root@GL-MT300N-V2:~# ip route
0.0.0.0/1 via 10.8.0.5 dev tun0
default via 192.168.1.1 dev apcli0 proto static src 192.168.1.17 metric 20
10.8.0.1 via 10.8.0.5 dev tun0
10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6
97.103.69.165 via 192.168.1.1 dev apcli0
128.0.0.0/1 via 10.8.0.5 dev tun0
192.168.1.0/24 dev apcli0 proto static scope link metric 20
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
192.168.50.0/24 via 10.8.0.5 dev tun0 metric 500
192.168.50.1 via 10.8.0.5 dev tun0
root@GL-MT300N-V2:~#
when the openVPN is disconnected, this is the ip route
root@GL-MT300N-V2:~# ip route
default via 192.168.1.1 dev apcli0 proto static src 192.168.1.17 metric 20
192.168.1.0/24 dev apcli0 proto static scope link metric 20
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
I’m not sure - It is a standard install running on asus rt-ax58u ax3000 router
Odd that with everything looking ok that it can’t access the web when running OpenVPN on the MT300. Not a disaster since it all works when I run openvpn as a client on my laptop but still a strange bug
I have printed the route table first with VPN off, then with VPN on. In both cases my windows 10 laptop was connected wirelessly to the MT300 which is connected wirelessly to my home router
WITH VPN OFF
Interface List
4…00 ff 2d 2b 45 be …TAP-Windows Adapter V9 for OpenVPN Connect
6…c8 d9 d2 a0 2e 0c …Realtek PCIe GbE Family Controller
21…f6 40 bb 70 7a d9 …Microsoft Wi-Fi Direct Virtual Adapter
8…76 40 bb 70 7a d9 …Microsoft Wi-Fi Direct Virtual Adapter #2
22…74 40 bb 70 7a d9 …Realtek RTL8821CE 802.11ac PCIe Adapter
12…74 40 bb 70 7a da …Bluetooth Device (Personal Area Network)
1…Software Loopback Interface 1
1.1.1.1 does work - do you think it is the firewall on my UK laptop or my USA router?
I have Norton 360 on the laptop but switching off makes no difference
I can’t see it being a firewall on the router as it works OK when I run OpenVPN on my laptop
I’m wondering if there’s some sort of weird bug in the ASUS server implementation (not as weird as it may sound - I found/reported a bug in a major vendor’s IPSec implementation where they were sending an extra parameter that failed when connecting to strongswan).
Is there an option on the ASUS router to use topology rather than net30? (or something like that)?
I can’t really change anything on the Asus Server without having physical access. I can access it remotely but if I do anything to make it fall over I would lose the functionality I do have.
If there was a bug in the router I would expect it to stop the pc (running openvpn client) from working OK.
Similarly if the problem was with the MT300 or its connection to the local router, I would expect problems accessing the web when openvpn was not running.
It seems to be an issue with Openvpn running on the MT300 or something which is preventing the DNS from resolving the URLs. I don’t think it is a firewall problem as they usually give an error message and I have tried it when Norton was disabled
What version is the OVPN client on the mt300 (OpenVPN -version)?
The windows and Linux clients are different, so it may be that one of them is handling the Asus server gracefully and the other isn’t. You might try updating the OVPN client if it’s an old version.
I don’t see that we asked this anywhere in the thread, but what version of firmware are you running?
Another suggestion would be to download stock OpenWRT since it exists for that device, which would have a more up-to-date (v2.5.3, probably) OpenVPN client. I would suggest sticking with the 21.02.5 branch right now, as it still uses iptables (instead of nftables). Or alternatively install iptables-nft.
I can’t see any way to check the version of the OVPN client on the mt300 as it came preinstalled on the mt300
The version of OpenVPN which runs on my PC and is OK is 3.3.6 (2752)
Do you mean OpenWRT on the mt300 …wouldn’t that overwrite the GL.iNet code
Is there a way to see what version of OVPN is running on the mt300? otherwise I do have another mini router (a crappy rip off of yours called Jumpbox ) which I could try downloading the Linux version of OVPN and see if that also has problems because I don’t mind if I brick that
Firstly - apologies - I just assumed you worked for them as you are so knowledgeable about their device - perhaps a hacker then
The OVPN version on the mt300 is below. I think the latest is 2.5.8 so 2.5.2 should be OK but I think you may be on to something with linux vs windows
I don’t want to risk the mt300 as I want to try some other things yet (like running openvpn server on it and seeing if I can access it remotely using my pc) - it won’t fix this issue but it might allow me to watch geo fenced TV when I am on holiday
root@GL-MT300N-V2:~# openvpn --version
OpenVPN 2.5.2 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.1.1n 15 Mar 2022
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc sales@openvpn.net
root@GL-MT300N-V2:~#
I can’t access that level of info on the Asus remotely. I think you were definitely right when you said I could access half the internet - I just tried some
Google - YES
Cloudflare - YES
Facebook - YES
YouTube - NO
Ebay - NO
Reddit - NO
Instagram - YES
PayPal - NO Cam.ac.uk - YES Ox.ac.uk - NO
So I am more inclined to believe it is a bug (probably in the linux version of OVPN running on the mt300) than anything wrong with any of the settings
I will see if GL.iNet know anything about it before I start making changes
I suspect it’s on the Asus side, frankly. I run hundreds of OpenVPN clients on multiple systems (Linux and Windows) to Linux and BSD OpenVPN servers and I’ve never seen this behavior. If you can ssh into the Asus, you can execute the same command.
It’s possible that something is jank in gl-inet’s firewall implementation, but that seems unlikely. I’ll try to crank up my AR300 here in a bit on that firmware version to a BSD server just to confirm.
I appear to have successfully bricked my AR300 beyond my ability to quickly fix it, but I pulled out a Brume running 3.215 with the same version of OpenVPN. Connecting to a pfSense server, I’m able to ping both sides of 128.0.0.0:
5 162.213.121.107 (162.213.121.107) 93.527 ms 54.283 ms 62.381 ms
6 66.206.33.147 (66.206.33.147) 77.483 ms 111.773 ms 144.065 ms
7 67.231.247.81 (67.231.247.81) 125.570 ms 49.230 ms 50.878 ms
8 4.30.179.1 (4.30.179.1) 90.164 ms 54.405 ms 55.247 ms
So I don’t think it’s something inherent or a bug in the gl-inet code. It’s possible that there’s something janky in the configuration if you want to post that?