255.255.252 U     0      0        0 tun0
192.168.15.152 being the IP I get assigend from the VPN server
this suggests it is not working properly.

I suggest you post your client log.

fx3000se
OpenVpn Newbie
Posts: 8
Joined: Sat Feb 04, 2017 10:42 am

Re: Connected, but can't access any server/site

Post by fx3000se » Sun Feb 05, 2017 3:10 pm

where/how can I access the client log?

fx3000se
OpenVpn Newbie
Posts: 8
Joined: Sat Feb 04, 2017 10:42 am

Re: Connected, but can't access any server/site

Post by fx3000se » Sun Feb 05, 2017 3:55 pm

found the "Log" menu option. I am seeing

Code: Select all

...
... -- TUN write error: write_some: Invalid argument
... -- Session invalidated: KEEPALIVE_TIMEOUT
... -- Client terminated, restaring in 2...
...

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connected, but can't access any server/site

Post by TinCanTech » Sun Feb 05, 2017 4:14 pm

You need to check your complete server log.

fx3000se
OpenVpn Newbie
Posts: 8
Joined: Sat Feb 04, 2017 10:42 am

Re: Connected, but can't access any server/site

Post by fx3000se » Thu Feb 09, 2017 11:49 am

Unfortunately I had no chance to contact IT yet.

Nevertheless I'd like to ask whether certain UserAgents(e.g. mobiles) can be "filtered" serverside? But why then would it (let) connect at all?

Also (me not being netwrok-specialist):
what is "wrong" with my route output. How should it look?

Thanks

Post Reply