Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN connects, can ping LAN hosts but no web pages load

    Scheduled Pinned Locked Moved OpenVPN
    14 Posts 4 Posters 981 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      charry2014
      last edited by charry2014

      Still no idea... I even rebooted pfSense to no avail. I did notice that even when the client shows 'initialisation sequence complete' pfSense OpenVPN status shows no client connected. There is obviously something wrong.

      A couple of specific questions -

      • I gave my OpenVPN server an IPv6 Tunnel Network of 2a00:6020:1000:1d::/64 which is a complete guess. I have no idea if this is going to work. Can anyone help me be sure this is OK?

      • On the Dashboard the OpenVPN Gateway is always Offline - I have verified the IPv6 address it is pinging (2001:4860:4860::8888)can be reached from pfSense ping diagnostic so could this indicate a problem?

      • I read that adding the Advanced Configuration option push "route-ipv6 2000::/3"; is required in the OpenVPN server options for IPv6 connections. Is this true?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @charry2014
        last edited by

        @charry2014 said in OpenVPN connects, can ping LAN hosts but no web pages load:

        I gave my OpenVPN server an IPv6 Tunnel Network of 2a00:6020:1000:1d::/64 which is a complete guess. I have no idea if this is going to work. Can anyone help me be sure this is OK?

        I've been asking myself the same qestion.
        That's why I defalted to a known good RFC 1918 IP network like 192.168.3.0/24.
        After all : the Internet gods will come after you if "2a00:6020:1000:1d::/64" is assigned to some one ;))

        @charry2014 said in OpenVPN connects, can ping LAN hosts but no web pages load:

        On the Dashboard the OpenVPN Gateway is always Offline

        That's not a good sign.

        20ea0991-ff85-4d44-a0a6-03dd94d45e3a-image.png

        As I'm using 192.168.3.0/24 and 2001:470:xxxx:3::/64 - I own both of them, as 192.168.3.0/24 is RFC1918 and 2001:470:xxxx:3::/64 is part of an IPv6 network that I'm allowed to use.

        The tunnel goes over IPv4 (I guess / I don't care ^^).

        @charry2014 said in OpenVPN connects, can ping LAN hosts but no web pages load:

        I read that adding the Advanced Configuration option push "route-ipv6 2000::/3";

        What about the more official doc ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • C
          charry2014
          last edited by

          Many thanks - the official document you gave me is a bit more informative (and less German ☺).

          I have been reading docs on IPv6 addressing and am not sure what what IPv6 Tunnel Network I should use. My service provider uses DHCPv6 and a DHCPv6 Prefix Delegation size of 56 in the WAN interface. In the dashboard WAN shows a WAN IPv6 2a00:6020:1000:1d::bbc:beef. I am assuming that as I get a /56 from my provider I should choose a /64 for OpenVPN like the docs say - but what is the correct /64 I should use?

          I did notice that even when the client shows 'initialisation sequence complete' pfSense OpenVPN status shows no client connected. There is obviously something wrong.

          1 Reply Last reply Reply Quote 0
          • C
            charry2014
            last edited by

            Any ideas anyone. Please....

            1 Reply Last reply Reply Quote 0
            • Bob.DigB
              Bob.Dig LAYER 8 @charry2014
              last edited by

              @charry2014 said in OpenVPN connects, can ping LAN hosts but no web pages load:

              It it just web pages hosted by servers on my LAN which don't.

              So that looks like just a NAT problem?
              And for the tunnel you still could use IPv4, even if the tunnel is running over IPv6 I guess.

              1 Reply Last reply Reply Quote 0
              • C
                charry2014
                last edited by

                It could be - previously in my OpenVPN configs the automatic NAT just worked so I am a bit confused what settings I should use. I read around a bit and ended up with what is below - but the automatic outbound NAT gives the same behaviour.

                5e3b95ba-2850-45f0-8227-3a7ead7c626b-image.png

                Can you help me get this working?

