OVPN file not working?

[LoloBond]

Hello all,

I'm having some issues using ovpn files on my Asus AC68U/Merlin fw. I upload the file, the connection with the server starts, it shows on the server that my router is connected but my devices have no internet.

Jun 2 23:02:47 rc_service: httpd 456:notify_rc start_vpnclient2
Jun 2 23:02:47 kernel: tun: Universal TUN/TAP device driver, 1.6
Jun 2 23:02:47 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Jun 2 23:02:48 openvpn[11847]: OpenVPN 2.3.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr 28 2015
Jun 2 23:02:48 openvpn[11847]: library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.09
Jun 2 23:02:48 openvpn[11847]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 2 23:02:48 openvpn[11847]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Jun 2 23:02:48 openvpn[11848]: UDPv4 link local: [undef]
Jun 2 23:02:48 openvpn[11848]: UDPv4 link remote: [AF_INET]104.xxx.xx.xx:1194
Jun 2 23:02:48 openvpn[11848]: TLS: Initial packet from [AF_INET]104.xxx.xx.xx:1194, sid=b6146245
Jun 2 23:02:49 openvpn[11848]: VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=EasyRSA, emailAddress=me@myhost.mydomain
Jun 2 23:02:49 openvpn[11848]: VERIFY OK: nsCertType=SERVER
Jun 2 23:02:49 openvpn[11848]: VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=EasyRSA, emailAddress=me@myhost.mydomain
Jun 2 23:02:49 openvpn[11848]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 2 23:02:49 openvpn[11848]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 2 23:02:49 openvpn[11848]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 2 23:02:49 openvpn[11848]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 2 23:02:49 openvpn[11848]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Jun 2 23:02:49 openvpn[11848]: [server] Peer Connection Initiated with [AF_INET]104.xxx.xx.xx:1194
Jun 2 23:02:52 openvpn[11848]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Jun 2 23:02:52 openvpn[11848]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.38 10.8.0.37'
Jun 2 23:02:52 openvpn[11848]: OPTIONS IMPORT: timers and/or timeouts modified
Jun 2 23:02:52 openvpn[11848]: OPTIONS IMPORT: --ifconfig/up options modified
Jun 2 23:02:52 openvpn[11848]: OPTIONS IMPORT: route options modified
Jun 2 23:02:52 openvpn[11848]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jun 2 23:02:52 openvpn[11848]: TUN/TAP device tun12 opened
Jun 2 23:02:52 openvpn[11848]: TUN/TAP TX queue length set to 100
Jun 2 23:02:52 openvpn[11848]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jun 2 23:02:52 openvpn[11848]: /usr/sbin/ip link set dev tun12 up mtu 1500
Jun 2 23:02:52 openvpn[11848]: /usr/sbin/ip addr add dev tun12 local 10.8.0.38 peer 10.8.0.37
Jun 2 23:02:52 openvpn[11848]: updown.sh tun12 1500 1542 10.8.0.38 10.8.0.37 init
Jun 2 23:02:52 rc_service: service 11879:notify_rc updateresolv
Jun 2 23:02:52 dnsmasq[11832]: read /etc/hosts - 5 addresses
Jun 2 23:02:52 dnsmasq[11832]: using nameserver 8.8.8.8#53
Jun 2 23:02:54 openvpn[11848]: /usr/sbin/ip route add 104.xxx.xx.xx/32 via 69.xxx.xxx.x
Jun 2 23:02:54 openvpn[11848]: /usr/sbin/ip route add 0.0.0.0/1 via 10.8.0.37
Jun 2 23:02:54 openvpn[11848]: /usr/sbin/ip route add 128.0.0.0/1 via 10.8.0.37
Jun 2 23:02:54 openvpn[11848]: /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.37
Jun 2 23:02:55 openvpn-routing: Skipping, not in routing policy mode
Jun 2 23:02:55 openvpn[11848]: Initialization Sequence Completed


TIA!

 

[cosmoxl]

have you used the policy routing mode at all? if so, some problems with rules being enforced even though you're not using policy routing mode right now.

ssh into your client here and type "ip rule show" to see if there are residual rules from policy routing.

 

[LoloBond]

have you used the policy routing mode at all? if so, some problems with rules being enforced even though you're not using policy routing mode right now.

ssh into your client here and type "ip rule show" to see if there are residual rules from policy routing.

thanks for replaying. I was able to get an answer from another user (moebis) and it looks like the ovpn file don't make any changes to "Accept DNS Configuration"... after changing to strict it started working.

 

[RMerlin]

it looks like the ovpn file don't make any changes to "Accept DNS Configuration"... after changing to strict it started working.

It does not, because that's not an OpenVPN configuration setting, it determines how the firmware will configure dnsmasq.

 

[cosmoxl]

the log showed that google (8.8.8.8) was being used, so I figured that should work.

BTW, you can specify DNS in ovpn config files. however, you'll still have to use a setting other than "disabled" for the "accept DNS config" option in the GUI.

dhcp-option DNS <dns_server_ip_address>

 

[LoloBond]

It does not, because that's not an OpenVPN configuration setting, it determines how the firmware will configure dnsmasq.

the log showed that google (8.8.8.8) was being used, so I figured that should work.

BTW, you can specify DNS in ovpn config files. however, you'll still have to use a setting other than "disabled" for the "accept DNS config" option in the GUI.

dhcp-option DNS <dns_server_ip_address>

thank you both for your input.

VPN is finally working! I did OC a bit to improve speeds. very happy, thanks!