OpenVPN TCP - No traffic

Crlaozwyn · Sep 23, 2019, 1:22 PM

Thanks @viragomann. I did get the NAT rules figured out (later in the thread, I think). They've been on WAN with the VPN subnet (yes, the .13. is the VPN).

There are currently no custom options set. I do have "Force all client-generated IPv4 traffic through the tunnel" checked.

viragomann · Sep 23, 2019, 1:41 PM

Are you able to access your local device from the VPN client?

Please post the routing table of the client device.

Crlaozwyn · Sep 23, 2019, 1:45 PM

Argh! It started working again without me making a single change from yesterday.

Is the routing table part of the logs? If so, I think the only relevant entry would be this:
2019-37-22 15:37:02 NIP: adding (included) IPv4 route 192.168.13.0/24

viragomann · Sep 23, 2019, 2:16 PM

No, the routing table is a list containing all route of an operating system. It depends on the OS how to show it.

In Windows and some Linux "netstat -r" may work.
In other Linux "route" or "ip route".
In MacOS "netstat -nr".

johnpoz · Sep 23, 2019, 2:47 PM

route print will also work on windows.

Crlaozwyn · Sep 23, 2019, 11:02 PM

Gotcha, thank you both for the clarification. Unfortunately the client is an iPhone and, based on a bit of Googling, there isn't really a way to access the IP routing table. With some help, I did discover a setup issue on my part though:

Both UDP and TCP OpenVPN servers were using the same subnet. I've changed the subnet for UDP to be unique and non-overlapping. It hasn't fixed it yet, but that should hopefully prevent TCP from breaking at least...

johnpoz · Sep 23, 2019, 11:46 PM

Dude is that you on reddit ;) heheeh - that is me over on reddit

You should be able to see your route table via Hurricane electric app.

Let me double check that.

Yup the HE tools shows that
🔒 Log in to view

You can get it here
https://networktools.he.net/

Crlaozwyn · Sep 23, 2019, 11:45 PM

Bahahah, yeah that's me. I didn't get a response here after a few days so I figured I'd put another line in the water. Thanks again for your help.

HE.NET app definitely has a lot of data. Do you need all interfaces? There's around a hundred rows

johnpoz · Sep 23, 2019, 11:50 PM

You just need to find your vpn interface, once you connect.

You can use it to do a traceroute as well.. Can you ping your lan side interface of pfsense?

Here pinging my lan IP of pfsense using tcp from ios
🔒 Log in to view

Crlaozwyn · Sep 24, 2019, 12:18 AM

Total fail screenshot attempt - deleted

johnpoz · Sep 24, 2019, 12:12 AM

Well that doesn't look like you have any routes. But I specific route vs default route.. Let me change mine and reconnect

Even when I set to default, I still see routes for the tunnel network..

Are you even connected?

Crlaozwyn · Sep 24, 2019, 12:17 AM

So uh... I totally disabled the VPN in order to be able to actually upload anything. Screenshot fail! Should be a little more enlightening here...
🔒 Log in to view