Is there other special configuration needed based on ISP ?

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
amanshukor
OpenVPN User
Posts: 21
Joined: Mon Nov 07, 2011 11:00 pm

Is there other special configuration needed based on ISP ?

Post by amanshukor » Tue Nov 08, 2011 10:44 pm

Hi,

I used 2 ISP , one is DSL ISP and another is WiMAX provider.
I was successfully running up my home VPN and it's working if I connect it using
my DSL connection. I used the default configuration from sample-files.

When I use the second ISP that is WiMAX, I end up connected to my VPN
but cannot surf, ping or resolve my DNS.

I will attach the log of my client when I connect using my second ISP.

Server Configuration

Code: Select all

local VPNaddress
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh512.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
plugin /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
Client Configuration

Code: Select all

client
dev tun
proto udp 
remote VPNaddress 1194 
resolv-retry infinite
nobind
#tun-mtu 1500
#tun-mtu-extra 32
#mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
Issue
and another weird thing is, why my TAP network had a default gateway of 10.8.0.5
as I know it should be 10.8.0.1 , I tried to ping 10.8.0.1 and I receive reply.

Is there any misconfiguration here ?

WiMAX ISP Problems..
and here the log file of the client when I connect it using my second ISP

Code: Select all

Wed Nov 09 06:27:41 2011 OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] built on Jul  1 2011
Wed Nov 09 06:27:58 2011 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Nov 09 06:27:58 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Nov 09 06:27:58 2011 LZO compression initialized
Wed Nov 09 06:27:58 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Nov 09 06:27:58 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Nov 09 06:27:58 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Nov 09 06:27:58 2011 Local Options hash (VER=V4): '41690919'
Wed Nov 09 06:27:58 2011 Expected Remote Options hash (VER=V4): '530fdded'
Wed Nov 09 06:27:58 2011 UDPv4 link local: [undef]
Wed Nov 09 06:27:58 2011 UDPv4 link remote: VPNaddress:1194
Wed Nov 09 06:27:58 2011 TLS: Initial packet from VPNaddress:1194, sid=e4c78d90 4b688188
Wed Nov 09 06:27:58 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Nov 09 06:27:59 2011 VERIFY OK: depth=1, /C=MY/ST=PNG/L=Georgotown/O=Rainz/CN=Rainz_CA/emailAddress=ilantuta@gmail.com
Wed Nov 09 06:27:59 2011 VERIFY OK: depth=0, /C=MY/ST=PNG/L=Georgotown/O=Rainz/CN=server/emailAddress=ilantuta@gmail.com
Wed Nov 09 06:28:00 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 09 06:28:00 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 09 06:28:00 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 09 06:28:00 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 09 06:28:00 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
Wed Nov 09 06:28:00 2011 [server] Peer Connection Initiated with VPNaddress:1194
Wed Nov 09 06:28:03 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Nov 09 06:28:03 2011 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Wed Nov 09 06:28:03 2011 OPTIONS IMPORT: timers and/or timeouts modified
Wed Nov 09 06:28:03 2011 OPTIONS IMPORT: --ifconfig/up options modified
Wed Nov 09 06:28:03 2011 OPTIONS IMPORT: route options modified
Wed Nov 09 06:28:03 2011 ROUTE default_gateway=172.22.196.1
Wed Nov 09 06:28:03 2011 ROUTE: bypass_host_route[0]=172.22.196.1
Wed Nov 09 06:28:03 2011 TAP-WIN32 device [Local Area Connection 6] opened: \\.\Global\{C07FB35C-0BFE-4508-960A-F07BEF74469B}.tap
Wed Nov 09 06:28:03 2011 TAP-Win32 Driver Version 9.8 
Wed Nov 09 06:28:03 2011 TAP-Win32 MTU=1500
Wed Nov 09 06:28:03 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {C07FB35C-0BFE-4508-960A-F07BEF74469B} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Wed Nov 09 06:28:03 2011 Successful ARP Flush on interface [3] {C07FB35C-0BFE-4508-960A-F07BEF74469B}
Wed Nov 09 06:28:08 2011 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Wed Nov 09 06:28:08 2011 C:\WINDOWS\system32\route.exe ADD VPNaddress MASK 255.255.255.255 172.22.196.1
Wed Nov 09 06:28:08 2011 Warning: route gateway is not reachable on any active network adapters: 172.22.196.1
Wed Nov 09 06:28:08 2011 Route addition via IPAPI failed [adaptive]
Wed Nov 09 06:28:08 2011 Route addition fallback to route.exe
The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine.
Wed Nov 09 06:28:09 2011 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Nov 09 06:28:09 2011 Route addition via IPAPI succeeded [adaptive]
Wed Nov 09 06:28:09 2011 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Nov 09 06:28:09 2011 Route addition via IPAPI succeeded [adaptive]
Wed Nov 09 06:28:09 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Wed Nov 09 06:28:09 2011 Route addition via IPAPI succeeded [adaptive]
Wed Nov 09 06:28:09 2011 Initialization Sequence Completed
Wed Nov 09 06:29:11 2011 TCP/UDP: Closing socket
Wed Nov 09 06:29:11 2011 C:\WINDOWS\system32\route.exe DELETE 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Wed Nov 09 06:29:11 2011 Route deletion via IPAPI succeeded [adaptive]
Wed Nov 09 06:29:11 2011 C:\WINDOWS\system32\route.exe DELETE VPNaddress MASK 255.255.255.255 172.22.196.1
Wed Nov 09 06:29:11 2011 Warning: route gateway is not reachable on any active network adapters: 172.22.196.1
Wed Nov 09 06:29:11 2011 Route deletion via IPAPI failed [adaptive]
Wed Nov 09 06:29:11 2011 Route deletion fallback to route.exe
The route specified was not found.
Wed Nov 09 06:29:11 2011 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Nov 09 06:29:11 2011 Route deletion via IPAPI succeeded [adaptive]
Wed Nov 09 06:29:11 2011 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Nov 09 06:29:11 2011 Route deletion via IPAPI succeeded [adaptive]
Wed Nov 09 06:29:11 2011 Closing TUN/TAP interface
Wed Nov 09 06:29:11 2011 SIGTERM[hard,] received, process exiting
My route print

