After establishing VPN tunnel using openconnect, there is no internet traffic. Route table is incorrect. Any ideas about fix ?
Software: 2.19 / OpenWrt Chaos Calmer 15.05 / Kernel 3.18.27
Hardware: GL-iNet6416, GL-AR150, GL-MT300A
Note1: All config files have not been edited manually, all configurations done using LuCI
Note2: GL-iNet6416 with firmware 2.10 (not available for download from GL website) works with Openconnect with no routing problem
Before Openconnect establishes VPN connection and tunnel:
root@GL-AR150:# route
<code>Kernel IP routing table
<code>Destination Gateway Genmask Flags Metric Ref Use Iface
<code>default 10.1.6.254 0.0.0.0 UG 0 0 0 eth0
<code>10.1.6.0 * 255.255.255.0 U 0 0 0 eth0 //* External (lab) WAN Network.
<code>10.1.6.254 * 255.255.255.255 UH 0 0 0 eth0 //* External (lab) WAN Gateway.
<code>192.168.6.0 * 255.255.255.0 U 0 0 0 br-lan
root@GL-AR150:# ping 8.8.8.8
<code>PING 8.8.8.8 (8.8.8.8): 56 data bytes
<code>64 bytes from 8.8.8.8: seq=0 ttl=53 time=23.804 ms
<code>64 bytes from 8.8.8.8: seq=1 ttl=53 time=18.811 ms
<code>64 bytes from 8.8.8.8: seq=2 ttl=53 time=24.238 ms
<code>64 bytes from 8.8.8.8: seq=3 ttl=53 time=20.967 ms
<code>64 bytes from 8.8.8.8: seq=4 ttl=53 time=14.393 ms
<code>64 bytes from 8.8.8.8: seq=5 ttl=53 time=16.640 ms
--- 8.8.8.8 ping statistics ---
<code>6 packets transmitted, 6 packets received, 0% packet loss
<code>round-trip min/avg/max = 14.393/19.808/24.238 ms //*Ping
<code>root@GL-AR150:#
After Openconnect establishes VPN connection
root@GL-AR150:# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 U 0 0 0 vpn-OC //* Openconnect interface
10.1.6.0 * 255.255.255.0 U 0 0 0 eth0
10.1.6.254 * 255.255.255.255 UH 0 0 0 eth0
172.16.230.32 * 255.255.255.224 U 0 0 0 vpn-OC //* Network provided by VPN server
192.168.6.0 * 255.255.255.0 U 0 0 0 br-lan
root@GL-AR150:# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
--- 8.8.8.8 ping statistics ---
11 packets transmitted, 0 packets received, 100% packet loss
The only way to make this connection is to manually edit routes (workaround) :
root@GL-AR150:# <strong>route del 10.1.6.254</strong>
root@GL-AR150:# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 U 0 0 0 vpn-OC
10.1.6.0 * 255.255.255.0 U 0 0 0 eth0
172.16.230.32 * 255.255.255.224 U 0 0 0 vpn-OC
192.168.6.0 * 255.255.255.0 U 0 0 0 br-lan
And then:
root@GL-AR150:# <strong>route add -host XXX.XXX.XXX.XXX gw 10.1.6.254 dev eth0</strong> //* XXX is the external IP of VPN server
root@GL-AR150:# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 U 0 0 0 vpn-OC
10.1.6.0 * 255.255.255.0 U 0 0 0 eth0
XXX.XXX.XXX.XXX 10.1.6.254 255.255.255.255 UGH 0 0 0 eth0
172.16.230.32 * 255.255.255.224 U 0 0 0 vpn-OC
192.168.6.0 * 255.255.255.0 U 0 0 0 br-lan
<code>
root@GL-AR150:# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=53 time=73.863 ms
64 bytes from 8.8.8.8: seq=1 ttl=53 time=43.291 ms
64 bytes from 8.8.8.8: seq=2 ttl=53 time=46.331 ms
64 bytes from 8.8.8.8: seq=3 ttl=53 time=45.039 ms
64 bytes from 8.8.8.8: seq=4 ttl=53 time=48.570 ms
<code>
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 43.291/51.418/73.863 ms //*Ping is slower as it travels over VPN tunnel
root@GL-AR150:#
Additional data:
From ASA 5540:
<code>asa5540# show vpn-sessiondb anyconnect
Session Type: AnyConnect
Username : [username] Index : 829
Assigned IP : 172.16.230.42 Public IP : YYY.YYY.YYY.YYY
Protocol : AnyConnect-Parent SSL-Tunnel
License : AnyConnect Premium
Encryption : AnyConnect-Parent: (1) AES256 SSL-Tunnel: (1)AES256