                1 Reply Last reply Reply Quote 0
                • C
                  charry2014
                  last edited by

                  Another week later and I am still going round in circles - can anyone help me debug this? It is curious that even when the client is connected the client does not show up in OpenVPN -> Clients and the OpenVPN gateway is offline on the Dashboard. I am wondering if there are deeper problems and the connection is somehow broken - but I have never seen anything like this before and do not know how to debug.

                  Perhaps there is something fishy in the client log:

                  2021-07-07 17:21:31 official build 0.7.22 running on samsung SM-G980F (exynos990), Android 11 (RP1A.200720.012) API 30, ABI arm64-v8a, (samsung/x1seea/x1s:11/RP1A.200720.012/G980FXXS8DUE4:user/release-keys)
2021-07-07 17:21:31 Building configuration…
2021-07-07 17:21:31 started Socket Thread
2021-07-07 17:21:31 Network Status: CONNECTED LTE to MOBILE web.vodafone.de
2021-07-07 17:21:31 Debug state info: CONNECTED LTE to MOBILE web.vodafone.de, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2021-07-07 17:21:31 Debug state info: CONNECTED LTE to MOBILE web.vodafone.de, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2021-07-07 17:21:31 P:WARNING: linker: Warning: "/data/app/~~fyJTip2PqSNVJwkrHarwmQ==/de.blinkt.openvpn-20-BWAy1UbXInZrowo7caw==/lib/arm64/libovpnexec.so" is not a directory (ignoring)
2021-07-07 17:21:31 Current Parameter Settings:
2021-07-07 17:21:31   config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2021-07-07 17:21:31   mode = 0
2021-07-07 17:21:31   show_ciphers = DISABLED
2021-07-07 17:21:31   show_digests = DISABLED
2021-07-07 17:21:31   show_engines = DISABLED
2021-07-07 17:21:31   genkey = DISABLED
2021-07-07 17:21:31   genkey_filename = '[UNDEF]'
2021-07-07 17:21:31   key_pass_file = '[UNDEF]'
2021-07-07 17:21:31   show_tls_ciphers = DISABLED
2021-07-07 17:21:31   connect_retry_max = 0
2021-07-07 17:21:31 Connection profiles [0]:
2021-07-07 17:21:31   proto = udp
2021-07-07 17:21:31   local = '[UNDEF]'
2021-07-07 17:21:31   local_port = '1194'
2021-07-07 17:21:31   remote = 'myhostlanipv6.dyndns.biz'
2021-07-07 17:21:31   remote_port = '1194'
2021-07-07 17:21:31   remote_float = DISABLED
2021-07-07 17:21:31   bind_defined = DISABLED
2021-07-07 17:21:31   bind_local = ENABLED
2021-07-07 17:21:31   bind_ipv6_only = DISABLED
2021-07-07 17:21:31   connect_retry_seconds = 2
2021-07-07 17:21:31   connect_timeout = 120
2021-07-07 17:21:31   socks_proxy_server = '[UNDEF]'
2021-07-07 17:21:31   socks_proxy_port = '[UNDEF]'
2021-07-07 17:21:31   tun_mtu = 1500
2021-07-07 17:21:31   tun_mtu_defined = ENABLED
2021-07-07 17:21:31   link_mtu = 1500
2021-07-07 17:21:31   link_mtu_defined = DISABLED
2021-07-07 17:21:31   tun_mtu_extra = 0
2021-07-07 17:21:31   tun_mtu_extra_defined = DISABLED
2021-07-07 17:21:31   mtu_discover_type = -1
2021-07-07 17:21:31   fragment = 0
2021-07-07 17:21:31   mssfix = 1450
2021-07-07 17:21:31   explicit_exit_notification = 0
2021-07-07 17:21:31   tls_auth_file = '[INLINE]'
2021-07-07 17:21:31   key_direction = 1
2021-07-07 17:21:31   tls_crypt_file = '[UNDEF]'
2021-07-07 17:21:31   tls_crypt_v2_file = '[UNDEF]'