Code: Select all

C:\Documents and Settings\User>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 ff c0 7f b3 5c ...... TAP-Win32 Adapter V9 - Packet Scheduler Miniport

0x30002 ...00 1e 31 21 3c bd ...... Yes Go - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0        128.0.0.0         10.8.0.5        10.8.0.6       1
          0.0.0.0          0.0.0.0     172.22.196.1   183.78.86.217       20
         10.8.0.1  255.255.255.255         10.8.0.5        10.8.0.6       1
         10.8.0.4  255.255.255.252         10.8.0.6        10.8.0.6       30
         10.8.0.6  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
        128.0.0.0        128.0.0.0         10.8.0.5        10.8.0.6       1
    183.78.86.217  255.255.255.255        127.0.0.1       127.0.0.1       20
   183.78.255.255  255.255.255.255    183.78.86.217   183.78.86.217       20
        224.0.0.0        240.0.0.0         10.8.0.6        10.8.0.6       30
        224.0.0.0        240.0.0.0    183.78.86.217   183.78.86.217       20
  255.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       1
  255.255.255.255  255.255.255.255    183.78.86.217   183.78.86.217       1
Default Gateway:          10.8.0.5
===========================================================================
Persistent Routes:
  None
IPTables

Code: Select all

[root@server openvpn]# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     all  --  10.8.0.0/24          anywhere            
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Last edited by amanshukor on Wed Nov 09, 2011 6:51 pm, edited 1 time in total.
Top
User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:
Contact janjust

Re: Is there other special configuration needed based on ISP

Post by janjust » Wed Nov 09, 2011 7:19 am

this is a problem often seen with 3G operators and apparently now also with WiMax. The log line
Wed Nov 09 06:28:03 2011 ROUTE default_gateway=172.22.196.1
shows that OpenVPN determined that the default GW is 172.22.196.1; your routing table, however, does not list that address as being reachable "by default". Please post the routing table prior to starting OpenVPN.

