Skip to content
VPN connects, but nothing works
Got a problem with Viscosity or need help? Ask here!
Hi!
I have a bridged connection. The connection establishes fine (that is, no error is reported, and Viscosity gets an IP, the DNS and domain parameters). The OpenVPN pushes "redirect-gateway def1 bypass-dhcp", which apparently loads fine according to Windows' netstat -rn. I see the default route split between 0.0.0.0/1 and 128.0.0.0/1, as expected.
However: NO traffic but to the OpenVPN IP works.
Let's say my network is 10.1.1.0/24, the gateway 10.1.1.1 and the OpenVPN server 10.1.1.2. When connected, a traceroute to 10.1.1.2 works as expected. However, a traceroute to any other IP of my network gives:
The OpenVPN server runs Ubuntu 13.10 with OpenVPN 2.3. Complete configuration files below.
If anyone can help me, I'd greatly appreciate it!
Have a nice day.
Server config:
I have a bridged connection. The connection establishes fine (that is, no error is reported, and Viscosity gets an IP, the DNS and domain parameters). The OpenVPN pushes "redirect-gateway def1 bypass-dhcp", which apparently loads fine according to Windows' netstat -rn. I see the default route split between 0.0.0.0/1 and 128.0.0.0/1, as expected.
However: NO traffic but to the OpenVPN IP works.
Let's say my network is 10.1.1.0/24, the gateway 10.1.1.1 and the OpenVPN server 10.1.1.2. When connected, a traceroute to 10.1.1.2 works as expected. However, a traceroute to any other IP of my network gives:
Code: Select all
The traffic goes through the gateway of the network to whom I am connected, not through the remote network.tracert -d 10.1.1.1
1 2 ms 3 ms 3 ms 192.168.1.1
2 * * *^C
The OpenVPN server runs Ubuntu 13.10 with OpenVPN 2.3. Complete configuration files below.
If anyone can help me, I'd greatly appreciate it!
Have a nice day.
Server config:
Code: Select all
Viscosity config:
mode server
tls-server
port 443
proto tcp-server
port-share 10.1.0.10 443
dev tap
up "/etc/openvpn/up.sh br0 tap0 1500"
down "/etc/openvpn/down.sh br0 tap0"
server-bridge 10.1.1.1 255.255.255.0 10.1.1.201 10.1.1.238
tls-server
ca ca.crt
cert server.crt
key server.key
dh dh4096.pem
crl-verify crl.pem
tls-auth ta.key 0
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
cipher AES-256-CBC
auth SHA512
duplicate-cn
comp-lzo adaptive
keepalive 10 60
client-to-client
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.1.0.2"
push "dhcp-option DOMAIN <domain>"
user nobody
group nogroup
keepalive 10 120
persist-tun
persist-key
status openvpn-status.log
log /var/log/openvpn.log
verb 3
Code: Select all
Further info: I have tried to remove the tls-cipher, cipher and auth lines on both sides already (to check if it was a crypto problem).#-- Config Auto Generated By Viscosity --#
#viscosity name <name>
#viscosity ipv6 false
#viscosity manageadapter true
#viscosity startonopen false
remote <remoteip> 443 tcp-client
dev tap
tls-client
ca ca.crt
cert cert.crt
key key.key
tls-auth ta.key 1
nobind
pull
comp-lzo adaptive
persist-tun
persist-key
dev-node {A128B78D-EAA5-493B-8253-C1243022917B}
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
cipher AES-256-CBC
auth SHA512
auth-nocache
Hi Iriem,
I'm afraid this is probably going to be outside the OpenVPN config and most likely a firewall issue on your server that is preventing clients talking to each other and other devices on the network. To test this, we recommend you completely open up your server for a period of time, disable all firewall options completely, and test if the problem still persists.
Other things to try and check:
Ensure no routes exist for this IP range going to your local network
Push specific routes for the IP range you are trying to access (i.e. 10.1.1.0 255.255.255.0 vpn_gateway), as redirect gateway is a "everything else" route.
If Windows or a firewall program on your computer has enabled a firewall on the Viscosity adapter, or in general, disable it to test.
Outside routing or firewall, unfortunately there is a very limited scope of possibilities that can cause an issue like this.
Regards,
Eric
I'm afraid this is probably going to be outside the OpenVPN config and most likely a firewall issue on your server that is preventing clients talking to each other and other devices on the network. To test this, we recommend you completely open up your server for a period of time, disable all firewall options completely, and test if the problem still persists.
Other things to try and check:
Ensure no routes exist for this IP range going to your local network
Push specific routes for the IP range you are trying to access (i.e. 10.1.1.0 255.255.255.0 vpn_gateway), as redirect gateway is a "everything else" route.
If Windows or a firewall program on your computer has enabled a firewall on the Viscosity adapter, or in general, disable it to test.
Outside routing or firewall, unfortunately there is a very limited scope of possibilities that can cause an issue like this.
Regards,
Eric
Eric Thorpe
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
3 posts
Page 1 of 1