All connections fail once OpenVPN tunnel is up - Why?

Question

5

All connections fail once OpenVPN tunnel is up - Why?

asked 2017-12-22 04:52:24 +0300

hammerhead
813 ●21 ●35 ●37

updated 2017-12-22 19:07:26 +0300

On Sailfish 2.1.0.10 (Nexus 5) I was able to successfully use OpenVPN.

Now, on Sailfish X 2.1.3.7, the fields to fill are quite different. However, I copied over the settings from the Nexus to the fields that appear to correspond.

I am able to establish the tunnel, but whenever I do, no connection works - not even to one to the VPN network.

Where could the issue lie - how should I best debug?

Is it a general bug (anybody successfully using OpenVPN?) or rather a configuration error?

UPDATE

I tried from the command line. openvpn conf.ovpn complains:

ERROR: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)

Since the vpn group has rw access to the device, I added nemo to that group, restarted the device and tried again. There was a different error (I don't remember exactly right now).

Only when I run the command as root, everything connects just fine. But that's not how it's ought to work, right?

I'd rather be able to do it via the GUI via "Settings" and have the system take care of connecting upon boot and such. Ideas welcome.

edit retag flag offensive close delete

Comments

Hi. VPN debugging is sometimes tricky. Mine is working very, very well.

Can you provide more derails about your problem?

You may also want to check the output of the command ”connmanctl services” ...

Regards.

Pasko ( 2017-12-22 08:33:14 +0300 )edit

First guess - routing?

tortoisedoc ( 2017-12-22 10:19:02 +0300 )edit

1

It always has failed use securefisnet for open VPN that works.

DarkTuring ( 2017-12-22 11:12:54 +0300 )edit

Added some further info to the question. The info indicates that it's not a routing issue per-se. I am able to use both, the clearnet and the VPN if I run openvpn as root from the CLI.

hammerhead ( 2017-12-22 19:09:02 +0300 )edit

Hi.

Maybe if you take a look here you may find help.

Regards.

Pasko ( 2017-12-23 14:41:09 +0300 )edit

Hi. VPN debugging is sometimes tricky. Mine is working very, very well.
Can you provide more derails about your problem?
You may also want to check the output of the command ”connmanctl services” ...
Regards.
Pasko ( 2017-12-22 08:33:14 +0300 )edit
First guess - routing?
tortoisedoc ( 2017-12-22 10:19:02 +0300 )edit
It always has failed use securefisnet for open VPN that works.
DarkTuring ( 2017-12-22 11:12:54 +0300 )edit
Added some further info to the question. The info indicates that it's not a routing issue per-se. I am able to use both, the clearnet and the VPN if I run openvpn as root from the CLI.
hammerhead ( 2017-12-22 19:09:02 +0300 )edit
Hi.
Maybe if you take a look here you may find help.
Regards.
Pasko ( 2017-12-23 14:41:09 +0300 )edit

Answer 1

1

answered 2017-12-23 17:33:55 +0300

deprecated

1020 ●13 ●16 ●22

updated 2017-12-23 17:34:40 +0300

No need for SecureFishNet, the built-in setup works fine. Add the following to the end of your configs:

redirect-gateway def1

edit flag offensive delete publish link

Comments

Where do I add that in the GUI? (Note that via command line the only issue seems to be permissions, not routing.)

hammerhead ( 2017-12-23 20:10:56 +0300 )edit

built-in only has support for TUN, not for TAP

accumulator ( 2018-01-16 16:03:36 +0300 )edit

Answer 2

0

answered 2017-12-22 18:48:56 +0300

zash1958
1077 ●12 ●25 ●33

updated 2017-12-22 18:52:50 +0300

Use "Securefishnet"

I think, Your VPN connection changes the default gateway to the tunnel and at the other end of the tunnel Your router??? dos not know to handle the IP packages coming in from the tunnel.

You can also try to change the routing/firewall on Your router

Even with the default gateway directing in the tunnel all other Internet access has to work. .... If Your router does all routing/forwarding correct. And if no packetfilter supresses the packages. Not to forget to correct configure and use the DNS. Here I have also such an configuration, default GW to the tunnel, DNS in the remote network. And all is running flawlessly.

edit flag offensive delete publish link

Comments

As stated above from other users too:

Use SecureFishNet from openrepos and all is fine.....

zash1958 ( 2017-12-23 13:13:46 +0300 )edit

Just as a note to people coming here in the future: As of 2.2.0.29 Mouhijoki SecureFishNet didn't anymore work for me, but fortunately in 2.2.0 the built-in VPN support seemed to work at least for my openvpn setup. Of course, setups vary, and the same config that worked with SecureFishNet might not work with the built-in VPN.

zagrimsan ( 2018-06-26 16:28:51 +0300 )edit

Answer 3

2

answered 2017-12-22 11:15:07 +0300

utkiek
1791 ●23 ●41 ●47

For my X: With settings/vpn -> vpn ON: the default route is switched to the vpn network. But in this vpn network is no connection to the world.

I use openvpn on my Jolla 1 since 2014 (started by systemd). In this configuration openvpn will route only the specified vpn ip. Maybe there is a lack of rights by activating vpn with settings/vpn. See more in this tjc question.

edit flag offensive delete publish link

Comments

Since not even accessing the VPN is possible, I doubt this to be the issue. Forcing the routing through the endpoint is a setting - either on client side or on server (pushed to the client). On neither side this is activated.

hammerhead ( 2017-12-23 20:12:25 +0300 )edit

All connections fail once OpenVPN tunnel is up - Why?

Comments

3 Answers

Comments

Comments

Comments

Question tools

Stats

Related questions

All connections fail once OpenVPN tunnel is up - Why?

Comments

3 Answers

Comments

Comments

Comments

Question tools

Public thread

Stats

Related questions