Force OpenVPN Connect to connect via UDPv4

[ucdef]

I have a working OpenVPN server on my router. I can use it via my laptop. I have disabled IPv6 on the router, although my internet provider does not stop assigning an IPv6 address to my modem.

The problem is that OpenVPN Connect still connects via UDPv6. Since I do not have OpenVPN configured for IPv6, I lose internet access when connected to the VPN.

I tried putting:

Code: Select all

proto udp4
remote x.x.x.x 1194 udp4

in my ovpn config, but it ignores the options. If it matters, when I go to http://whatismyip.host, my phone has an IPv4 address (although "what is my ip?" on Google returns an IPv6 address). I originally had IPv6 enabled on my router and followed the OpenWRT directions for setting up OpenVPN, but OpenVPN Connect failed to connect with that setup. I would rather not wrangle with the settings to get IPv6 working.

The ovpn client config:

Code: Select all

  client
  dev tun
  proto udp4
  fast-io
  remote x.x.x.x 1194 udp4
  remote-cert-tls server
  nobind
  persist-key
  persist-tun
  compress lzo
  verb 3
  key-direction 1
  ...[certificates]

The server config:

Code: Select all

config openvpn 'vpnserver'
	enabled '1'
	dev_type 'tun'
	dev 'ovpns0'
	proto 'udp4'
	port '1194'
	topology 'subnet'
	tls_server '1'
	mode 'server'
	server '192.168.200.0 255.255.255.0'
	route_gateway 'dhcp'
	compress 'lzo'
	keepalive '10 120'
	persist_key '1'
	persist_tun '1'
	ca '/etc/openvpn/ca.crt'
	cert '/etc/openvpn/my-server.crt'
	key '/etc/openvpn/my-server.key'
	dh '/etc/openvpn/dh2048.pem'
	tls_auth '/etc/openvpn/tls-auth.key 0'
	client_to_client '1'
	log '/tmp/openvpn.log'
	push 'topology subnet'
	push 'redirect-gateway def1'
	push 'route-gateway dhcp'
	push 'route 192.168.200.0 255.255.255.0'
	push 'dhcp-option DNS 192.168.1.1'
	push 'compress lzo'
	push 'persist-key'
	push 'persist-tun'
	push 'DOMAIN lan'

The log from OpenVPN Connect:

Code: Select all

2018-08-23 02:21:23 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit built on Feb 22 2018 12:39:28
2018-08-23 02:21:23 Frame=512/2048/512 mssfix-ctrl=1250
2018-08-23 02:21:23 UNUSED OPTIONS
3 [fast-io] 
6 [nobind] 
7 [persist-key] 
8 [persist-tun] 
10 [verb] [3] 

2018-08-23 02:21:23 EVENT: RESOLVE
2018-08-23 02:21:23 Contacting [IPv6 removed]:1194/UDP via UDP
2018-08-23 02:21:23 EVENT: WAIT
2018-08-23 02:21:23 Connecting to [IPv4 removed]:1194 (IPv6 removed) via UDPv6
2018-08-23 02:21:23 EVENT: CONNECTING
2018-08-23 02:21:23 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
2018-08-23 02:21:23 Creds: UsernameEmpty/PasswordEmpty
2018-08-23 02:21:23 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.9-0
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_AUTO_SESS=1
IV_BS64DL=1

2018-08-23 02:21:23 VERIFY OK : depth=1
cert. version    : 3
serial number    : removed
issuer name      : C=GB, ST=London, O=WWW Ltd.
subject name      : C=GB, ST=London, O=WWW Ltd.
issued  on        : 2018-08-23 05:58:43
expires on        : 2028-08-20 05:58:43
signed using      : RSA with SHA-256
RSA key size      : 4096 bits
basic constraints : CA=true

2018-08-23 02:21:23 VERIFY OK : depth=0
cert. version    : 3
serial number    : 10:00
issuer name      : C=GB, ST=London, O=WWW Ltd.
subject name      : CN=my-server
issued  on        : 2018-08-23 05:58:59
expires on        : 2028-08-20 05:58:59
signed using      : RSA with SHA-256
RSA key size      : 4096 bits
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2018-08-23 02:21:24 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2018-08-23 02:21:24 Session is ACTIVE
2018-08-23 02:21:24 EVENT: GET_CONFIG
2018-08-23 02:21:24 Sending PUSH_REQUEST to server...
2018-08-23 02:21:24 OPTIONS:
0 [topology] [subnet] 
1 [redirect-gateway] [def1] 
2 [route-gateway] [dhcp] 
3 [route] [192.168.200.0] [255.255.255.0] 
4 [dhcp-option] [DNS] [192.168.1.1] 
5 [compress] [lzo] 
6 [persist-key] 
7 [persist-tun] 
8 [DOMAIN] [lan] 
9 [route-gateway] [192.168.200.1] 
10 [topology] [subnet] 
11 [ping] [10] 
12 [ping-restart] [120] 
13 [ifconfig] [192.168.200.2] [255.255.255.0] 
14 [peer-id] [1] 
15 [cipher] [AES-256-GCM] 

2018-08-23 02:21:24 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA1
  compress: LZO
  peer ID: 1
2018-08-23 02:21:24 EVENT: ASSIGN_IP
2018-08-23 02:21:24 NIP: preparing TUN network settings
2018-08-23 02:21:24 NIP: init TUN network settings with endpoint: IPv6 removed
2018-08-23 02:21:24 NIP: adding IPv4 address to network settings 192.168.200.2/255.255.255.0
2018-08-23 02:21:24 NIP: adding (included) IPv4 route 192.168.200.0/24
2018-08-23 02:21:24 NIP: adding (included) IPv4 route 192.168.200.0/24
2018-08-23 02:21:24 NIP: redirecting all IPv4 traffic to TUN interface
2018-08-23 02:21:24 NIP: adding DNS 192.168.1.1
2018-08-23 02:21:24 Connected via NetworkExtensionTUN
2018-08-23 02:21:24 LZO-ASYM init swap=0 asym=0
2018-08-23 02:21:24 EVENT: CONNECTED @IPv4 removed:1194 (IPv6 removed) via /UDPv6 on NetworkExtensionTUN/192.168.200.2/ gw=[/]
2018-08-23 02:26:48 EVENT: DISCONNECTED
2018-08-23 02:26:48 Raw stats on disconnect:
  BYTES_IN : 5847
  BYTES_OUT : 14546
  PACKETS_IN : 43
  PACKETS_OUT : 146
  TUN_BYTES_IN : 7881
  TUN_PACKETS_IN : 125
2018-08-23 02:26:48 Performance stats on disconnect:
  CPU usage (microseconds): 291098
  Tunnel compression ratio (downlink): inf
  Network bytes per CPU second: 70055
  Tunnel bytes per CPU second: 27073

[TinCanTech]

I lose internet access when connected to the VPN.

4 [dhcp-option] [DNS] [192.168.1.1]

Is that a real DNS server on your network ?

[ucdef]

Thanks!!! Once you point it out it makes complete sense. The UDPv6 was a red herring. I changed my LAN to be 192.168.1.1/24 and now it works.

[TinCanTech]

Change your LAN to something more unique