The only route I currently see is
0.0.0.0 0.0.0.0 172.22.196.1 183.78.86.217 20
which seems odd - your device is assigned a public IP yet the default GW is a private IP one? It seems the WiMax provider has a creative view on routing - you will need to figure out how they think you want to connect to the internet.

Another option is to use

Code: Select all

tracert -d 8.8.8.8
to view the first "hop" when trying to reach a public IP - what value is returned?
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: Is there other special configuration needed based on ISP

Post by maikcat » Wed Nov 09, 2011 7:41 am

your server has dev tun and your client dev tap...

please post the right configs

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"
Top
amanshukor
OpenVPN User
Posts: 21
Joined: Mon Nov 07, 2011 11:00 pm

Re: Is there other special configuration needed based on ISP

Post by amanshukor » Wed Nov 09, 2011 7:01 pm

maikcat wrote:your server has dev tun and your client dev tap...

please post the right configs

Michael.
Sorry my mistake, actually it is tun by the way.
janjust wrote: shows that OpenVPN determined that the default GW is 172.22.196.1; your routing table, however, does not list that address as being reachable "by default". Please post the routing table prior to starting OpenVPN.

Code: Select all

C:\Documents and Settings\Feez>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 ff 6f 09 8e 80 ...... TAP-Win32 Adapter OAS - Packet Scheduler Minipor
t
0x4 ...00 ff 3f 43 ba 72 ...... TAP-Win32 Adapter V9 - Packet Scheduler Miniport

0x60002 ...00 1e 31 21 3c bd ...... Yes Go - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     172.22.196.1    183.78.67.66       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      169.254.0.0      255.255.0.0     183.78.67.66    183.78.67.66       30
     183.78.67.66  255.255.255.255        127.0.0.1       127.0.0.1       20
   183.78.255.255  255.255.255.255     183.78.67.66    183.78.67.66       20
        224.0.0.0        240.0.0.0     183.78.67.66    183.78.67.66       20
  255.255.255.255  255.255.255.255     183.78.67.66               4       1
  255.255.255.255  255.255.255.255     183.78.67.66    183.78.67.66       1
  255.255.255.255  255.255.255.255     183.78.67.66               3       1
Default Gateway:      172.22.196.1
===========================================================================
Persistent Routes:
  None
janjust wrote: Another option is to use

Code: Select all

tracert -d 8.8.8.8
to view the first "hop" when trying to reach a public IP - what value is returned?

Code: Select all

C:\Documents and Settings\Feez>tracert -d 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2   123 ms   164 ms    89 ms  172.22.196.1
  3    68 ms    89 ms    89 ms  172.22.80.34
  4    68 ms    89 ms    89 ms  172.22.81.157
  5    98 ms    89 ms   109 ms  172.22.81.162
  6    72 ms    89 ms    89 ms  172.22.83.52
  7    68 ms    94 ms    84 ms  172.22.0.5
  8   153 ms   529 ms   654 ms  172.20.0.42
  9     *        *        *     Request timed out.
 10    78 ms   229 ms    99 ms  209.85.242.246
 11     *        *      153 ms  209.85.250.237
 12   227 ms   154 ms   164 ms  66.249.94.186
 13   152 ms    99 ms   154 ms  8.8.8.8

Trace complete.
one more thing is when I change the client verb to 6,
it seems like it was flooding the VPN with packet/data.
When I compare it to my DSL connection, the packet/data of UDP seems normal rather than flooding the VPN.
Top
User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:
Contact janjust

Re: Is there other special configuration needed based on ISP

Post by janjust » Thu Nov 10, 2011 8:46 am

ugh... this
0.0.0.0 0.0.0.0 172.22.196.1 183.78.67.66 20
is against most normal routing rules. You will need to find a way to reach the default GW after the VPN connection is up. Windows does not grok

Code: Select all

C:\WINDOWS\system32\route.exe ADD VPNaddress MASK 255.255.255.255 172.22.196.1
as the GW host 172.22.196.1 itself is not on the same network as the WiMax connection. I don't know how to work around this in Windows (Linux, of course, does have this problem ;))
Top
amanshukor
OpenVPN User
Posts: 21
Joined: Mon Nov 07, 2011 11:00 pm