2021-07-07 17:21:31 Connection profiles END
2021-07-07 17:21:31   remote_random = DISABLED
2021-07-07 17:21:31   ipchange = '[UNDEF]'
2021-07-07 17:21:31   dev = 'tun'
2021-07-07 17:21:31   dev_type = '[UNDEF]'
2021-07-07 17:21:31   dev_node = '[UNDEF]'
2021-07-07 17:21:31   lladdr = '[UNDEF]'
2021-07-07 17:21:31   topology = 1
2021-07-07 17:21:31   ifconfig_local = '[UNDEF]'
2021-07-07 17:21:31   ifconfig_remote_netmask = '[UNDEF]'
2021-07-07 17:21:31   ifconfig_noexec = DISABLED
2021-07-07 17:21:31   ifconfig_nowarn = ENABLED
2021-07-07 17:21:31   ifconfig_ipv6_local = '[UNDEF]'
2021-07-07 17:21:31   ifconfig_ipv6_netbits = 0
2021-07-07 17:21:31   ifconfig_ipv6_remote = '[UNDEF]'
2021-07-07 17:21:31   shaper = 0
2021-07-07 17:21:31   mtu_test = 0
2021-07-07 17:21:31   mlock = DISABLED
2021-07-07 17:21:31   keepalive_ping = 0
2021-07-07 17:21:31   keepalive_timeout = 0
2021-07-07 17:21:31   inactivity_timeout = 0
2021-07-07 17:21:31   ping_send_timeout = 0
2021-07-07 17:21:31   ping_rec_timeout = 0
2021-07-07 17:21:31   ping_rec_timeout_action = 0
2021-07-07 17:21:31   ping_timer_remote = DISABLED
2021-07-07 17:21:31   remap_sigusr1 = 0
2021-07-07 17:21:31   persist_tun = ENABLED
2021-07-07 17:21:31   persist_local_ip = DISABLED
2021-07-07 17:21:31   persist_remote_ip = DISABLED
2021-07-07 17:21:31   persist_key = DISABLED
2021-07-07 17:21:31   passtos = DISABLED
2021-07-07 17:21:31   resolve_retry_seconds = 60
2021-07-07 17:21:31   resolve_in_advance = ENABLED
2021-07-07 17:21:31   username = '[UNDEF]'
2021-07-07 17:21:31   groupname = '[UNDEF]'
2021-07-07 17:21:31   chroot_dir = '[UNDEF]'
2021-07-07 17:21:31   cd_dir = '[UNDEF]'
2021-07-07 17:21:31   writepid = '[UNDEF]'
2021-07-07 17:21:31   up_script = '[UNDEF]'
2021-07-07 17:21:31   down_script = '[UNDEF]'
2021-07-07 17:21:31   down_pre = DISABLED
2021-07-07 17:21:31   up_restart = DISABLED
2021-07-07 17:21:31   up_delay = DISABLED
2021-07-07 17:21:31   daemon = DISABLED
2021-07-07 17:21:31   log = DISABLED
2021-07-07 17:21:31   suppress_timestamps = DISABLED
2021-07-07 17:21:31   machine_readable_output = ENABLED
2021-07-07 17:21:31   nice = 0
2021-07-07 17:21:31   verbosity = 4
2021-07-07 17:21:31   mute = 0
2021-07-07 17:21:31   gremlin = 0
2021-07-07 17:21:31   status_file = '[UNDEF]'
2021-07-07 17:21:31   status_file_version = 1
2021-07-07 17:21:31   status_file_update_freq = 60
2021-07-07 17:21:31   occ = ENABLED
2021-07-07 17:21:31   rcvbuf = 0
2021-07-07 17:21:31   sndbuf = 0
2021-07-07 17:21:31   sockflags = 0
2021-07-07 17:21:31   fast_io = DISABLED
2021-07-07 17:21:31   comp.alg = 0
2021-07-07 17:21:31   comp.flags = 0
2021-07-07 17:21:31   route_script = '[UNDEF]'
2021-07-07 17:21:31   route_default_gateway = '[UNDEF]'
2021-07-07 17:21:31   route_default_metric = 0
2021-07-07 17:21:31   route_noexec = DISABLED
2021-07-07 17:21:31   route_delay = 0
2021-07-07 17:21:31   route_delay_window = 30
2021-07-07 17:21:31   route_delay_defined = DISABLED
2021-07-07 17:21:31   route_nopull = DISABLED
2021-07-07 17:21:31   route_gateway_via_dhcp = DISABLED
2021-07-07 17:21:31   allow_pull_fqdn = DISABLED
2021-07-07 17:21:31   management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2021-07-07 17:21:31   management_port = 'unix'
