OpenVPN client on Raspberry pi 3b+ with usb dongle 4G

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
luthorgelt
OpenVpn Newbie
Posts: 3
Joined: Sat Jun 09, 2018 7:04 pm

OpenVPN client on Raspberry pi 3b+ with usb dongle 4G

Post by luthorgelt » Sat Jun 09, 2018 7:43 pm

Hi all,

I want to use my Raspberry Pi like a server, but my mobile network uses CG NAT.

For this reason, I have the Rasberry pi running OpenVPN client and connected to the server PC(win10). Both with OpenVPN 2.4

I can ping server->client but not client->server and I don't know why. I have looked on Internet and I have seen videos in youtube, but I can not find the problem.

IPCONFIG

Code: Select all

Adaptador de Ethernet TUN:

   Sufijo DNS específico para la conexión. . :
   Vínculo: dirección IPv6 local. . . : fe80::d81c:9e19:7cd8:bad8%13
   Dirección IPv4. . . . . . . . . . . . . . : 10.8.0.1
   Máscara de subred . . . . . . . . . . . . : 255.255.255.252
   Puerta de enlace predeterminada . . . . . :

Adaptador de LAN inalámbrica Wi-Fi:

   Sufijo DNS específico para la conexión. . : Home
   Vínculo: dirección IPv6 local. . . : fe80::44d8:ba57:3653:d2fe%4
   Dirección IPv4. . . . . . . . . . . . . . : 192.168.0.2
   Máscara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.254
SERVER CONFIG FILE

port 6342
proto udp
dev tun
dev-node TUN

ca ca.crt
cert GCS.crt
key GCS.key # This file should be kept secret
dh dh1024.pem

;topology subnet

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.8.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"


;client-config-dir ccd
;route 192.168.8.0 255.255.255.0

;client-config-dir ccd
;route 10.8.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2

;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"

;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

client-to-client

;duplicate-cn

keepalive 10 120

;tls-auth ta.key 0 # This file is secret

;compress lz4-v2
;push "compress lz4-v2"
;comp-lzo

max-clients 1

;user nobody
;group nobody

persist-key
persist-tun

status openvpn-status.log
;log-append openvpn.log
verb 3
;mute 20
explicit-exit-notify 1