Re: Is there other special configuration needed based on ISP

Post by amanshukor » Thu Nov 10, 2011 9:39 am

janjust wrote:ugh... this
0.0.0.0 0.0.0.0 172.22.196.1 183.78.67.66 20
is against most normal routing rules. You will need to find a way to reach the default GW after the VPN connection is up. Windows does not grok

Code: Select all

C:\WINDOWS\system32\route.exe ADD VPNaddress MASK 255.255.255.255 172.22.196.1
as the GW host 172.22.196.1 itself is not on the same network as the WiMax connection. I don't know how to work around this in Windows (Linux, of course, does have this problem ;))
Ya, I have read some solution regarding, I need to prevent my default gateway being directed to the VPN as the VPN will terminate my connection to the VPN it self.
I'm thinking a way to make it something like, after the connection was made, I need to prevent my default gateway that is 172.22.196.1 to be redirected to the VPN only other connection go to the VPN but not the connection enstablished to the VPN itself.

But googling it didn't give me any chance urm...
actually there are 1 VPN that enable me to use VPN successfully but I prefer to use
my own VPN.

justjan, can I know, to solve this I just need to made some setting in my server.conf right ?
is there a way I clone how other openVPN service available out there config ?
Top
User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:
Contact janjust

Re: Is there other special configuration needed based on ISP

Post by janjust » Thu Nov 10, 2011 9:48 am

your default GW is redirected because you specify
push "redirect-gateway def1 bypass-dhcp"
if you uncomment this the default GW is untouched but then you need to add routes for all traffic that should go via the VPN.
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: Is there other special configuration needed based on ISP

Post by Mimiko » Thu Nov 10, 2011 10:15 am

Wed Nov 09 06:28:08 2011 C:\WINDOWS\system32\route.exe ADD VPNaddress MASK 255.255.255.255 172.22.196.1
Wed Nov 09 06:28:08 2011 Warning: route gateway is not reachable on any active network adapters: 172.22.196.1
Wed Nov 09 06:28:08 2011 Route addition via IPAPI failed [adaptive]
Wed Nov 09 06:28:08 2011 Route addition fallback to route.exe
The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine.
The error is on client, so Im curious how the connection is good with the DSL provider on server.
0.0.0.0 0.0.0.0 172.22.196.1 183.78.67.66 20
Is a normal configuration. It means that all packets should be frown into interface with IP 183.78.67.66 to GW 172.22.196.1 that my be in another network. Something on the other end from interface will redirect the packed forward to that GW. This configuration on windows may be done by GUI easily, setting GW not under the ip and mask of interface, but on the advanced window. Althought, the same can't be achieved by route command from a prompt line. May be using ipapi method for adding routes in window will add that route.
Top
amanshukor
OpenVPN User
Posts: 21
Joined: Mon Nov 07, 2011 11:00 pm

Re: Is there other special configuration needed based on ISP

Post by amanshukor » Thu Nov 10, 2011 11:38 am

Mimiko wrote:
Wed Nov 09 06:28:08 2011 C:\WINDOWS\system32\route.exe ADD VPNaddress MASK 255.255.255.255 172.22.196.1
Wed Nov 09 06:28:08 2011 Warning: route gateway is not reachable on any active network adapters: 172.22.196.1
Wed Nov 09 06:28:08 2011 Route addition via IPAPI failed [adaptive]
Wed Nov 09 06:28:08 2011 Route addition fallback to route.exe
The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine.
The error is on client, so Im curious how the connection is good with the DSL provider on server.
0.0.0.0 0.0.0.0 172.22.196.1 183.78.67.66 20
Is a normal configuration. It means that all packets should be frown into interface with IP 183.78.67.66 to GW 172.22.196.1 that my be in another network. Something on the other end from interface will redirect the packed forward to that GW. This configuration on windows may be done by GUI easily, setting GW not under the ip and mask of interface, but on the advanced window. Althought, the same can't be achieved by route command from a prompt line. May be using ipapi method for adding routes in window will add that route.
are you saying that I need to change my GW from the GUI on Windows, but with what IP should I change the GW, as I understand now, the source of the Internet is 172.22.176.1, without it I will not able to surf the net right ? or did I misunderstood something here.
Top
amanshukor
OpenVPN User
Posts: 21
Joined: Mon Nov 07, 2011 11:00 pm