2021-07-07 17:21:31   management_user_pass = '[UNDEF]'
2021-07-07 17:21:31   management_log_history_cache = 250
2021-07-07 17:21:31   management_echo_buffer_size = 100
2021-07-07 17:21:31   management_write_peer_info_file = '[UNDEF]'
2021-07-07 17:21:31   management_client_user = '[UNDEF]'
2021-07-07 17:21:31   management_client_group = '[UNDEF]'
2021-07-07 17:21:31   management_flags = 16678
2021-07-07 17:21:31   shared_secret_file = '[UNDEF]'
2021-07-07 17:21:31   key_direction = 1
2021-07-07 17:21:31   ciphername = 'AES-128-CBC'
2021-07-07 17:21:31   ncp_enabled = ENABLED
2021-07-07 17:21:31   ncp_ciphers = 'AES-128-GCM:AES-128-CBC'
2021-07-07 17:21:31   authname = 'SHA512'
2021-07-07 17:21:31   prng_hash = 'SHA1'
2021-07-07 17:21:31   prng_nonce_secret_len = 16
2021-07-07 17:21:31   keysize = 0
2021-07-07 17:21:31   engine = DISABLED
2021-07-07 17:21:31   replay = ENABLED
2021-07-07 17:21:31   mute_replay_warnings = DISABLED
2021-07-07 17:21:31   replay_window = 64
2021-07-07 17:21:31   replay_time = 15
2021-07-07 17:21:31   packet_id_file = '[UNDEF]'
2021-07-07 17:21:31   test_crypto = DISABLED
2021-07-07 17:21:31   tls_server = DISABLED
2021-07-07 17:21:31   tls_client = ENABLED
2021-07-07 17:21:31   ca_file = '[INLINE]'
2021-07-07 17:21:31   ca_path = '[UNDEF]'
2021-07-07 17:21:31   dh_file = '[UNDEF]'
2021-07-07 17:21:31   cert_file = '[INLINE]'
2021-07-07 17:21:31   extra_certs_file = '[UNDEF]'
2021-07-07 17:21:31   priv_key_file = '[INLINE]'
2021-07-07 17:21:31   pkcs12_file = '[UNDEF]'
2021-07-07 17:21:31   cipher_list = '[UNDEF]'
2021-07-07 17:21:31   cipher_list_tls13 = '[UNDEF]'
2021-07-07 17:21:31   tls_cert_profile = '[UNDEF]'
2021-07-07 17:21:31   tls_verify = '[UNDEF]'
2021-07-07 17:21:31   tls_export_cert = '[UNDEF]'
2021-07-07 17:21:31   verify_x509_type = 2
2021-07-07 17:21:31   verify_x509_name = 'internal-ca'
2021-07-07 17:21:31   crl_file = '[UNDEF]'
2021-07-07 17:21:31   ns_cert_type = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 65535
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_ku[i] = 0
2021-07-07 17:21:31   remote_cert_eku = 'TLS Web Server Authentication'
2021-07-07 17:21:31   ssl_flags = 0
2021-07-07 17:21:31   tls_timeout = 2
2021-07-07 17:21:31   renegotiate_bytes = -1
2021-07-07 17:21:31   renegotiate_packets = 0
2021-07-07 17:21:31   renegotiate_seconds = 3600
2021-07-07 17:21:31   handshake_window = 60
2021-07-07 17:21:31   transition_window = 3600
2021-07-07 17:21:31   single_session = DISABLED
2021-07-07 17:21:31   push_peer_info = DISABLED
2021-07-07 17:21:31   tls_exit = DISABLED
2021-07-07 17:21:31   tls_crypt_v2_metadata = '[UNDEF]'
2021-07-07 17:21:31   server_network = 0.0.0.0
2021-07-07 17:21:31   server_netmask = 0.0.0.0
2021-07-07 17:21:31   server_network_ipv6 = ::
2021-07-07 17:21:31   server_netbits_ipv6 = 0
2021-07-07 17:21:31   server_bridge_ip = 0.0.0.0
2021-07-07 17:21:31   server_bridge_netmask = 0.0.0.0
2021-07-07 17:21:31   server_bridge_pool_start = 0.0.0.0
2021-07-07 17:21:31   server_bridge_pool_end = 0.0.0.0
2021-07-07 17:21:31   ifconfig_pool_defined = DISABLED
2021-07-07 17:21:31   ifconfig_pool_start = 0.0.0.0
2021-07-07 17:21:31   ifconfig_pool_end = 0.0.0.0
2021-07-07 17:21:31   ifconfig_pool_netmask = 0.0.0.0
