OpenVPN Support Forum

Hi
I have configured a openvpn client to connect to a comercial openvpn server.
The client connects but no internet
Can you help me?

Here's the log:


un Oct 6 14:04:31 2019 OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Oct 6 14:04:31 2019 library versions: OpenSSL 1.0.2t 10 Sep 2019, LZO 2.10
Sun Oct 6 14:04:32 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Oct 6 14:04:32 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Oct 6 14:04:32 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.201.69:1194
Sun Oct 6 14:04:32 2019 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Oct 6 14:04:32 2019 UDP link local: (not bound)
Sun Oct 6 14:04:32 2019 UDP link remote: [AF_INET]37.120.201.69:1194
Sun Oct 6 14:04:32 2019 TLS: Initial packet from [AF_INET]37.120.201.69:1194, sid=5cad6952 85a0fb95
Sun Oct 6 14:04:32 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 6 14:04:32 2019 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
Sun Oct 6 14:04:32 2019 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
Sun Oct 6 14:04:32 2019 VERIFY KU OK
Sun Oct 6 14:04:32 2019 Validating certificate extended key usage
Sun Oct 6 14:04:32 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Oct 6 14:04:32 2019 VERIFY EKU OK
Sun Oct 6 14:04:32 2019 VERIFY OK: depth=0, CN=it-mil-v020.prod.surfshark.com
Sun Oct 6 14:04:33 2019 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1581'
Sun Oct 6 14:04:33 2019 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Sun Oct 6 14:04:33 2019 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
Sun Oct 6 14:04:33 2019 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
Sun Oct 6 14:04:33 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Oct 6 14:04:33 2019 [it-mil-v020.prod.surfshark.com] Peer Connection Initiated with [AF_INET]37.120.201.69:1194
Sun Oct 6 14:04:34 2019 SENT CONTROL [it-mil-v020.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
Sun Oct 6 14:04:34 2019 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.4 255.255.255.0,peer-id 2,cipher AES-256-GCM'
Sun Oct 6 14:04:34 2019 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.4.5)
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Oct 6 14:04:34 2019 Socket Buffers: R=[163840->327680] S=[163840->327680]
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: route options modified
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: route-related options modified
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: peer-id set
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: adjusting link_mtu to 1624
Sun Oct 6 14:04:34 2019 OPTIONS IMPORT: data channel crypto options modified
Sun Oct 6 14:04:34 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Oct 6 14:04:34 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 6 14:04:34 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 6 14:04:34 2019 TUN/TAP device tun0 opened
Sun Oct 6 14:04:34 2019 TUN/TAP TX queue length set to 100
Sun Oct 6 14:04:34 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Oct 6 14:04:34 2019 /sbin/ifconfig tun0 10.8.8.4 netmask 255.255.255.0 mtu 1500 broadcast 10.8.8.255
Sun Oct 6 14:04:34 2019 /sbin/route add -net 37.120.201.69 netmask 255.255.255.255 gw 192.168.1.254
Sun Oct 6 14:04:34 2019 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Sun Oct 6 14:04:34 2019 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Sun Oct 6 14:04:34 2019 Initialization Sequence Completed
Sun Oct 6 14:05:19 2019 event_wait : Interrupted system call (code=4)
Sun Oct 6 14:05:19 2019 SIGTERM received, sending exit notification to peer
Sun Oct 6 14:05:20 2019 /sbin/route del -net 37.120.201.69 netmask 255.255.255.255
Sun Oct 6 14:05:20 2019 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Sun Oct 6 14:05:20 2019 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Sun Oct 6 14:05:20 2019 Closing TUN/TAP interface
Sun Oct 6 14:05:20 2019 /sbin/ifconfig tun0 0.0.0.0
Sun Oct 6 14:05:20 2019 SIGTERM[soft,exit-with-notification] received, process exiting

Linux requires a script to change DNS servers.

Then add this to your client config: The script should already be present, if not you can find it here:
https://github.com/alfredopalhares/open ... esolv-conf

As for accessing the internet over the VPN, we cannot help you with that,
please contact your service provider.

Hi TinCanTech
many tks for your answer

I'm runing openvpn in openwrt

That script runs in openwrt?
best regards

My tun0 interface

Type: Ethernet Adapter
Device: tun0
Connected: yes
MAC: 00:00:00:00:00:00
RX: 0 B (0 Pkts.)
TX: 27.92 KB (112 Pkts.)

tun0
Protocol: Unmanaged
Uptime: 0h 0m 10s
MAC: 00:00:00:00:00:00
RX: 0 B (0 Pkts.)
TX: 27.92 KB (112 Pkts.)

It sends but is not receiving (even with or without your proposed changes)

best regards