RT-AX56U OpenVPN connected but no route | Public IP unknown

[bumsschlumpf]

.....

 

[bumsschlumpf]

.....

 

[Martineau]

Maybe leave a hint for other people in GUI when "unknown public IP" occurs?

Some VPN providers e.g. VPNBOOK don't seemingly support STUN?, so always shows 'Public unknown' so this is not necessarily a reliable/definite indicator that there is something wrong with the OpenVPN configuration.

yet works perfectly

 

[bumsschlumpf]

.....

 

[distilled]

Some VPN providers e.g. VPNBOOK don't seemingly support STUN]

My site to site VPNs now say Unknown when it used to report an IP. It doesn't seem to matter, so I never bothered to ask why, but it is a fairly recent development.

It could easily be something I did though, as a tinkerer, I am a lousy test subject.

 

[Martineau]

My site to site VPNs now say Unknown when it used to report an IP. It doesn't seem to matter, so I never bothered to ask why, but it is a fairly recent development.

It could easily be something I did though, as a tinkerer, I am a lousy test subject.

The firmware uses this very simple script:

/usr/sbin/gettunnelip.sh

#!/bin/sh

INSTANCE=$1

servers="stun.l.google.com:19302 stun.stunprotocol.org"

for server in $servers; do
    result=$(/usr/sbin/ministun -t 5000 -c 1 -i tun1$INSTANCE $server 2>/dev/null)
    [ $? -eq 0 ] && break
    result="unknown"
done

nvram set "vpn_client${INSTANCE}_rip"=$result

so if the two STUN servers cannot be resolved/accessed or if all traffic is forced through a private VPN site-to-site tunnel then it cannot retrieve the expected IP.

Usually, that's why it is advised when using Selective Routing for ALL LAN devices, that you explicitly force the router to use the WAN.

 

[distilled]

Do you mean like this? (75.254 is the local router). With this setting, the VPN reported connected, but I couldn't reach clients.

Lately, MQTT won't talk both ways, so it is likely something else (that I did) is botched too.

 

[Martineau]

Do you mean like this? (75.254 is the local router). With this setting, the VPN reported connected, but I couldn't reach clients.

Lately, MQTT won't talk both ways, so it is likely something else (that I did) is botched too.

If you are not using Selective Routing, then the router is already implicitly outbound via the WAN.

If you can't perform nslookup on the router to the two STUN servers, or you could try manually executing the two ministun commands, then you may have found the reason for always having 'Public -unknown'.