dragon327328
New Around Here
Hi,
I'm currently trying to configure an HideMyAss VPN behind my RT-N66U with the Merlin firmware.
I am behind a campus proxy, and I connect with a static IP (see hma1.png for the WAN config) and the campus DNS.
When I set the connection details on the router, I can make DNS requests (from the computer as well as the router), and connect to the proxy from the computer (and then access the web).
However I would like all the traffic of the computer to be tunneled in a VPN.
I've therefore configured my VPN (see hma2.png), and it seems to work:
However, from this moment on nslookup or ping or whatever to the outside of the campus network won't work anymore. It just won't terminate, on the computer or on the router. This happens indifferently if I set "accept dns configuration" to "none" or "exclusive". Shutting down the VPN won't repair it, I have to restart the router to get working DNS back (however, the internet connection behind the proxy continues to work).
Before launching the VPN:
After launching the VPN:
I'm mentioning this because I guess it's closely related to the fact that I can't connect to the internet through the VPN with this configuration.
The DHCP-connected computers are just not able to access anything, whereas I would like all their traffic to go through the VPN. The best I can do is pinging the tun11 IP of the router from my computer...
Oh, and the VPN works well if I set it up on my computer.
Do you have any suggestion to make this work?
Thank you!
Dragon
PS/ Some other output, when the VPN is on:
I'm currently trying to configure an HideMyAss VPN behind my RT-N66U with the Merlin firmware.
I am behind a campus proxy, and I connect with a static IP (see hma1.png for the WAN config) and the campus DNS.
When I set the connection details on the router, I can make DNS requests (from the computer as well as the router), and connect to the proxy from the computer (and then access the web).
However I would like all the traffic of the computer to be tunneled in a VPN.
I've therefore configured my VPN (see hma2.png), and it seems to work:
Code:
May 9 20:23:21 openvpn[612]: OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 17 2013
May 9 20:23:21 openvpn[612]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
May 9 20:23:21 openvpn[612]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 9 20:23:21 openvpn[612]: Socket Buffers: R=[87380->131072] S=[16384->131072]
May 9 20:23:21 openvpn[617]: Attempting to establish TCP connection with [AF_INET]129.XXX:8080 [nonblock]
May 9 20:23:22 openvpn[617]: TCP connection established with [AF_INET]129.XXX:8080
May 9 20:23:22 openvpn[617]: Send to HTTP proxy: 'CONNECT 62.233.42.130:443 HTTP/1.0'
May 9 20:23:22 openvpn[617]: HTTP proxy returned: 'HTTP/1.0 200 Connection established'
May 9 20:23:24 openvpn[617]: TCPv4_CLIENT link local: [undef]
May 9 20:23:24 openvpn[617]: TCPv4_CLIENT link remote: [AF_INET]129.XXX:8080
May 9 20:23:24 openvpn[617]: TLS: Initial packet from [AF_INET]129.XXX:8080, sid=6bbpdc1f cfepp1151
May 9 20:23:24 openvpn[617]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 9 20:23:25 openvpn[617]: VERIFY OK: depth=1, C=UK, ST=NR, L=Attleborough, O=Hide My butt! Pro, OU=VPN, CN=vpn.hidemyass.com, emailAddress=ca@hidemyass.com
May 9 20:23:25 openvpn[617]: VERIFY OK: depth=0, C=UK, ST=NR, L=Attleborough, O=Hide My butt! Pro, OU=VPN, CN=server, emailAddress=vpn@hidemyass.com
May 9 20:23:26 openvpn[617]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
May 9 20:23:26 openvpn[617]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
May 9 20:23:26 openvpn[617]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
May 9 20:23:26 openvpn[617]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
May 9 20:23:26 openvpn[617]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