Re: Is there other special configuration needed based on ISP

Post by amanshukor » Thu Nov 10, 2011 11:43 am

janjust wrote:your default GW is redirected because you specify
push "redirect-gateway def1 bypass-dhcp"
if you uncomment this the default GW is untouched but then you need to add routes for all traffic that should go via the VPN.
can you give some example for doing this ?
example for adding routes for surfing the web what
will i need to do ?

Code: Select all

route-method exe <route-delay 2
can I know the function of it ?
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: Is there other special configuration needed based on ISP

Post by maikcat » Thu Nov 10, 2011 1:31 pm

hi there,

pushing routes to clients

push "route 192.168.x.0 255.255.255.0"


this will push a static route to your client for 192.168.x.0 network

if you want to access the internet ,the redirect-gateway statement must used...

route method exe is for windows client only,its alternative is ipapi

its used to select how the client will add the routes its receives to windows.

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: Is there other special configuration needed based on ISP

Post by Mimiko » Thu Nov 10, 2011 3:45 pm

amanshukor, please post the output of "ipconfig /all" and please do not hide the IPs, no one wil try to hack. Without the IPs its hard to guess what might be.
Top
amanshukor
OpenVPN User
Posts: 21
Joined: Mon Nov 07, 2011 11:00 pm

Re: Is there other special configuration needed based on ISP

Post by amanshukor » Thu Nov 10, 2011 5:09 pm

maikcat wrote:hi there,

pushing routes to clients

push "route 192.168.x.0 255.255.255.0"


this will push a static route to your client for 192.168.x.0 network

if you want to access the internet ,the redirect-gateway statement must used...

route method exe is for windows client only,its alternative is ipapi

its used to select how the client will add the routes its receives to windows.

Michael.
Hi can I know why do I need to push route 192.168.x.0 ?
anyway thanks for information regarding route method exe.
Top
amanshukor
OpenVPN User
Posts: 21
Joined: Mon Nov 07, 2011 11:00 pm

Re: Is there other special configuration needed based on ISP

Post by amanshukor » Thu Nov 10, 2011 5:26 pm

Mimiko wrote:amanshukor, please post the output of "ipconfig /all" and please do not hide the IPs, no one wil try to hack. Without the IPs its hard to guess what might be.
below is my ipconfig /all

Before connecting

Code: Select all

C:\Documents and Settings\User>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : PC-Feez
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 6:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : TAP-Win32 Adapter V9
        Physical Address. . . . . . . . . : 00-FF-C0-7F-B3-5C

Ethernet adapter Local Area Connection 7:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WiMAX Go
        Physical Address. . . . . . . . . : 00-1E-31-21-3C-BD
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 183.78.80.146
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 172.22.196.1
        DHCP Server . . . . . . . . . . . : 172.22.196.1
        DNS Servers . . . . . . . . . . . : 8.8.8.8
                                            8.8.4.4
        Lease Obtained. . . . . . . . . . : Friday, November 11, 2011 1:23:16 AM

        Lease Expires . . . . . . . . . . : Friday, November 11, 2011 2:23:16 AM
After Connected to VPN

Code: Select all

C:\Documents and Settings\User>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : PC-Feez
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 6:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : TAP-Win32 Adapter V9
        Physical Address. . . . . . . . . : 00-FF-C0-7F-B3-5C
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.8.0.6
        Subnet Mask . . . . . . . . . . . : 255.255.255.252
        Default Gateway . . . . . . . . . : 10.8.0.5
        DHCP Server . . . . . . . . . . . : 10.8.0.5
        DNS Servers . . . . . . . . . . . : 8.8.8.8
                                            8.8.4.4
        Lease Obtained. . . . . . . . . . : Friday, November 11, 2011 1:40:47 AM

