This is driving me crazy because I can’t work out where to look.
I have a VPN server running on an Asus router in Florida. I can connect to it with my laptop from the UK using OpenVPN client and browse anything.

I have a GL-MT300N-V2 running in the UK and attached by wifi to my UK router. It works ok so that part of the setup is OK

When I run OpenVPN as a client on the MT300 it does access the openvpn server in Florida because I can connect (wirelessly) to the MT300 with my laptop and run whatsmyIP (in chrome) and it returns the florida location

BUT - It won’t let me access any sites, so typing walmart.com into the browser just times out. Is there a DNS setting I need to change?

Any advice appreciated!

Sounds like an issue with firewall settings on the MT300. What’s your setup there?

I haven’t changed any firewall settings on the MT300. I assumed that because I can access the USA router and view sites (when I am not running openVPN as a client on the MT300) the problem had to be with the openVPN settings.

But if I can go to whatismyip,com and get a result, how is that any different from trying to get on the Walmart.com site

so even with openVPN running I am transferring some data OK

The error I get is

Check if there is a typo in www.walmart.com.

• If spelling is correct, try running Windows Network Diagnostics.

DNS_PROBE_FINISHED_NXDOMAIN

Try opening http://1.1.1.1 in a browser. If it works, then likely a DNS problem. If it does not work, then likely a firewall/setting problem.

Edit: Your last 2 posts just beat me on my post. What is your DNS server?

I do not work for and I do not have formal association with GL.iNet

It should be a DNS issue.

Just set up custom dns on MT300N-V2, e.g.
8.8.8.8
8.8.4.4
1.1.1.1

No it isn’t that. What I have noticed is that I can access Google ok, so if I type LOWES it finds lowes.com and I CAN visit that site (I guess because it is cached in my browser). If I type TARGET, google finds the site, but when I click the link to go to the site, it times out with
Check if there is a typo in www.target.com.

• If spelling is correct, [try running Windows Network Diagnostics](javascript:diagnoseErrors()).

DNS_PROBE_FINISHED_NXDOMAIN

Can you ping a site you can access and one you can’t? OpenVPN uses 0.0.0.0/1 and 128.0.0.0/1 as redirect routes - I’m wondering if the sites you can access are in one half and the sites you can’t are in another.

Can you use encrypted DNS, e.g. cloudflare?

This is with OpenVPN running as a client

C:\Users\XXX>ping lowes.com

Pinging lowes.com [23.193.120.119] with 32 bytes of data:
Reply from 23.193.120.119: bytes=32 time=165ms TTL=52
Reply from 23.193.120.119: bytes=32 time=159ms TTL=52
Reply from 23.193.120.119: bytes=32 time=161ms TTL=52
Reply from 23.193.120.119: bytes=32 time=163ms TTL=52

Ping statistics for 23.193.120.119:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 159ms, Maximum = 165ms, Average = 162ms

C:\Users\XXX>ping walmart.com

Pinging walmart.com [161.165.150.170] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 161.165.150.170:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Can you try a couple of more? Can you go to mit.edu and tamu.edu?

I have never used cloudflare - I am happy to give it a try, I just don’t want to introduce something else I don’t fully understand and potentially make it harder to diagnose the problem

C:\Users\XXX>ping mit.edu

Pinging mit.edu [104.98.76.146] with 32 bytes of data:
Reply from 104.98.76.146: bytes=32 time=190ms TTL=49
Reply from 104.98.76.146: bytes=32 time=199ms TTL=49
Reply from 104.98.76.146: bytes=32 time=191ms TTL=49
Reply from 104.98.76.146: bytes=32 time=187ms TTL=49

Ping statistics for 104.98.76.146:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 187ms, Maximum = 199ms, Average = 191ms

C:\Users\XXX>ping tamu.edu

Pinging tamu.edu [165.91.22.70] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 165.91.22.70:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

does that give you any ideas???

Can you access the website at TAMU? I just realized that ping is blocked, but web isn’t. If you can’t, then it looks like 0.0.0.0/1 traffic is going through but 128.0.0.0/1 traffic isn’t.

Can you just live without that half of the internet? (Kidding of course).

I can’t access either site. Even after BOTH sites timed out I went back and repinged mit.edu and that gets a reply. When I try to go to the sites in Chrome, I get Waiting for play.google.com in the status bar before it times out

MIT is actually hosting on akamai, so it’s believable to me that you can’t get to the site. Apparently people don’t host on prem much anymore.

Can you print the route table on your mt300?

Here it is (not that I understand it

Microsoft Windows [Version 10.0.19045.2251]
(c) Microsoft Corporation. All rights reserved.

C:\Users\XXX>route print

Interface List
4…00 ff 2d 2b 45 be …TAP-Windows Adapter V9 for OpenVPN Connect
6…c8 d9 d2 a0 2e 0c …Realtek PCIe GbE Family Controller
21…f6 40 bb 70 7a d9 …Microsoft Wi-Fi Direct Virtual Adapter
8…76 40 bb 70 7a d9 …Microsoft Wi-Fi Direct Virtual Adapter #2
22…74 40 bb 70 7a d9 …Realtek RTL8821CE 802.11ac PCIe Adapter
12…74 40 bb 70 7a da …Bluetooth Device (Personal Area Network)
1…Software Loopback Interface 1

IPv4 Route Table

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.8.1 192.168.8.104 50
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.8.0 255.255.255.0 On-link 192.168.8.104 306
192.168.8.104 255.255.255.255 On-link 192.168.8.104 306
192.168.8.255 255.255.255.255 On-link 192.168.8.104 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.8.104 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.8.104 306

Persistent Routes:
None

IPv6 Route Table

Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
22 306 fe80::/64 On-link
22 306 fe80::d237:1569:b93f:2fd6/128
On-link
1 331 ff00::/8 On-link
22 306 ff00::/8 On-link

Persistent Routes:
None

Sorry - not from the Windows computer - actually from the MT300 itself (you’ll need to ssh in).

This is stretching me back to my DOS days

root@GL-MT300N-V2:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.8.0.9 128.0.0.0 UG 0 0 0 tun0
default vodafone.connec 0.0.0.0 UG 20 0 0 apcli0
10.8.0.1 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
10.8.0.9 * 255.255.255.255 UH 0 0 0 tun0
97.103.69.165 vodafone.connec 255.255.255.255 UGH 0 0 0 apcli0
128.0.0.0 10.8.0.9 128.0.0.0 UG 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 20 0 0 apcli0
192.168.8.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.50.0 10.8.0.9 255.255.255.0 UG 500 0 0 tun0
192.168.50.1 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
root@GL-MT300N-V2:~#

What are your various IP blocks?

10.8.0.X is OpenVPN?
192.168.1.0 is the network the MT300 is connected to?
192.168.50.0 is your remote network?

Can you show the output of ip route instead of just route?

Thanks