SERVER LOG OPENVPN

Code: Select all

Sat Jun 09 20:38:07 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Sat Jun 09 20:38:07 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Jun 09 20:38:07 2018 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Sat Jun 09 20:38:07 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Jun 09 20:38:07 2018 Need hold release from management interface, waiting...
Sat Jun 09 20:38:08 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Jun 09 20:38:08 2018 MANAGEMENT: CMD 'state on'
Sat Jun 09 20:38:08 2018 MANAGEMENT: CMD 'log all on'
Sat Jun 09 20:38:08 2018 MANAGEMENT: CMD 'echo all on'
Sat Jun 09 20:38:08 2018 MANAGEMENT: CMD 'bytecount 5'
Sat Jun 09 20:38:08 2018 MANAGEMENT: CMD 'hold off'
Sat Jun 09 20:38:08 2018 MANAGEMENT: CMD 'hold release'
Sat Jun 09 20:38:08 2018 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sat Jun 09 20:38:08 2018 Note: cannot open openvpn-status.log for WRITE
Sat Jun 09 20:38:08 2018 Note: cannot open ipp.txt for READ/WRITE
Sat Jun 09 20:38:08 2018 Diffie-Hellman initialized with 1024 bit key
Sat Jun 09 20:38:08 2018 interactive service msg_channel=744
Sat Jun 09 20:38:08 2018 ROUTE_GATEWAY 192.168.0.254/255.255.255.0 I=4 HWADDR=9c:b6:d0:06:93:95
Sat Jun 09 20:38:08 2018 open_tun
Sat Jun 09 20:38:08 2018 TAP-WIN32 device [TUN] opened: \\.\Global\{72FC8249-7479-49C0-A87E-ACB60E4BA637}.tap
Sat Jun 09 20:38:08 2018 TAP-Windows Driver Version 9.21 
Sat Jun 09 20:38:08 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {72FC8249-7479-49C0-A87E-ACB60E4BA637} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Sat Jun 09 20:38:08 2018 Sleeping for 10 seconds...
Sat Jun 09 20:38:18 2018 Successful ARP Flush on interface [13] {72FC8249-7479-49C0-A87E-ACB60E4BA637}
Sat Jun 09 20:38:18 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jun 09 20:38:18 2018 MANAGEMENT: >STATE:1528569498,ASSIGN_IP,,10.8.0.1,,,,
Sat Jun 09 20:38:18 2018 MANAGEMENT: >STATE:1528569498,ADD_ROUTES,,,,,,
Sat Jun 09 20:38:18 2018 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Sat Jun 09 20:38:18 2018 Route addition via service succeeded
Sat Jun 09 20:38:18 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Sat Jun 09 20:38:18 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jun 09 20:38:18 2018 setsockopt(IPV6_V6ONLY=0)
Sat Jun 09 20:38:18 2018 UDPv6 link local (bound): [AF_INET6][undef]:6342
Sat Jun 09 20:38:18 2018 UDPv6 link remote: [AF_UNSPEC]
Sat Jun 09 20:38:18 2018 MULTI: multi_init called, r=256 v=256
Sat Jun 09 20:38:18 2018 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sat Jun 09 20:38:18 2018 IFCONFIG POOL LIST
Sat Jun 09 20:38:18 2018 Initialization Sequence Completed
Sat Jun 09 20:38:18 2018 MANAGEMENT: >STATE:1528569498,CONNECTED,SUCCESS,10.8.0.1,,,,
Sat Jun 09 20:41:24 2018 84.78.25.17 TLS: Initial packet from [AF_INET6]::ffff:84.78.25.17:24928, sid=eef1b318 d1387000
Sat Jun 09 20:41:24 2018 84.78.25.17 VERIFY OK: depth=1, C=ES, ST=CastleBoom, L=Narnia, O=Acme, OU=Otravez, CN=GCS, name=luthorgelt, emailAddress=cagancho@ioputa.eres
Sat Jun 09 20:41:24 2018 84.78.25.17 VERIFY OK: depth=0, C=ES, ST=CastleBoom, L=Narnia, O=Acme, OU=Otravez, CN=MoonD1, name=luthorgelt, emailAddress=cagancho@ioputa.eres
Sat Jun 09 20:41:25 2018 84.78.25.17 peer info: IV_VER=2.4.0
Sat Jun 09 20:41:25 2018 84.78.25.17 peer info: IV_PLAT=linux
Sat Jun 09 20:41:25 2018 84.78.25.17 peer info: IV_PROTO=2
Sat Jun 09 20:41:25 2018 84.78.25.17 peer info: IV_NCP=2
Sat Jun 09 20:41:25 2018 84.78.25.17 peer info: IV_LZ4=1
Sat Jun 09 20:41:25 2018 84.78.25.17 peer info: IV_LZ4v2=1
Sat Jun 09 20:41:25 2018 84.78.25.17 peer info: IV_LZO=1
Sat Jun 09 20:41:25 2018 84.78.25.17 peer info: IV_COMP_STUB=1
Sat Jun 09 20:41:25 2018 84.78.25.17 peer info: IV_COMP_STUBv2=1
Sat Jun 09 20:41:25 2018 84.78.25.17 peer info: IV_TCPNL=1
Sat Jun 09 20:41:25 2018 84.78.25.17 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Sat Jun 09 20:41:25 2018 84.78.25.17 [MoonD1] Peer Connection Initiated with [AF_INET6]::ffff:84.78.25.17:21928
Sat Jun 09 20:41:25 2018 MoonD1/84.78.25.17 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Sat Jun 09 20:41:25 2018 MoonD1/84.78.25.17 MULTI: Learn: 10.8.0.6 -> MoonD1/84.78.25.17
Sat Jun 09 20:41:25 2018 MoonD1/84.78.25.17 MULTI: primary virtual IP for MoonD1/84.78.25.17: 10.8.0.6
Sat Jun 09 20:41:26 2018 MoonD1/84.78.25.17 PUSH: Received control message: 'PUSH_REQUEST'
Sat Jun 09 20:41:26 2018 MoonD1/84.78.25.17 SENT CONTROL [MoonD1]: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Sat Jun 09 20:41:26 2018 MoonD1/84.78.25.17 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Jun 09 20:41:26 2018 MoonD1/84.78.25.17 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 09 20:41:26 2018 MoonD1/84.78.25.17 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
IFCONFIG RASPBERRY

Code: Select all

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.8.100  netmask 255.255.255.0  broadcast 192.168.8.255
        inet6 fe80::5ebb:a18:342:b82c  prefixlen 64  scopeid 0x20<link>
        ether 0c:5b:8f:27:9a:64  txqueuelen 1000  (Ethernet)
        RX packets 3429  bytes 1228280 (1.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 60292  bytes 5014536 (4.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.6  netmask 255.255.255.255  destination 10.8.0.5
        inet6 fe80::8ea6:8975:fa64:1f88  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 1  bytes 134 (134.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 192 (192.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
RASPBERRY ROUTE

