Open vpn routing issue

Thank you very much! I will read a bit further and play around a bit once I find the time :slight_smile:

Hi! I hadn’t paid attention to this thread but I also had a lot of problems with OpenVPN since 3.2 (c.f. TJC thread)

On my side, if I only set the routes as “User routes” in the GUI, browser traffic doesn’t go through the VPN.
If I set routes only in the config file, there is no traffic at all in the browser.

What currently works for me is, in the .ovpn file:

route 0.0.0.0 128.0.0.0
route 128.0.0.0 128.0.0.0

And in the GUI:

0.0.0.0 / 128.0.0.0 / 10.8.0.1
128.0.0.0 / 128.0.0.0 / 10.8.0.1

With this setup, when I look at the “Details” of the connection, I see 2 additional “User route” and 2 additional “Server route”, and web traffic goes correctly through the VPN

I ended up with this config after many unsuccessful tries and I have to admit that I didn’t take enough time to understand deeply how it is supposed to be configured, please let me know if you see something obviously wrong :slightly_smiling_face:

This is exactly the setting I did except for a different gateway.

Edit: I didn’t set any dedicated server routes, just the push redirect -gateway settings mentioned above.

Hi,
were you able to resolve this issue?

I use ONE openvpn server config serving 1 Linux box and 2 Sailfish phones. The client configurations are the same (except for the certificates), however, I cannot ping from my server to the phones.
Pinging the Linux box works both ways.

I am stuck here.

If you ping members of a VPN, you should exclusively use their VPN addresses, not their public ones.

Good idea, thank you, however I ping only the VPN adresses.
Server has got 10.8.0.1 and the clients (mostly Linux boxes) 10.8.0.3, 10.8.0.2, etc.

What I found when I check for the routes (route -n command) in the Xperia (latest public release (4.0)) is that there is one line with only 0.0.0.0 adresses - for IP, gateway, and netmask - that seems to be odd.
By the way, the same phenomenon can be found in my older Jolla 1 phone running version 3 of Sailfish OS.

Martin.

Hi.

Your problem with ping may be the consequence of blocking by the firewall inside your Jolla devices.

Take a look at the files inside the folder:

/etc/connman/firewall.d

I’m not familiar with firewall configurations, but there’s a file called:

10-block-icmp-firewall.conf

Maybe this can help you with your issues.
I’ve modified the file:

00-devmode-firewall.conf

so that I can ssh into my devices through the VPN connection. I added the following lines:

[vpn]
IPv4.INPUT.RULES = -p tcp -m tcp --dport 22 -j ACCEPT
IPv6.INPUT.RULES = -p tcp -m tcp --dport 22 -j ACCEPT

At the end of the file and restarted connman.service to make then work.
Best regards.

I could stop the DNS leak by opening general Android settings

apkd-launcher com.android.settings/com.android.settings.Settings

and then entering the DNS (doh.mullvad.net in my case) in the network settings. But it does not accept IP addresses there. Only domain names.

1 Like