No web traffic on LTE mobile broadband

[jamesnb]

Hello all!

I have setup my E4200 hardware v1 router using DD-WRT firmware with embedded latest OpenVPN version: 2.3.xx
I have an iPhone with iOS 8.4.1 (latest before 9.0.1) with OpenVPN client version 1.0.5 build 177 (iOS 64-bit) installed (latest from the Appstore)

If I use public Wireless Internet such as those in coffee shops (like Starbucks, Tim Horton), the VPN connection works fine: I can access other devices on my home LAN network and, I can browse any websites from the VPN connection (redirect-gateway firewall rule works)

>>>>>STRANGE THING start from here<<<<<<

If I use my cellular mobile broadband (Roger LTE in Canada): when I try connect to OpenVPN, it said the connection is "connected" successfully BUT, I CANNOT browse any websites (Safari or Chrome keeps spinning the waiting wheel) or, access to any devices on my LAN network via the VPN connection

I have the MTU (Maximum Transmission Unit) on my Router set as 1500, and on the VPN server also set at 1500.
I use the latest VPN client (for iOS) and Server (for my Router via DD-WRT firmware)

Any ideas or head-ups are appreciated!!

[jamesnb]

Anyone is having the same problem please please?

[Traffic]

If I use public Wireless Internet such as those in coffee shops (like Starbucks, Tim Horton), the VPN connection works fine: I can access other devices on my home LAN network and, I can browse any websites from the VPN connection (redirect-gateway firewall rule works)

OK .. your VPN is setup correctly ..

If I use my cellular mobile broadband (Roger LTE in Canada): when I try connect to OpenVPN, it said the connection is "connected" successfully BUT, I CANNOT browse any websites (Safari or Chrome keeps spinning the waiting wheel) or, access to any devices on my LAN network via the VPN connection

We will need to see server and client configs and logs. Have you contacted Roger LTE in Canada to ask if they allow the VPN data ?

I have the MTU (Maximum Transmission Unit) on my Router set as 1500, and on the VPN server also set at 1500.

Probably best to remove any specific MTU settings, unless you know exactly what you are doing.

[jamesnb]

Hello there,

My server log:

Code: Select all

20150930 18:21:48 24.114.38.128:43187 TLS: Initial packet from [AF_INET]24.114.38.128:43187 sid=95bd4df8 27045918 
20150930 18:21:50 24.114.38.128:43187 VERIFY OK: depth=1 C=CA ST=BC L=xxx O=OpenVPN OU=changeme CN=xxx name=changeme emailAddress=xxx
20150930 18:21:50 24.114.38.128:43187 VERIFY OK: depth=0 C=CA ST=BC L=xxxr O=OpenVPN OU=changeme CN=client1 name=changeme emailAddress=xxx 
20150930 18:21:50 24.114.38.128:43187 NOTE: --mute triggered... 
20150930 18:21:50 24.114.38.128:43187 5 variation(s) on previous 3 message(s) suppressed by --mute 
20150930 18:21:50 I 24.114.38.128:43187 [client1] Peer Connection Initiated with [AF_INET]24.114.38.128:43187
20150930 18:21:50 I client1/24.114.38.128:43187 MULTI_sva: pool returned IPv4=10.8.8.2 IPv6=(Not enabled) 
20150930 18:21:50 client1/24.114.38.128:43187 MULTI: Learn: 10.8.8.2 -> client1/xxx.xxx.xxx.xxx:xxx 
20150930 18:21:50 client1/24.114.38.128:43187 MULTI: primary virtual IP for client1/xxx.xxx.xxx.xxx:xxx: 10.8.8.2 
20150930 18:21:50 client1/24.114.38.128:43187 PUSH: Received control message: 'PUSH_REQUEST' 
20150930 18:21:50 I client1/24.114.38.128:43187 send_push_reply(): safe_cap=940 
20150930 18:21:50 client1/24.114.38.128:43187 SENT CONTROL [client1]: 'PUSH_REPLY redirect-gateway def1 route-gateway 10.8.8.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.8.2 255.255.255.0' (status=1) 
20150930 18:21:56 N client1/24.114.38.128:43187 write UDPv4: Message too long (code=97) 
20150930 18:21:56 N client1/24.114.38.128:43187 write UDPv4: Message too long (code=97) 
20150930 18:21:56 N client1/24.114.38.128:43187 write UDPv4: Message too long (code=97) 
20150930 18:21:57 client1/24.114.38.128:43187 NOTE: --mute triggered... 
20150930 18:22:58 client1/24.114.38.128:43187 207 variation(s) on previous 3 message(s) suppressed by --mute 
20150930 18:22:58 client1/24.114.38.128:43187 SIGTERM[soft remote-exit] received client-instance exiting 
20150930 18:24:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20150930 18:24:27 D MANAGEMENT: CMD 'state' 
20150930 18:24:27 MANAGEMENT: Client disconnected 
20150930 18:24:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20150930 18:24:27 D MANAGEMENT: CMD 'state' 
20150930 18:24:27 MANAGEMENT: Client disconnected 
20150930 18:24:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20150930 18:24:27 D MANAGEMENT: CMD 'state' 
20150930 18:24:27 MANAGEMENT: Client disconnected 
20150930 18:24:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20150930 18:24:27 D MANAGEMENT: CMD 'status 2' 
20150930 18:24:27 MANAGEMENT: Client disconnected 
20150930 18:24:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14 
20150930 18:24:27 D MANAGEMENT: CMD 'log 500' 
19700101 00:00:00 

