Thank you very much! I will read a bit further and play around a bit once I find the time 
Hi! I hadn’t paid attention to this thread but I also had a lot of problems with OpenVPN since 3.2 (c.f. TJC thread)
On my side, if I only set the routes as “User routes” in the GUI, browser traffic doesn’t go through the VPN.
If I set routes only in the config file, there is no traffic at all in the browser.
What currently works for me is, in the .ovpn file:
route 0.0.0.0 128.0.0.0
route 128.0.0.0 128.0.0.0
And in the GUI:
0.0.0.0 / 128.0.0.0 / 10.8.0.1
128.0.0.0 / 128.0.0.0 / 10.8.0.1
With this setup, when I look at the “Details” of the connection, I see 2 additional “User route” and 2 additional “Server route”, and web traffic goes correctly through the VPN
I ended up with this config after many unsuccessful tries and I have to admit that I didn’t take enough time to understand deeply how it is supposed to be configured, please let me know if you see something obviously wrong 
This is exactly the setting I did except for a different gateway.
Edit: I didn’t set any dedicated server routes, just the push redirect -gateway settings mentioned above.
Hi,
were you able to resolve this issue?
I use ONE openvpn server config serving 1 Linux box and 2 Sailfish phones. The client configurations are the same (except for the certificates), however, I cannot ping from my server to the phones.
Pinging the Linux box works both ways.
I am stuck here.
If you ping members of a VPN, you should exclusively use their VPN addresses, not their public ones.
Good idea, thank you, however I ping only the VPN adresses.
Server has got 10.8.0.1 and the clients (mostly Linux boxes) 10.8.0.3, 10.8.0.2, etc.
What I found when I check for the routes (route -n command) in the Xperia (latest public release (4.0)) is that there is one line with only 0.0.0.0 adresses - for IP, gateway, and netmask - that seems to be odd.
By the way, the same phenomenon can be found in my older Jolla 1 phone running version 3 of Sailfish OS.
Martin.
Hi.
Your problem with ping may be the consequence of blocking by the firewall inside your Jolla devices.
Take a look at the files inside the folder:
/etc/connman/firewall.d
I’m not familiar with firewall configurations, but there’s a file called:
10-block-icmp-firewall.conf
Maybe this can help you with your issues.
I’ve modified the file:
00-devmode-firewall.conf
so that I can ssh into my devices through the VPN connection. I added the following lines:
[vpn]
IPv4.INPUT.RULES = -p tcp -m tcp --dport 22 -j ACCEPT
IPv6.INPUT.RULES = -p tcp -m tcp --dport 22 -j ACCEPT
At the end of the file and restarted connman.service to make then work.
Best regards.
I could stop the DNS leak by opening general Android settings
apkd-launcher com.android.settings/com.android.settings.Settings
and then entering the DNS (doh.mullvad.net in my case) in the network settings. But it does not accept IP addresses there. Only domain names.
1 Like