Page 1 of 1
No web traffic on LTE mobile broadband
Posted: Sun Sep 27, 2015 7:54 am
by jamesnb
Hello all!
I have setup my E4200 hardware v1 router using DD-WRT firmware with embedded latest OpenVPN version: 2.3.xx
I have an iPhone with iOS 8.4.1 (latest before 9.0.1) with OpenVPN client version 1.0.5 build 177 (iOS 64-bit) installed (latest from the Appstore)
If I use public Wireless Internet such as those in coffee shops (like Starbucks, Tim Horton), the VPN connection works fine: I can access other devices on my home LAN network and, I can browse any websites from the VPN connection (redirect-gateway firewall rule works)
>>>>>STRANGE THING start from here<<<<<<
If I use my cellular mobile broadband (Roger LTE in Canada): when I try connect to OpenVPN, it said the connection is "connected" successfully BUT, I CANNOT browse any websites (Safari or Chrome keeps spinning the waiting wheel) or, access to any devices on my LAN network via the VPN connection
I have the MTU (Maximum Transmission Unit) on my Router set as 1500, and on the VPN server also set at 1500.
I use the latest VPN client (for iOS) and Server (for my Router via DD-WRT firmware)
Any ideas or head-ups are appreciated!!
Re: No web traffic on LTE mobile broadband
Posted: Wed Sep 30, 2015 2:55 am
by jamesnb
Anyone is having the same problem please please?
Re: No web traffic on LTE mobile broadband
Posted: Wed Sep 30, 2015 9:46 am
by Traffic
jamesnb wrote:If I use public Wireless Internet such as those in coffee shops (like Starbucks, Tim Horton), the VPN connection works fine: I can access other devices on my home LAN network and, I can browse any websites from the VPN connection (redirect-gateway firewall rule works)
OK .. your VPN is setup correctly ..
jamesnb wrote:If I use my cellular mobile broadband (Roger LTE in Canada): when I try connect to OpenVPN, it said the connection is "connected" successfully BUT, I CANNOT browse any websites (Safari or Chrome keeps spinning the waiting wheel) or, access to any devices on my LAN network via the VPN connection
We will need to see server and client configs and logs. Have you contacted
Roger LTE in Canada to ask if they allow the VPN data ?
jamesnb wrote:I have the MTU (Maximum Transmission Unit) on my Router set as 1500, and on the VPN server also set at 1500.
Probably best to remove any specific MTU settings, unless you know exactly what you are doing.
Re: No web traffic on LTE mobile broadband
Posted: Thu Oct 01, 2015 1:40 am
by jamesnb
Hello there,
My server log:
Code: Select all
20150930 18:21:48 24.114.38.128:43187 TLS: Initial packet from [AF_INET]24.114.38.128:43187 sid=95bd4df8 27045918
20150930 18:21:50 24.114.38.128:43187 VERIFY OK: depth=1 C=CA ST=BC L=xxx O=OpenVPN OU=changeme CN=xxx name=changeme emailAddress=xxx
20150930 18:21:50 24.114.38.128:43187 VERIFY OK: depth=0 C=CA ST=BC L=xxxr O=OpenVPN OU=changeme CN=client1 name=changeme emailAddress=xxx
20150930 18:21:50 24.114.38.128:43187 NOTE: --mute triggered...
20150930 18:21:50 24.114.38.128:43187 5 variation(s) on previous 3 message(s) suppressed by --mute
20150930 18:21:50 I 24.114.38.128:43187 [client1] Peer Connection Initiated with [AF_INET]24.114.38.128:43187
20150930 18:21:50 I client1/24.114.38.128:43187 MULTI_sva: pool returned IPv4=10.8.8.2 IPv6=(Not enabled)
20150930 18:21:50 client1/24.114.38.128:43187 MULTI: Learn: 10.8.8.2 -> client1/xxx.xxx.xxx.xxx:xxx
20150930 18:21:50 client1/24.114.38.128:43187 MULTI: primary virtual IP for client1/xxx.xxx.xxx.xxx:xxx: 10.8.8.2
20150930 18:21:50 client1/24.114.38.128:43187 PUSH: Received control message: 'PUSH_REQUEST'
20150930 18:21:50 I client1/24.114.38.128:43187 send_push_reply(): safe_cap=940
20150930 18:21:50 client1/24.114.38.128:43187 SENT CONTROL [client1]: 'PUSH_REPLY redirect-gateway def1 route-gateway 10.8.8.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.8.2 255.255.255.0' (status=1)
20150930 18:21:56 N client1/24.114.38.128:43187 write UDPv4: Message too long (code=97)
20150930 18:21:56 N client1/24.114.38.128:43187 write UDPv4: Message too long (code=97)
20150930 18:21:56 N client1/24.114.38.128:43187 write UDPv4: Message too long (code=97)
20150930 18:21:57 client1/24.114.38.128:43187 NOTE: --mute triggered...