and the Client log:

Code: Select all

2015-09-30 18:21:47 ----- OpenVPN Start -----
OpenVPN core 3.0 ios arm64 64-bit
2015-09-30 18:21:47 UNUSED OPTIONS
5 [resolv-retry] [infinite] 
6 [nobind] 
7 [persist-key] 
8 [persist-tun] 
9 [verb] [5] 

2015-09-30 18:21:47 LZO-ASYM init swap=0 asym=0
2015-09-30 18:21:47 EVENT: RESOLVE
2015-09-30 18:21:48 Contacting xxx.xxx.xxx.xxx:xxx via UDP
2015-09-30 18:21:48 EVENT: WAIT
2015-09-30 18:21:48 SetTunnelSocket returned 1
2015-09-30 18:21:48 Connecting to xxx.xxx.xxx:xxx (xxx.xxx.xxx.xxx) via UDPv4
2015-09-30 18:21:48 EVENT: CONNECTING
2015-09-30 18:21:48 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2015-09-30 18:21:48 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2015-09-30 18:21:50 VERIFY OK: depth=1
cert. version    : 3
serial number    : DE:EF:E9:89:5C:16:30:F5
issuer name      : C=CA, ST=BC, L=xxx, O=OpenVPN, OU=changeme, CN=xxx, ??=changeme, emailAddress=xxx
subject name      : C=CA, ST=BC, L=Vancouver, O=OpenVPN, OU=changeme, CN=xxx, ??=changeme, emailAddress=xxx
issued  on        : 2015-09-21 00:03:01
expires on        : 2025-09-18 00:03:01
signed using      : RSA with SHA1
RSA key size      : 1024 bits
basic constraints : CA=true

2015-09-30 18:21:50 VERIFY OK: depth=0
cert. version    : 3
serial number    : 01
issuer name      : C=CA, ST=BC, L=xxx, O=OpenVPN, OU=changeme, CN=xxx, ??=changeme, emailAddress=xxx
subject name      : C=CA, ST=BC, L=xxx, O=OpenVPN, OU=changeme, CN=xxx, ??=changeme, emailAddress=xxx
issued  on        : 2015-09-21 00:03:52
expires on        : 2025-09-18 00:03:52
signed using      : RSA with MD5
RSA key size      : 1024 bits
basic constraints : CA=false
cert. type        : SSL Server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2015-09-30 18:21:51 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2015-09-30 18:21:51 Session is ACTIVE
2015-09-30 18:21:51 EVENT: GET_CONFIG
2015-09-30 18:21:51 Sending PUSH_REQUEST to server...
2015-09-30 18:21:51 OPTIONS:
0 [redirect-gateway] [def1] 
1 [route-gateway] [10.8.8.1] 
2 [topology] [subnet] 
3 [ping] [10] 
4 [ping-restart] [120] 
5 [ifconfig] [10.8.8.2] [255.255.255.0] 

