VPN connects, but nothing works

Got a problem with Viscosity or need help? Ask here!

lriem

Posts: 1
Joined: Mon Apr 14, 2014 2:52 am

Post by lriem » Mon Apr 14, 2014 3:10 am
Hi!

I have a bridged connection. The connection establishes fine (that is, no error is reported, and Viscosity gets an IP, the DNS and domain parameters). The OpenVPN pushes "redirect-gateway def1 bypass-dhcp", which apparently loads fine according to Windows' netstat -rn. I see the default route split between 0.0.0.0/1 and 128.0.0.0/1, as expected.

However: NO traffic but to the OpenVPN IP works.

Let's say my network is 10.1.1.0/24, the gateway 10.1.1.1 and the OpenVPN server 10.1.1.2. When connected, a traceroute to 10.1.1.2 works as expected. However, a traceroute to any other IP of my network gives:
Code: Select all
tracert -d 10.1.1.1
1 2 ms 3 ms 3 ms 192.168.1.1
2 * * *^C
The traffic goes through the gateway of the network to whom I am connected, not through the remote network.

The OpenVPN server runs Ubuntu 13.10 with OpenVPN 2.3. Complete configuration files below.

If anyone can help me, I'd greatly appreciate it!

Have a nice day.

Server config:
Code: Select all
mode server
tls-server

port 443
proto tcp-server
port-share 10.1.0.10 443

dev tap
up "/etc/openvpn/up.sh br0 tap0 1500"
down "/etc/openvpn/down.sh br0 tap0"

server-bridge 10.1.1.1 255.255.255.0 10.1.1.201 10.1.1.238
tls-server
ca ca.crt
cert server.crt
key server.key
dh dh4096.pem
crl-verify crl.pem
tls-auth ta.key 0
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
cipher AES-256-CBC
auth SHA512

duplicate-cn
comp-lzo adaptive
keepalive 10 60
client-to-client

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.1.0.2"
push "dhcp-option DOMAIN <domain>"

user nobody
group nogroup
keepalive 10 120
persist-tun
persist-key
status openvpn-status.log
log /var/log/openvpn.log
verb 3
Viscosity config:
Code: Select all
#-- Config Auto Generated By Viscosity --#

#viscosity name <name>
#viscosity ipv6 false
#viscosity manageadapter true
#viscosity startonopen false
remote <remoteip> 443 tcp-client
dev tap
tls-client
ca ca.crt
cert cert.crt
key key.key
tls-auth ta.key 1
nobind
pull
comp-lzo adaptive
persist-tun
persist-key
dev-node {A128B78D-EAA5-493B-8253-C1243022917B}
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
cipher AES-256-CBC
auth SHA512
auth-nocache
Further info: I have tried to remove the tls-cipher, cipher and auth lines on both sides already (to check if it was a crypto problem).

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Mon Apr 14, 2014 1:14 pm
Hi Iriem,

I'm afraid this is probably going to be outside the OpenVPN config and most likely a firewall issue on your server that is preventing clients talking to each other and other devices on the network. To test this, we recommend you completely open up your server for a period of time, disable all firewall options completely, and test if the problem still persists.

Other things to try and check:

Ensure no routes exist for this IP range going to your local network
Push specific routes for the IP range you are trying to access (i.e. 10.1.1.0 255.255.255.0 vpn_gateway), as redirect gateway is a "everything else" route.
If Windows or a firewall program on your computer has enabled a firewall on the Viscosity adapter, or in general, disable it to test.

Outside routing or firewall, unfortunately there is a very limited scope of possibilities that can cause an issue like this.

Regards,

Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

lamellama

Posts: 1
Joined: Sun Apr 27, 2014 2:17 am

Post by lamellama » Sun Apr 27, 2014 2:25 am
I just noticed my traffic wasn't being sent through the VPN. After disabling Avast internet shield it is working again. Thanks for the help.
3 posts Page 1 of 1