20150930 18:22:58 client1/24.114.38.128:43187 207 variation(s) on previous 3 message(s) suppressed by --mute
20150930 18:22:58 client1/24.114.38.128:43187 SIGTERM[soft remote-exit] received client-instance exiting
20150930 18:24:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20150930 18:24:27 D MANAGEMENT: CMD 'state'
20150930 18:24:27 MANAGEMENT: Client disconnected
20150930 18:24:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20150930 18:24:27 D MANAGEMENT: CMD 'state'
20150930 18:24:27 MANAGEMENT: Client disconnected
20150930 18:24:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20150930 18:24:27 D MANAGEMENT: CMD 'state'
20150930 18:24:27 MANAGEMENT: Client disconnected
20150930 18:24:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20150930 18:24:27 D MANAGEMENT: CMD 'status 2'
20150930 18:24:27 MANAGEMENT: Client disconnected
20150930 18:24:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20150930 18:24:27 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
and the Client log:
Code: Select all
2015-09-30 18:21:47 ----- OpenVPN Start -----
OpenVPN core 3.0 ios arm64 64-bit
2015-09-30 18:21:47 UNUSED OPTIONS
5 [resolv-retry] [infinite]
6 [nobind]
7 [persist-key]
8 [persist-tun]
9 [verb] [5]
2015-09-30 18:21:47 LZO-ASYM init swap=0 asym=0
2015-09-30 18:21:47 EVENT: RESOLVE
2015-09-30 18:21:48 Contacting xxx.xxx.xxx.xxx:xxx via UDP
2015-09-30 18:21:48 EVENT: WAIT
2015-09-30 18:21:48 SetTunnelSocket returned 1
2015-09-30 18:21:48 Connecting to xxx.xxx.xxx:xxx (xxx.xxx.xxx.xxx) via UDPv4
2015-09-30 18:21:48 EVENT: CONNECTING
2015-09-30 18:21:48 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2015-09-30 18:21:48 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1
2015-09-30 18:21:50 VERIFY OK: depth=1
cert. version : 3
serial number : DE:EF:E9:89:5C:16:30:F5
issuer name : C=CA, ST=BC, L=xxx, O=OpenVPN, OU=changeme, CN=xxx, ??=changeme, emailAddress=xxx
subject name : C=CA, ST=BC, L=Vancouver, O=OpenVPN, OU=changeme, CN=xxx, ??=changeme, emailAddress=xxx
issued on : 2015-09-21 00:03:01
expires on : 2025-09-18 00:03:01
signed using : RSA with SHA1
RSA key size : 1024 bits
basic constraints : CA=true
2015-09-30 18:21:50 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=CA, ST=BC, L=xxx, O=OpenVPN, OU=changeme, CN=xxx, ??=changeme, emailAddress=xxx
subject name : C=CA, ST=BC, L=xxx, O=OpenVPN, OU=changeme, CN=xxx, ??=changeme, emailAddress=xxx
issued on : 2015-09-21 00:03:52
expires on : 2025-09-18 00:03:52
signed using : RSA with MD5
RSA key size : 1024 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2015-09-30 18:21:51 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2015-09-30 18:21:51 Session is ACTIVE
2015-09-30 18:21:51 EVENT: GET_CONFIG
2015-09-30 18:21:51 Sending PUSH_REQUEST to server...