2015-09-30 18:21:51 LZO-ASYM init swap=0 asym=0
2015-09-30 18:21:51 EVENT: ASSIGN_IP
2015-09-30 18:21:51 Google DNS fallback enabled
2015-09-30 18:21:51 Connected via tun
2015-09-30 18:21:51 EVENT: CONNECTED @xxx.xxx.xxx:xxx (xxx.xxx.xxx.xxx) via /UDPv4 on tun/10.8.8.2/
2015-09-30 18:21:51 SetStatus Connected
2015-09-30 18:22:58 TUN reset routes
2015-09-30 18:22:58 EVENT: DISCONNECTED
2015-09-30 18:22:58 Raw stats on disconnect:
  BYTES_IN : 442856
  BYTES_OUT : 187868
  PACKETS_IN : 871
  PACKETS_OUT : 908
  TUN_BYTES_IN : 145805
  TUN_BYTES_OUT : 401222
  TUN_PACKETS_IN : 868
  TUN_PACKETS_OUT : 833
2015-09-30 18:22:58 Performance stats on disconnect:
  CPU usage (microseconds): 324201
  Tunnel compression ratio (uplink): 1.28849
  Tunnel compression ratio (downlink): 1.10377
  Network bytes per CPU second: 1945472
  Tunnel bytes per CPU second: 1687308
2015-09-30 18:22:58 ----- OpenVPN Stop -----

[Traffic]

Please post server and client config files.

[jamesnb]

Hi Traffic,

Server config: because i use OpenVPN on DD-WRT, the followings are my server option

Code: Select all

Config as: Server (other option is Deamon)
Server mode: Router (TUN) (other option is Bridge (TAP))
Network: 10.8.8.0
Netmark: 255.255.255.0
Port: xxxx
Tunnel protocol: TUN
Tunel MTU setting: 1400 (default)

ca ca.cert
Key server.key
dh dh1024.pem

Client config:

Code: Select all

remote xxx.xxx.xxx xxxx

client 
remote-cert-tls server 
dev tun 
proto udp 
resolv-retry infinite 
nobind
tun-mtu 1400 
persist-key 
persist-tun 
verb 5
comp-lzo yes
cipher AES-128-CBC
float
ca ca.crt" 
certclient1.crt"
keyclient1.key"

The weird thing is that, I can ping the website using command prompt on Windows 7, and got the response like ....TTLS=53
But if I use the browser to browse any website, it just hangs there forever. Nothing loaded.

Again, if I use wireless Internet at coffee shops, my friend's house then it works perfectly fine. Just not working on mobile (LTE or 4G) network.

Appreciate your support.

[Traffic]

It is possible the LTE/4g link has MTU issues .. try using the settings detailed under --tun-mtu (--fragment/--mssfix) in The Manual v23x

[jamesnb]

Hi Traffic,

Could you please suggest in my specific case, what command of the MTU and mssfix config should I put in the client config file? I am totally nob in this area.

Appreciate your support.

[Traffic]

Try --proto tcp for testing.

[jamesnb]

Hi traffic,
I have tried to use the following command on both client and server config

tun-mtu 1500
mssfix
fragment 1300

When I use the LTE/4G stick with my laptop, I can connect to the VPN and everything is working fine:) yay

However, if I use my iPhone on LTE, running latest VPN connect agent, it still cannot connect.... It said that it does not support Fragment command....

Any idea how to make it work on iPhone?

Thanks

[jamesnb]

Any help is really appreciated....