        Lease Expires . . . . . . . . . . : Saturday, November 10, 2012 1:40:47
AM

Ethernet adapter Local Area Connection 7:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WiMAX Go
        Physical Address. . . . . . . . . : 00-1E-31-21-3C-BD
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 183.78.80.21
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 172.22.196.1
        DHCP Server . . . . . . . . . . . : 172.22.196.1
        DNS Servers . . . . . . . . . . . : 8.8.8.8
                                            8.8.4.4
        Lease Obtained. . . . . . . . . . : Friday, November 11, 2011 1:40:21 AM

        Lease Expires . . . . . . . . . . : Friday, November 11, 2011 2:40:21 AM
Top
amanshukor
OpenVPN User
Posts: 21
Joined: Mon Nov 07, 2011 11:00 pm

Re: Is there other special configuration needed based on ISP

Post by amanshukor » Mon Nov 21, 2011 10:20 am

after trying OpenVPN in my office, it seems the VPN cannot work,
I think I follow everything on setting up the VPN, but it seems only
working if I have a direct connection to my ISP only ...
same as using the WiMAX, it can connect but cant do anything.
same when I try to do it at my office computer.

I can bet that the problems are not caused by firewall in my server.

I don't know where to refer anymore after tried many setting.
Last edited by amanshukor on Tue Nov 22, 2011 12:05 am, edited 1 time in total.
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: Is there other special configuration needed based on ISP

Post by Mimiko » Mon Nov 21, 2011 8:37 pm

amanshukor, althougth the WiMAX dhcp answer and clietn configuration is valid is possible, where gw is from another network than the ip of adapter itself, it seems that dhcp assigning in windows is done differently than using netsh command. I asked this particular issue on the microsoft answers forum and still none responded.
Top
amanshukor
OpenVPN User
Posts: 21
Joined: Mon Nov 07, 2011 11:00 pm

Re: Is there other special configuration needed based on ISP

Post by amanshukor » Tue Nov 22, 2011 12:12 am

Is this client problems or server need extra configuration ?
If based on my situation I think the VPN it self need some extra configuration,
that why I come out with this Title for this thread,
as I had use a VPN Service before that serve OpenVPN and it can be use for my WiMAX.
I know some will say "I should subscribe them", but I prefer to learn doing my own VPN as the OpenVPN
got it Community Support, why should I didn't try it myself, at least I can learn something new here.
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: Is there other special configuration needed based on ISP

Post by Mimiko » Tue Nov 22, 2011 7:12 am

It's a problem of Wimax mobile provider, who configure clients in a non standart way.
Top
amanshukor
OpenVPN User
Posts: 21
Joined: Mon Nov 07, 2011 11:00 pm

Re: Is there other special configuration needed based on ISP

Post by amanshukor » Tue Nov 22, 2011 12:46 pm

Mimiko wrote:It's a problem of Wimax mobile provider, who configure clients in a non standart way.
if the problems are the ISP, I dont think ISP will follow the 'standard way' as
they are the one that want to Filter and they probably wanted to prevent us
from using VPN as they can't throttle and block sites anymore.

So for me the problems is the server configuration, it need to be more intelligent to know how create the tunnels. It seems I will end up with fail to create my own OpenVPN, I successfully can access my VPN if I use the DSL ISP but the speed was very terrible, but it still success for me and this ISP I think didn't good in monitoring their client, then VPN isn't needed here.

Oh my.. Why the VPN works on the connection that I don't need it to be active :( ...
But stuck on ISP that massively filtering sites.
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: Is there other special configuration needed based on ISP

Post by Mimiko » Wed Nov 23, 2011 7:02 am

if the problems are the ISP, I dont think ISP will follow the 'standard way' as
they are the one that want to Filter and they probably wanted to prevent us
from using VPN as they can't throttle and block sites anymore.
It's a violation of user privacy. You can use them if you can demosntrate that they monitor and filter you.
So for me the problems is the server configuration
It's no the problem of the server, it's the client who can't add the route.

As a workaround you can add the falling route manualy. And ignore the OpenVPN errors in log.
Top
Post Reply

Return to “Configuration”