2021-07-07 17:21:31   ifconfig_pool_persist_filename = '[UNDEF]'
2021-07-07 17:21:31   ifconfig_pool_persist_refresh_freq = 600
2021-07-07 17:21:31   ifconfig_ipv6_pool_defined = DISABLED
2021-07-07 17:21:31   ifconfig_ipv6_pool_base = ::
2021-07-07 17:21:31   ifconfig_ipv6_pool_netbits = 0
2021-07-07 17:21:31   n_bcast_buf = 256
2021-07-07 17:21:31   tcp_queue_limit = 64
2021-07-07 17:21:31   real_hash_size = 256
2021-07-07 17:21:31   virtual_hash_size = 256
2021-07-07 17:21:31   client_connect_script = '[UNDEF]'
2021-07-07 17:21:31   learn_address_script = '[UNDEF]'
2021-07-07 17:21:31   client_disconnect_script = '[UNDEF]'
2021-07-07 17:21:31   client_config_dir = '[UNDEF]'
2021-07-07 17:21:31   ccd_exclusive = DISABLED
2021-07-07 17:21:31   tmp_dir = '/data/data/de.blinkt.openvpn/cache'
2021-07-07 17:21:31   push_ifconfig_defined = DISABLED
2021-07-07 17:21:31   push_ifconfig_local = 0.0.0.0
2021-07-07 17:21:31   push_ifconfig_remote_netmask = 0.0.0.0
2021-07-07 17:21:31   push_ifconfig_ipv6_defined = DISABLED
2021-07-07 17:21:31   push_ifconfig_ipv6_local = ::/0
2021-07-07 17:21:31   push_ifconfig_ipv6_remote = ::
2021-07-07 17:21:31   enable_c2c = DISABLED
2021-07-07 17:21:31   duplicate_cn = DISABLED
2021-07-07 17:21:31   cf_max = 0
2021-07-07 17:21:31 Waiting 0s seconds between connection attempt
2021-07-07 17:21:31   cf_per = 0
2021-07-07 17:21:31   max_clients = 1024
2021-07-07 17:21:31   max_routes_per_client = 256
2021-07-07 17:21:31   auth_user_pass_verify_script = '[UNDEF]'
2021-07-07 17:21:31   auth_user_pass_verify_script_via_file = DISABLED
2021-07-07 17:21:31   auth_token_generate = DISABLED
2021-07-07 17:21:31   auth_token_lifetime = 0
2021-07-07 17:21:31   auth_token_secret_file = '[UNDEF]'
2021-07-07 17:21:31   port_share_host = '[UNDEF]'
2021-07-07 17:21:31   port_share_port = '[UNDEF]'
2021-07-07 17:21:31   vlan_tagging = DISABLED
2021-07-07 17:21:31   vlan_accept = all
2021-07-07 17:21:31   vlan_pvid = 1
2021-07-07 17:21:31   client = ENABLED
2021-07-07 17:21:31   pull = ENABLED
2021-07-07 17:21:31   auth_user_pass_file = '[UNDEF]'
2021-07-07 17:21:31 OpenVPN 2.5-icsopenvpn [git:icsopenvpn/v0.7.22-0-g9b79d2c5] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 15 2021
2021-07-07 17:21:31 library versions: OpenSSL 1.1.1j  16 Feb 2021, LZO 2.10
2021-07-07 17:21:31 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2021-07-07 17:21:31 MANAGEMENT: CMD 'version 3'
2021-07-07 17:21:31 MANAGEMENT: CMD 'hold release'
2021-07-07 17:21:31 MANAGEMENT: CMD 'bytecount 2'
2021-07-07 17:21:31 MANAGEMENT: CMD 'state on'
2021-07-07 17:21:31 MANAGEMENT: >STATE:1625671291,RESOLVE,,,,,,
2021-07-07 17:21:31 MANAGEMENT: CMD 'proxy NONE'
2021-07-07 17:21:32 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-07-07 17:21:32 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-07-07 17:21:32 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
2021-07-07 17:21:32 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2021-07-07 17:21:32 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client'
2021-07-07 17:21:32 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-server'
2021-07-07 17:21:32 TCP/UDP: Preserving recently used remote address: [AF_INET6]2a00:6020:1000:9::84b:bbd5:1194
2021-07-07 17:21:32 Socket Buffers: R=[245760->245760] S=[245760->245760]