May 9 20:23:26 openvpn[617]: [server] Peer Connection Initiated with [AF_INET]129.XXX:8080
May 9 20:23:28 openvpn[617]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
May 9 20:23:28 openvpn[617]: PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.200.0.1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1,ifconfig 10.200.1.140 255.255.252.0'
May 9 20:23:28 openvpn[617]: OPTIONS IMPORT: --ifconfig/up options modified
May 9 20:23:28 openvpn[617]: OPTIONS IMPORT: route options modified
May 9 20:23:28 openvpn[617]: OPTIONS IMPORT: route-related options modified
May 9 20:23:28 openvpn[617]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 9 20:23:28 openvpn[617]: TUN/TAP device tun11 opened
May 9 20:23:28 openvpn[617]: TUN/TAP TX queue length set to 100
May 9 20:23:28 openvpn[617]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
May 9 20:23:28 openvpn[617]: /sbin/ifconfig tun11 10.200.1.140 netmask 255.255.252.0 mtu 1500 broadcast 10.200.3.255
May 9 20:23:28 openvpn[617]: updown.sh tun11 1500 1576 10.200.1.140 255.255.252.0 init
May 9 20:23:28 notify_rc : updateresolv
May 9 20:23:28 dnsmasq[548]: read /etc/hosts - 3 addresses
May 9 20:23:28 dnsmasq[548]: failed to load names from /etc/hosts.dnsmasq: No such file or directory
May 9 20:23:28 dnsmasq[548]: using nameserver 208.67.220.220#53
May 9 20:23:28 dnsmasq[548]: using nameserver 208.67.222.222#53
May 9 20:23:28 openvpn[617]: /sbin/route add -net 129.XXX netmask 255.255.255.255 gw 129.XXY
May 9 20:23:28 openvpn[617]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.200.0.1
May 9 20:23:28 openvpn[617]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.200.0.1
May 9 20:23:28 openvpn[617]: Initialization Sequence CompletedHowever, from this moment on nslookup or ping or whatever to the outside of the campus network won't work anymore. It just won't terminate, on the computer or on the router. This happens indifferently if I set "accept dns configuration" to "none" or "exclusive". Shutting down the VPN won't repair it, I have to restart the router to get working DNS back (however, the internet connection behind the proxy continues to work).
Before launching the VPN:
Code:
traceroute 173.194.40.184
traceroute to 173.194.40.184 (173.194.40.184), 30 hops max, 38 byte packets
1 proxy.mycampus (129.XXX) 1.358 ms !N 1.817 ms !N 0.916 ms !N
Code:
traceroute 173.194.40.184
traceroute to 173.194.40.184 (173.194.40.184), 30 hops max, 38 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
...I'm mentioning this because I guess it's closely related to the fact that I can't connect to the internet through the VPN with this configuration.
The DHCP-connected computers are just not able to access anything, whereas I would like all their traffic to go through the VPN. The best I can do is pinging the tun11 IP of the router from my computer...
Oh, and the VPN works well if I set it up on my computer.
Do you have any suggestion to make this work?
Thank you!
Dragon
PS/ Some other output, when the VPN is on:
Code:
# ip route show table main
129.XXX via 129.XXY dev eth0
129.XXY dev eth0 scope link
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1
129.XX/22 dev eth0 proto kernel scope link src 129.XX
10.200.0.0/22 dev tun11 proto kernel scope link src 10.200.1.140
127.0.0.0/8 dev lo scope link
0.0.0.0/1 via 10.200.0.1 dev tun11
128.0.0.0/1 via 10.200.0.1 dev tun11
default via 129.XXX dev eth0
Code:
# cat /etc/openvpn/client1/config.ovpn
# Automatically generated configuration
daemon
client
dev tun11
proto tcp-client
remote 62.233.42.130 443
resolv-retry 30
nobind
persist-key
persist-tun
comp-lzo adaptive
redirect-gateway def1
verb 3
script-security 2
up updown.sh
down updown.sh
ca ca.crt
cert client.crt
key client.key
auth-user-pass up
status-version 2
status status
# Custom Configuration
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
http-proxy-retry
http-proxy 129.XXX 8080Attachments
Last edited:
