Solved OpenVPN Server Issue

[Wishmaster1965]

I have been running this with no issue as a server up until I did a clean Factory reset after installing 388.4.

I setup 2 clients with passwords, setup Both for "Client will use VPN to access" and change to 2048 for RSA Encryption. In Advanced I change the IP to 10.10.10.0/C.

I export the VPN config file and load to my 2 Android devices using the Open VPN Client on each client.

As I understand this with "Client will use VPN to access" Both , will force my android device to use my home internet where I can leverage AdGaurd.

AdGuard DNS setting has my main DHCP Range and OpenVPN DHCP Range added to Allowed Clients

But the issue I am seeing is once connected I can access services at Home on my NAS, but I get no internet when using android browsers.

I have nothing configured in Advanced / Custom Configuration. I this OK ?

Router IP is 192.168.1.254

Log when I successfully connect

Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=RT-AX88U, emailAddress=me@asusrouter.lan
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=client, emailAddress=me@asusrouter.lan
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 peer info: IV_VER=3.git::081bfebe:RelWithDebInfo
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 peer info: IV_PLAT=android
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 peer info: IV_NCP=2
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 peer info: IV_TCPNL=1
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 peer info: IV_PROTO=30
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 peer info: IV_GUI_VER=net.openvpn.connect.android_3.3.4-9290
Sep 10 18:41:29 ovpn-server1[3993]: 9SOMEIP:36166 peer info: IV_SSO=webauth,openurl,crtext
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 peer info: IV_BS64DL=1
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 TLS: Username/Password authentication succeeded for username 'pixel'
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 TLS: tls_multi_process: initial untrusted session promoted to trusted
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Sep 10 18:41:29 ovpn-server1[3993]: SOMEIP:36166 [client] Peer Connection Initiated with [AF_INET6]::ffff:92.40.194.3:36166 (via ::ffff:86.142.26.204%ppp0)
Sep 10 18:41:29 ovpn-server1[3993]: client/SOMEIP:36166 MULTI_sva: pool returned IPv4=10.10.10.2, IPv6=(Not enabled)
Sep 10 18:41:29 ovpn-server1[3993]: client/SOMEIP:36166 MULTI: Learn: 10.10.10.2 -> client/92.40.194.3:36166
Sep 10 18:41:29 ovpn-server1[3993]: client/SOMEIP:36166 MULTI: primary virtual IP for client/92.40.194.3:36166: 10.10.10.2
Sep 10 18:41:29 ovpn-server1[3993]: client/SOMEIP:36166 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,dhcp-option DOMAIN lan,dhcp-option DNS 192.168.1.254,redirect-gateway def1,route-gateway 10.10.10.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.10.10.2 255.255.255.0,peer-id 0,cipher AES-256-GCM,key-derivation tls-ekm' (status=1)
Sep 10 18:41:29 ovpn-server1[3993]: client/SOMEIP:36166 PUSH: Received control message: 'PUSH_REQUEST'
Sep 10 18:41:30 ovpn-server1[3993]: client/SOMEIP:36166 Data Channel: cipher 'AES-256-GCM', peer-id: 0
Sep 10 18:41:30 ovpn-server1[3993]: client/SOMEIP:36166 Timers: ping 15, ping-restart 120
Sep 10 18:41:30 ovpn-server1[3993]: client/SOMEIP:36166 Protocol options: protocol-flags tls-ekm

I am at a loss where to check next, is it adguard or OpenVPN config I need to get this working ?

 

[Tech9]

After you make changes to VPN server configuration - reboot your router. Try again Internet access from connected clients.

 

[Wishmaster1965]

After you make changes to VPN server configuration - reboot your router. Try again Internet access from connected clients.

Did that multiple times

 

[Tech9]

I don't have any Asus routers running at the moment, but from memory - have you checked something like Advertise DNS to Clients in the OpenVPN Server settings? Also you may want to remove this copy/paste of your log. It contains your WAN IP and port number. No need to advertise it online.

 

[Wishmaster1965]

I had enabled Advertise DNS to Clients and it had no difference, and that's not my WAN address its my phones IP using Data.

 

[Wishmaster1965]

Just tested it again after exporting config and importing to my phone, Looks like that advertise DNS to Clients was not enabled in the old config.

Thanks for the assist @Tech9