No traffic through OpenVPN tunnel



  • Hi,

    I setup OpenVPN to connect from my IOS devices to my home network.
    My VPN connection is working but for some reason the internal traffic isn't routed through the tunnel.
    I setup my internal networks and DNS, NTP servers. I assigned the OpenVPN interface and configured an IP address.
    From my IOS device I can ping the OpenVPN network address. I see the routes in the logging on the IOS OpenVPN client.
    However the traffic doesn't seem to be routed. I enabled the checkbox that all client generated traffic should go through the tunnel.

    Below the log from the IOS device:

    2016-08-09 11:54:46 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
    2016-08-09 11:54:46 Session is ACTIVE
    2016-08-09 11:54:46 EVENT: GET_CONFIG
    2016-08-09 11:54:46 Sending PUSH_REQUEST to server…
    2016-08-09 11:54:46 OPTIONS:
    0 [route] [172.10.15.0] [255.255.255.0]
    1 [route] [192.168.20.0] [255.255.255.0]
    2 [route] [192.168.150.0] [255.255.255.0]
    3 [dhcp-option] [DOMAIN] [mydomain.local]
    4 [dhcp-option] [DNS] [192.168.20.13]
    5 [dhcp-option] [DNS] [192.168.20.15]
    6 [register-dns]
    7 [dhcp-option] [NTP] [192.168.20.13]
    8 [redirect-gateway] [def1]
    9 [route-gateway] [10.15.10.1] –> IP of OpenVPN interface
    10 [topology] [subnet]
    11 [ping] [10]
    12 [ping-restart] [60]
    13 [ifconfig] [10.15.10.2] [255.255.255.0] –> IP of connected device

    2016-08-09 11:54:46 PROTOCOL OPTIONS:
      cipher: AES-256-CBC
      digest: SHA1
      compress: NONE
      peer ID: -1
    2016-08-09 11:54:46 EVENT: ASSIGN_IP
    2016-08-09 11:54:46 Unknown pushed DHCP option: [dhcp-option] [NTP] [192.168.20.13]
    2016-08-09 11:54:46 TunPersist: saving tun context:
    Session Name: vpndomain.name.com
    Layer: OSI_LAYER_3
    Remote Address: <<wan ip="">>
    Tunnel Addresses:
      10.15.10.2/24 -> 10.15.10.1
    Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
    Block IPv6: no
    Add Routes:
    Exclude Routes:
      2a01:7c8:eb::xx:xx:xx:49/128 [IPv6]
    DNS Servers:
      192.168.20.13
      192.168.20.15
    Search Domains:
      mydomain.local

    2016-08-09 11:54:46 Connected via tun
    2016-08-09 11:54:46 EVENT: CONNECTED user@vpndomain.name.com:1194 (<<wan ip="">>) via /UDPv4 on tun/10.15.10.2/
    2016-08-09 11:54:46 SetStatus Connected

    What am I forgetting?

    Kind regards,

    Mark</wan></wan>



  • Have you got a firewall rule to allow the tunnel traffic onto your lan?



  • Hi Keylevel,

    Thanks. Yes I have several firewall rules in place. it also makes no difference if I add an 'any' rule.
    I don't see traffic dropped.

    Kind regards,

    Mark



  • Some more logging from the OpenVPN server. At the moment I unassinged the OpenVPN interface.
    It wasn't clear to me if I should or should not assign the interface and configure the IP.
    It seems to work (or not work) either way.

    Aug 9 15:51:53  openvpn  99469  92.69.213.93:62051 TLS: Initial packet from [AF_INET]92.69.213.93:62051, sid=9157e45b 82f155c1 
    Aug 9 15:51:54  openvpn  99469  92.69.213.93:62051 VERIFY SCRIPT OK: depth=1, certdata 
    Aug 9 15:51:54  openvpn  99469  92.69.213.93:62051 VERIFY OK: depth=1, C=NL, certdata
    Aug 9 15:51:54  openvpn  99469  92.69.213.93:62051 VERIFY SCRIPT OK: depth=0, certdata
    Aug 9 15:51:54  openvpn  99469  92.69.213.93:62051 VERIFY OK: depth=0, certdata
    Aug 9 15:51:54  openvpn  user 'ME' authenticated 
    Aug 9 15:51:54  openvpn  99469  92.69.213.93:62051 TLS: Username/Password authentication succeeded for username 'ME' [CN SET] 
    Aug 9 15:51:54  openvpn  99469  92.69.213.93:62051 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 
    Aug 9 15:51:54  openvpn  99469  92.69.213.93:62051 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    Aug 9 15:51:54  openvpn  99469  92.69.213.93:62051 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 
    Aug 9 15:51:54  openvpn  99469  92.69.213.93:62051 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    Aug 9 15:51:54  openvpn  99469  92.69.213.93:62051 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA 
    Aug 9 15:51:54  openvpn  99469  92.69.213.93:62051 [mark] Peer Connection Initiated with [AF_INET]92.69.213.93:62051 
    Aug 9 15:51:54  openvpn  99469  mark/92.69.213.93:62051 MULTI_sva: pool returned IPv4=10.15.10.2, IPv6=(Not enabled) 
    Aug 9 15:51:54  openvpn  99469  mark/92.69.213.93:62051 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_c22c667e5f903932f615859110b7c08c.tmp 
    Aug 9 15:51:54  openvpn  99469  mark/92.69.213.93:62051 MULTI: Learn: 10.15.10.2 -> ME/92.69.213.93:62051 
    Aug 9 15:51:54  openvpn  99469  mark/92.69.213.93:62051 MULTI: primary virtual IP for ME/92.69.213.93:62051: 10.15.10.2 
    Aug 9 15:51:54  openvpn  99469  mark/92.69.213.93:62051 PUSH: Received control message: 'PUSH_REQUEST' 
    Aug 9 15:51:54  openvpn  99469  mark/92.69.213.93:62051 send_push_reply(): safe_cap=940 
    Aug 9 15:51:54  openvpn  99469  mark/92.69.213.93:62051 SENT CONTROL [mark]: 'PUSH_REPLY,route 172.10.15.0 255.255.255.0,route 192.168.20.0 255.255.255.0,route 192.168.150.0 255.255.255.0,dhcp-option DOMAIN argus.local,dhcp-option DNS 192.168.20.13,dhcp-option DNS 192.168.20.15,register-dns,dhcp-option NTP 192.168.20.13,redirect-gateway def1,route-gateway 10.15.10.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.15.10.2 255.255.255.0' (status=1) 
    Aug 9 15:52:04  openvpn  99469  MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock 
    Aug 9 15:52:04  openvpn  99469  MANAGEMENT: CMD 'status 2' 
    Aug 9 15:52:04  openvpn  99469  MANAGEMENT: CMD 'quit' 
    Aug 9 15:52:04  openvpn  99469  MANAGEMENT: Client disconnected

    Hope the log clears up anything. I don't have a clue what I'm missing.


Log in to reply