2021-07-07 17:21:32 setsockopt(IPV6_V6ONLY=0)
2021-07-07 17:21:32 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2021-07-07 17:21:32 UDP link local (bound): [AF_INET6][undef]:1194
2021-07-07 17:21:32 UDP link remote: [AF_INET6]2a00:6020:1000:9::84b:bbd5:1194
2021-07-07 17:21:32 MANAGEMENT: >STATE:1625671292,WAIT,,,,,,
2021-07-07 17:21:32 MANAGEMENT: >STATE:1625671292,AUTH,,,,,,
2021-07-07 17:21:32 TLS: Initial packet from [AF_INET6]2a00:6020:1000:9::84b:bbd5:1194, sid=cdc01c69 e7bb580d
2021-07-07 17:21:32 VERIFY OK: depth=1, CN=internal-ca
2021-07-07 17:21:32 VERIFY KU OK
2021-07-07 17:21:32 Validating certificate extended key usage
2021-07-07 17:21:32 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-07-07 17:21:32 VERIFY EKU OK
2021-07-07 17:21:32 VERIFY X509NAME OK: CN=internal-ca
2021-07-07 17:21:32 VERIFY OK: depth=0, CN=internal-ca
2021-07-07 17:21:32 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'
2021-07-07 17:21:32 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2021-07-07 17:21:32 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2021-07-07 17:21:32 [internal-ca] Peer Connection Initiated with [AF_INET6]2a00:6020:1000:9::84b:bbd5:1194
2021-07-07 17:21:34 MANAGEMENT: >STATE:1625671294,GET_CONFIG,,,,,,
2021-07-07 17:21:34 SENT CONTROL [internal-ca]: 'PUSH_REQUEST' (status=1)
2021-07-07 17:21:34 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DOMAIN mylocaldomain.net,dhcp-option DNS 192.168.77.1,dhcp-option DNS6 2001:4860:4860::8888,dhcp-option DNS6 2620:119:53::53,dhcp-option DNS6 2620:119:35::35,block-outside-dns,register-dns,redirect-gateway def1,redirect-gateway ipv6,compress ,route-ipv6 2000::/3,tun-ipv6,route-gateway 192.168.77.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 2a00:6020:1000:9::1000/64 2a00:6020:1000:9::1,ifconfig 192.168.77.2 255.255.255.0,peer-id 1'
2021-07-07 17:21:34 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: block-outside-dns (2.5_master)
2021-07-07 17:21:34 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: register-dns (2.5_master)
2021-07-07 17:21:34 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
2021-07-07 17:21:34 OPTIONS IMPORT: timers and/or timeouts modified
2021-07-07 17:21:34 OPTIONS IMPORT: compression parms modified
2021-07-07 17:21:34 OPTIONS IMPORT: --ifconfig/up options modified
2021-07-07 17:21:34 OPTIONS IMPORT: route options modified
2021-07-07 17:21:34 OPTIONS IMPORT: route-related options modified
2021-07-07 17:21:34 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-07-07 17:21:34 OPTIONS IMPORT: peer-id set
2021-07-07 17:21:34 OPTIONS IMPORT: adjusting link_mtu to 1624
2021-07-07 17:21:34 Using peer cipher 'AES-128-CBC'
2021-07-07 17:21:34 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2021-07-07 17:21:34 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-07-07 17:21:34 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2021-07-07 17:21:34 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-07-07 17:21:34 ROUTE_GATEWAY 127.100.103.119 IFACE=android-gw
2021-07-07 17:21:34 GDG6: remote_host_ipv6=2a00:6020:1000:9::84b:bbd5
2021-07-07 17:21:34 ROUTE6_GATEWAY :: IFACE=android-gw
2021-07-07 17:21:34 do_ifconfig, ipv4=1, ipv6=1
