Cannot send traffic out VPN on MIFI, f/w 3.009


#1

I’ve got a really frustrating problem that I think has a simple solution. I’ve got the OpenVPN client setup on my MIFI, and it connects perfectly. HOWEVER, I cannot pass traffic through the vpn! Are there any specific firewall rules required to make this work? I do not care if ALL traffic goes through the VPN, or just traffic destined for that subnet, I just need it work.


#2

As long as you vpn is connected you should be able to route your traffic.

Here is two method to check.

First ssh to your router and check if the router itself can use the vpn to communicate. It is connected does not mean the vpn server can really accept traffic.

Second, when you upgrade, did you reserve settings? This could cause problems. If kept settings please do a revert firmware in more settings and try to upload oven again.


#3

Hello, thanks for your quick reply. I can login to the MIFI via the VPN perfectly (VPN Server to VPN Client on MIFI). I setup the parameters after I upgraded, so nothing needed to be saved. Do I need to bridge any interfaces, or setup zones for proper functionality?


#4

No you should not touch any settings manually.

Can you post your ovpn? You can remove your IP and credentials.


#5

Are you looking for just the conf, or the CA.crt, cpe.crt, and cpe.key?


#6

just the config should be OK.

You can also post the following log

ifconfig
route

#7

Here’s my config:

client
dev tun
proto udp
remote xxx.xxxxxx.xxx 9002
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert cpe.crt
key cpe.key
cipher AES-256-CBC
verb 3
;mute 20
pull


#8

Cannot see any problem. Can you give the following as well?

ifconfig
route

#9

I will have to get that information tomorrow. I saw some blogs that said you need to setup the firewall zones and put some firewall rules in place so that traffic goes out the VPN automatically, you’re saying that is not necessary?


#10

I do have a copy of the system log:

Does that help?


#11

This not not necessary. Some people want to only router some IP or website so that is necessary.


#12

So you’re saying that if I want to route ALL traffic over the VPN, then I do not need to worry about firewall rules or zones?


#13

Yes of course. That is what the router does.


#14

Hm, ok. Then I wonder why it is not working for me. Tomorrow when I’m back in the office I will get the information you requested.


#15

Where is the “auth-user-pass /etc/openvpn/ovpn0/auth/usrpwd.txt” in your config file?

Or if it’s a free VPN, maybe that is the problem!


#16

I dont have one, its connected to my own VPN server.


#17

should it be a subnet problem?

Can you check all the subnet of your server and the router? What are the subnet?