Hashing : AnyConnect-Parent: (1) SHA1 SSL-Tunnel : (1)SHA1
Bytes Tx : 338225 Bytes Rx : 170213
Group Policy : [Group-policy-name] Tunnel Group : [Tunnel group name]
Login Time : 00:00:57 UTC Tue Jun 7 2016
Duration : 0h:04m:04s
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Audt Sess ID : c0a87afd0033d00057560eb9
Security Grp : none
asa5540#
And ifconfig
root@GL-AR150:# ifconfig
br-lan Link encap:Ethernet HWaddr E4:95:6E:40:83:4C
inet addr:192.168.6.1 Bcast:192.168.6.255 Mask:255.255.255.0
inet6 addr: fd66:67b7:4126::1/60 Scope:Global
inet6 addr: fe80::e695:6eff:fe40:834c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:63976 errors:0 dropped:0 overruns:0 frame:0
TX packets:87639 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6422416 (6.1 MiB) TX bytes:60761232 (57.9 MiB)
eth0 Link encap:Ethernet HWaddr E4:95:6E:40:83:4C
inet addr:10.1.6.15 Bcast:10.1.6.255 Mask:255.255.255.0
inet6 addr: fe80::e695:6eff:fe40:834c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:67519 errors:0 dropped:0 overruns:0 frame:0
TX packets:46415 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:51982994 (49.5 MiB) TX bytes:5313089 (5.0 MiB)
Interrupt:4
eth1 Link encap:Ethernet HWaddr E4:95:6E:40:83:4C
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:5
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1092 errors:0 dropped:0 overruns:0 frame:0
TX packets:1092 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:82188 (80.2 KiB) TX bytes:82188 (80.2 KiB)
wlan0 Link encap:Ethernet HWaddr E4:95:6E:40:83:4C
inet6 addr: fe80::e695:6eff:fe40:834c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64196 errors:0 dropped:0 overruns:0 frame:0
TX packets:72214 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7345503 (7.0 MiB) TX bytes:55108566 (52.5 MiB)
root@GL-AR150:#
After Openconnect:
root@GL-AR150:# ifconfig
br-lan Link encap:Ethernet HWaddr E4:95:6E:40:83:4C
inet addr:192.168.6.1 Bcast:192.168.6.255 Mask:255.255.255.0
inet6 addr: fd66:67b7:4126::1/60 Scope:Global
inet6 addr: fe80::e695:6eff:fe40:834c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64584 errors:0 dropped:0 overruns:0 frame:0
TX packets:88318 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6502167 (6.2 MiB) TX bytes:61021799 (58.1 MiB)
eth0 Link encap:Ethernet HWaddr E4:95:6E:40:83:4C
inet addr:10.1.6.15 Bcast:10.1.6.255 Mask:255.255.255.0
inet6 addr: fe80::e695:6eff:fe40:834c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:67830 errors:0 dropped:0 overruns:0 frame:0
TX packets:46638 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:52073037 (49.6 MiB) TX bytes:5354358 (5.1 MiB)
Interrupt:4
eth1 Link encap:Ethernet HWaddr E4:95:6E:40:83:4C
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:5
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1100 errors:0 dropped:0 overruns:0 frame:0
TX packets:1100 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:82743 (80.8 KiB) TX bytes:82743 (80.8 KiB)
vpn-OC Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.230.42 P-t-P:172.16.230.42 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1406 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:237 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:26847 (26.2 KiB)
wlan0 Link encap:Ethernet HWaddr E4:95:6E:40:83:4C
inet6 addr: fe80::e695:6eff:fe40:834c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64807 errors:0 dropped:0 overruns:0 frame:0
TX packets:72537 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7433984 (7.0 MiB) TX bytes:55203239 (52.6 MiB)
root@GL-AR150:#