2015-09-30 18:21:51 OPTIONS:
0 [redirect-gateway] [def1]
1 [route-gateway] [10.8.8.1]
2 [topology] [subnet]
3 [ping] [10]
4 [ping-restart] [120]
5 [ifconfig] [10.8.8.2] [255.255.255.0]
2015-09-30 18:21:51 LZO-ASYM init swap=0 asym=0
2015-09-30 18:21:51 EVENT: ASSIGN_IP
2015-09-30 18:21:51 Google DNS fallback enabled
2015-09-30 18:21:51 Connected via tun
2015-09-30 18:21:51 EVENT: CONNECTED @xxx.xxx.xxx:xxx (xxx.xxx.xxx.xxx) via /UDPv4 on tun/10.8.8.2/
2015-09-30 18:21:51 SetStatus Connected
2015-09-30 18:22:58 TUN reset routes
2015-09-30 18:22:58 EVENT: DISCONNECTED
2015-09-30 18:22:58 Raw stats on disconnect:
BYTES_IN : 442856
BYTES_OUT : 187868
PACKETS_IN : 871
PACKETS_OUT : 908
TUN_BYTES_IN : 145805
TUN_BYTES_OUT : 401222
TUN_PACKETS_IN : 868
TUN_PACKETS_OUT : 833
2015-09-30 18:22:58 Performance stats on disconnect:
CPU usage (microseconds): 324201
Tunnel compression ratio (uplink): 1.28849
Tunnel compression ratio (downlink): 1.10377
Network bytes per CPU second: 1945472
Tunnel bytes per CPU second: 1687308
2015-09-30 18:22:58 ----- OpenVPN Stop -----
Re: No web traffic on LTE mobile broadband
Posted: Thu Oct 01, 2015 11:33 am
by Traffic
Please post server and client config files.
Re: No web traffic on LTE mobile broadband
Posted: Fri Oct 02, 2015 4:19 am
by jamesnb
Hi Traffic,
Server config: because i use OpenVPN on DD-WRT, the followings are my server option
Code: Select all
Config as: Server (other option is Deamon)
Server mode: Router (TUN) (other option is Bridge (TAP))
Network: 10.8.8.0
Netmark: 255.255.255.0
Port: xxxx
Tunnel protocol: TUN
Tunel MTU setting: 1400 (default)
ca ca.cert
Key server.key
dh dh1024.pem
Client config:
Code: Select all
remote xxx.xxx.xxx xxxx
client
remote-cert-tls server
dev tun
proto udp
resolv-retry infinite
nobind
tun-mtu 1400
persist-key
persist-tun
verb 5
comp-lzo yes
cipher AES-128-CBC
float
ca ca.crt"
certclient1.crt"
keyclient1.key"
The weird thing is that, I can ping the website using command prompt on Windows 7, and got the response like ....TTLS=53
But if I use the browser to browse any website, it just hangs there forever. Nothing loaded.
Again, if I use wireless Internet at coffee shops, my friend's house then it works perfectly fine. Just not working on mobile (LTE or 4G) network.
Appreciate your support.
Re: No web traffic on LTE mobile broadband
Posted: Fri Oct 02, 2015 10:28 am
by Traffic
It is possible the LTE/4g link has MTU issues .. try using the settings detailed under
--tun-mtu (--fragment/--mssfix) in
The Manual v23x
Re: No web traffic on LTE mobile broadband
Posted: Fri Oct 02, 2015 8:02 pm
by jamesnb
Hi Traffic,
Could you please suggest in my specific case, what command of the MTU and mssfix config should I put in the client config file? I am totally nob in this area.
Appreciate your support.
Re: No web traffic on LTE mobile broadband
Posted: Fri Oct 02, 2015 8:25 pm
by Traffic
Try --proto tcp for testing.
Re: No web traffic on LTE mobile broadband
Posted: Sat Oct 03, 2015 8:58 am
by jamesnb
Hi traffic,
I have tried to use the following command on both client and server config
tun-mtu 1500
mssfix
fragment 1300
When I use the LTE/4G stick with my laptop, I can connect to the VPN and everything is working fine:) yay
However, if I use my iPhone on LTE, running latest VPN connect agent, it still cannot connect.... It said that it does not support Fragment command....
Any idea how to make it work on iPhone?
Thanks
Re: No web traffic on LTE mobile broadband
Posted: Tue Oct 06, 2015 12:54 am
by jamesnb
Any help is really appreciated....