GL-MT300N-V2: Connected as OpenVPN client, but can't ping server

alex1 · January 25, 2020, 7:06pm

Hi,

I’m trying to set up my MT300N as a OpenVPN client connected to my router at home. The connection is established successfully, but no traffic passes through the tunnel. I can’t ping the OpenVPN server, and in fact after 60 seconds (the inactivity timeout) the connection gets dropped and reconnected. I’ve tried stopping the firewall, but the behavior doesn’t change. The same ovpn configuration file works on my laptop while connected to the MT300N, so I don’t think the issue is on the server side. I’ve reset the device and only tried to configure the VPN, with everything else left as defaults (it’s running 3.025). Any idea what I could try?

Here is the ovpn config file on the MT300N:

client
remote '...'
verify-x509-name "..."
cipher AES-256-CBC
auth SHA256
compress lzo
resolv-retry infinite
dev tun
proto udp
nobind
auth-nocache
script-security 2
persist-key
persist-tun
key-direction 1
<ca>...</ca>
<cert>...</cert>
<key>...</key>
<tls-auth>...</tls-auth>

And here are the routes while the connection is active:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         128.0.0.0       U     0      0        0 tun0
0.0.0.0         192.168.43.245  0.0.0.0         UG    20     0        0 apcli0
128.0.0.0       0.0.0.0         128.0.0.0       U     0      0        0 tun0
172.16.1.0      0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.1.0     172.16.1.1      255.255.255.0   UG    0      0        0 tun0
192.168.8.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.43.0    0.0.0.0         255.255.255.0   U     20     0        0 apcli0

And the related log messages showing the connection was established:

Sat Jan 25 19:06:34 2020 daemon.notice openvpn[3713]: [server] Peer Connection Initiated with [AF_INET]...:1194
Sat Jan 25 19:06:36 2020 daemon.notice openvpn[3713]: TUN/TAP device tun0 opened
Sat Jan 25 19:06:36 2020 daemon.notice openvpn[3713]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jan 25 19:06:36 2020 daemon.notice openvpn[3713]: /sbin/ifconfig tun0 172.16.1.4 netmask 255.255.255.0 mtu 1500 broadcast 172.16.1.255
Sat Jan 25 19:06:36 2020 daemon.notice openvpn[3713]: /etc/openvpn/update-resolv-conf tun0 1500 1570 172.16.1.4 255.255.255.0 init
Sat Jan 25 19:06:50 2020 daemon.notice openvpn[3713]: Initialization Sequence Completed
Sat Jan 25 19:09:36 2020 daemon.notice openvpn[3713]: [server] Inactivity timeout (--ping-restart), restarting
Sat Jan 25 19:09:36 2020 daemon.notice openvpn[3713]: /sbin/ifconfig tun0 0.0.0.0
Sat Jan 25 19:09:36 2020 daemon.notice openvpn[3713]: /etc/openvpn/update-resolv-conf tun0 1500 1570 172.16.1.4 255.255.255.0 init
Sat Jan 25 19:09:36 2020 daemon.notice openvpn[3713]: SIGHUP[soft,ping-restart] received, process restarting
Sat Jan 25 19:09:36 2020 daemon.notice openvpn[3713]: OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sat Jan 25 19:09:36 2020 daemon.notice openvpn[3713]: library versions: OpenSSL 1.0.2o  27 Mar 2018, LZO 2.10
Sat Jan 25 19:09:41 2020 daemon.warn openvpn[3713]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jan 25 19:09:42 2020 daemon.notice openvpn[3713]: TCP/UDP: Preserving recently used remote address: [AF_INET]...:1194
Sat Jan 25 19:09:42 2020 daemon.notice openvpn[3713]: UDP link local: (not bound)
Sat Jan 25 19:09:42 2020 daemon.notice openvpn[3713]: UDP link remote: [AF_INET]...:1194
Sat Jan 25 19:09:45 2020 daemon.notice openvpn[3713]: [server] Peer Connection Initiated with [AF_INET]...:1194
Sat Jan 25 19:09:46 2020 daemon.notice openvpn[3713]: TUN/TAP device tun0 opened
Sat Jan 25 19:09:46 2020 daemon.notice openvpn[3713]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jan 25 19:09:46 2020 daemon.notice openvpn[3713]: /sbin/ifconfig tun0 172.16.1.4 netmask 255.255.255.0 mtu 1500 broadcast 172.16.1.255
Sat Jan 25 19:09:46 2020 daemon.notice openvpn[3713]: /etc/openvpn/update-resolv-conf tun0 1500 1570 172.16.1.4 255.255.255.0 init
Sat Jan 25 19:09:59 2020 daemon.notice openvpn[3713]: Initialization Sequence Completed

Any help would be greatly appreciated.

ponzi1 · January 26, 2020, 10:17am

DNS? What is DNS set to? Try setting 8.8.8.8 8.8.4.4 to test.

alex1 · January 26, 2020, 11:15am

DNS is set to 192.168.1.1 by the OpenVPN server, but that doesn’t really matter because I can’t ping IP addresses, including that one.

alex1 · January 27, 2020, 5:28pm

I finally managed to get this to work by adding redirect-gateway def1 to my ovpn config file. Now my routes make more sense:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.16.1.1      128.0.0.0       UG    0      0        0 tun0
0.0.0.0         194.12.160.1    0.0.0.0         UG    20     0        0 apcli0
X.X.X.X         194.12.160.1    255.255.255.255 UGH   0      0        0 apcli0
128.0.0.0       172.16.1.1      128.0.0.0       UG    0      0        0 tun0
172.16.1.0      0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.1.0     172.16.1.1      255.255.255.0   UG    0      0        0 tun0
192.168.8.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
194.12.160.0    0.0.0.0         255.255.224.0   U     20     0        0 apcli0