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         hi.link         0.0.0.0         UG    204    0        0 eth1
10.8.0.0        10.8.0.5        255.255.255.0   UG    0      0        0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.8.0     0.0.0.0         255.255.255.0   U     204    0        0 eth1
CLIENT CONFIG FILE

client

dev tun
;dev-node MyTap

proto udp

remote xxxxxxxx.com 6342

;remote-random
resolv-retry infinite
nobind

;user nobody
;group nogroup

persist-key
persist-tun

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

;mute-replay-warnings

ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/MoonD1.crt
key /etc/openvpn/client/MoonD1.key

;remote-cert-tls server
;tls-auth ta.key 1
cipher AES-256-CBC

#comp-lzo

verb 3
;mute 20


CLIENT LOG

Code: Select all

Sat Jun  9 18:41:25 2018 WARNING: file '/etc/openvpn/client/MoonD1.key' is group or others accessible
Sat Jun  9 18:41:25 2018 OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Sat Jun  9 18:41:25 2018 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
Sat Jun  9 18:41:25 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Jun  9 18:41:25 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:6342
Sat Jun  9 18:41:25 2018 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sat Jun  9 18:41:25 2018 UDP link local: (not bound)
Sat Jun  9 18:41:25 2018 UDP link remote: [AF_INET]XX.XX.XX.XX:6342
Sat Jun  9 18:41:25 2018 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:6342, sid=43c65c6d f1f4d2ff
Sat Jun  9 18:41:25 2018 VERIFY OK: depth=1, C=ES, ST=CastleBoom, L=Narnia, O=Acme, OU=Otravez, CN=GCS, name=luthorgelt, emailAddress=cagancho@ioputa.eres
Sat Jun  9 18:41:25 2018 VERIFY OK: depth=0, C=ES, ST=CastleBoom, L=Narnia, O=Acme, OU=Otravez, CN=GCS, name=luthorgelt, emailAddress=cagancho@ioputa.eres
Sat Jun  9 18:41:25 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Sat Jun  9 18:41:25 2018 [GCS] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:6342
Sat Jun  9 18:41:27 2018 SENT CONTROL [GCS]: 'PUSH_REQUEST' (status=1)
Sat Jun  9 18:41:27 2018 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Sat Jun  9 18:41:27 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jun  9 18:41:27 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jun  9 18:41:27 2018 OPTIONS IMPORT: route options modified
Sat Jun  9 18:41:27 2018 OPTIONS IMPORT: peer-id set
Sat Jun  9 18:41:27 2018 OPTIONS IMPORT: adjusting link_mtu to 1624
Sat Jun  9 18:41:27 2018 OPTIONS IMPORT: data channel crypto options modified
Sat Jun  9 18:41:27 2018 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun  9 18:41:27 2018 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun  9 18:41:27 2018 ROUTE_GATEWAY 192.168.8.1/255.255.255.0 IFACE=eth1 HWADDR=0c:5b:8f:26:9a:64
Sat Jun  9 18:41:27 2018 TUN/TAP device tun0 opened
Sat Jun  9 18:41:27 2018 TUN/TAP TX queue length set to 100
Sat Jun  9 18:41:27 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jun  9 18:41:27 2018 /sbin/ip link set dev tun0 up mtu 1500
Sat Jun  9 18:41:27 2018 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Sat Jun  9 18:41:27 2018 /sbin/ip route add 10.8.0.0/24 via 10.8.0.5
Sat Jun  9 18:41:27 2018 Initialization Sequence Completed
Thanks in advance.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN client on Raspberry pi 3b+ with usb dongle 4G

Post by TinCanTech » Sat Jun 09, 2018 8:08 pm

The most likely cause is your Windows firewall blocking your vpn subnet. IE: 10.8.0.0/24

luthorgelt
OpenVpn Newbie
Posts: 3
Joined: Sat Jun 09, 2018 7:04 pm

Re: OpenVPN client on Raspberry pi 3b+ with usb dongle 4G

Post by luthorgelt » Sun Jun 10, 2018 4:39 pm

Ok, It was the firewall :roll: :roll:

I added in the config file

push "route 192.168.8.0 255.255.255.0"
client-config-dir ccd
route 192.168.8.0 255.255.255.0

and inside the file client in ccd dir

iroute 192.168.8.0 255.255.255.0

And now, I can ping to 192.168.8.100 (client eth1), but I can't connect with any aplicaction.

luthorgelt
OpenVpn Newbie
Posts: 3
Joined: Sat Jun 09, 2018 7:04 pm

Re: OpenVPN client on Raspberry pi 3b+ with usb dongle 4G

Post by luthorgelt » Thu Jun 14, 2018 5:50 pm

Good news, I fixed the problem.

Post Reply