2021-07-07 17:21:34 MANAGEMENT: >STATE:1625671294,ASSIGN_IP,,192.168.77.2,,,,,2a00:6020:1000:9::1000
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'IFCONFIG6' ok'
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2021-07-07 17:21:34 add_route_ipv6(2000::/3 -> 2a00:6020:1000:9::1 metric -1) dev (null)
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'ROUTE6' ok'
2021-07-07 17:21:34 add_route_ipv6(::/3 -> 2a00:6020:1000:9::1 metric -1) dev (null)
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'ROUTE6' ok'
2021-07-07 17:21:34 add_route_ipv6(2000::/4 -> 2a00:6020:1000:9::1 metric -1) dev (null)
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'ROUTE6' ok'
2021-07-07 17:21:34 add_route_ipv6(3000::/4 -> 2a00:6020:1000:9::1 metric -1) dev (null)
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'ROUTE6' ok'
2021-07-07 17:21:34 add_route_ipv6(fc00::/7 -> 2a00:6020:1000:9::1 metric -1) dev (null)
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'ROUTE6' ok'
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'DNS6SERVER' ok'
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'DNS6SERVER' ok'
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'DNS6SERVER' ok'
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'DNSDOMAIN' ok'
2021-07-07 17:21:34 Opening tun interface:
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
2021-07-07 17:21:34 Local IPv4: 192.168.77.2/24 IPv6: 2a00:6020:1000:9::1000/64 MTU: 1500
2021-07-07 17:21:34 DNS Server: 2001:4860:4860::8888, 2620:119:53::53, 2620:119:35::35, 192.168.77.1, Domain: lesmartinslocal.net
2021-07-07 17:21:34 Routes: 0.0.0.0/0, 192.168.77.0/24 ::/3, 2000::/4, 2000::/3, 3000::/4, fc00::/7
2021-07-07 17:21:34 Routes excluded:  
2021-07-07 17:21:34 VpnService routes installed: 0.0.0.0/0 ::/3, 2000::/3, fc00::/7
2021-07-07 17:21:34 Disallowed VPN apps: 
2021-07-07 17:21:34 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2021-07-07 17:21:34 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-07-07 17:21:34 Initialization Sequence Completed
2021-07-07 17:21:34 MANAGEMENT: >STATE:1625671294,CONNECTED,SUCCESS,192.168.77.2,2a00:6020:1000:9::84b:bbd5,1194,,,2a00:6020:1000:9::1000
2021-07-07 17:21:34 Debug state info: CONNECTED LTE to MOBILE web.vodafone.de, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED

                  Or assuming this is a NAT problem as @Bob-Dig suggested what should I try?

                  1 Reply Last reply Reply Quote 0
                  • S
                    syntx
                    last edited by syntx

                    dear,

                    I have same problem and i disable redirect gateway

                    openvpn1.PNG

                    1 Reply Last reply Reply Quote 0
                    • C
                      charry2014
                      last edited by

                      Many thanks for the suggestion - I tried that, exported a new client profile, and unfortunately no difference.

                      1 Reply Last reply Reply Quote 0
                      • C
                        charry2014
                        last edited by

                        Can anyone offer any help debugging this please - I am not making any progress.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.