We have moved to a new Sailfish OS Forum. Please start new discussions there.
3

No packets through OpenVPN

asked 2019-12-02 15:24:09 +0200

Direc gravatar image

updated 2019-12-06 21:16:51 +0200

Hi,

I'm using XA2 with SFOS 3.2.0.

I'm trying to use OpenVPN with our company firewall. I have used OpenVPN with the provided profile with Android phone, and it works as expected.

I can import the .ovpn profile file in Sailfish VPN wizard, establish the connection and I do get an IP address and the correct routes to all configured subnets. However, there's no actual traffic going through. I can't ping anything, and I can't access our internal HTTPS servers. Nothing gets logged to the firewall log, so it seems that no packet is getting properly through.

I tried to open the connection from the terminal (using admin rights), and according to the log everything seems to be in order.

As far as I understand, Sailfish VPN doesn't affect Android software, but I can't get even the native software to work.

How could this be tackled? This is by no means enough information to figure this out; what more should I provide?

Update 1: I tested this with my Windows 10 computer and found out that the profile file our firewall exports contains line comp-lzo no (IIRC) which breaks it. Setting it to comp-lzo yes fixes it; I can ping the remote end hosts and access resources. (How it ever worked before? Older firewall software exported the profile correctly?) Conveniently, there is even a GUI setting for compression in Sailfish! However, setting it, or re-importing manually fixed profile file, doesn't fix the problem: I still can't ping or access the resources with my Sailfish X device. So close... I think I'll continue by triple-checking the routing tables and enabling logging in our firewall to see if anything reaches the the remote end.

edit retag flag offensive close delete

2 Answers

Sort by » oldest newest most voted
0

answered 2019-12-03 11:18:34 +0200

utkiek gravatar image

You can use OpenVPN without the Sailfish VPN Settings. Maybe the Sailfish VPN settings have some restrictions not made for you.

After deleting the VPN settings you can setup OpenVPN with systemd as described in my answer here . I am using this sinces 2014. I use OpenVPN only for tunneling my mails. The Sailfish VPN will redirect all traffic.

edit flag offensive delete publish link more

Comments

The GUI works fine with our profile, and I get identical results with command line. So, at this point, VPN GUI / Sailfish modifications are not under suspicion, but I'll keep trying both ways.

Direc ( 2019-12-06 21:18:32 +0200 )edit
0

answered 2019-12-03 14:37:10 +0200

accumulator gravatar image

updated 2019-12-03 14:39:48 +0200

SailfishOS does something wrong with routing when using OpenVPN. Normally clientside two routes are automatically added (two times a /1 route, to be more 'specific' than the default GW), but somehow that doesn't happen. I had to add the two /1 routes in the serverside config route push section to make it work.

This is what the routing table should show, after enabling OpenVPN:

0.0.0.0/1 via <vpn gw ip> dev vpn0 
128.0.0.0/1 via <vpn gw ip> dev vpn0

Try adding these manually after enabling the VPN and see if it works for you.

edit flag offensive delete publish link more

Comments

The first thing was checking the routing tables, and they seemed to be correct. I should still check it more carefully, and compare it between my XA2 and Windows laptop.

Direc ( 2019-12-06 21:20:53 +0200 )edit

About the 0.0.0.0/1 route: I can't recall if that route is there or not, but as we use split tunneling, I think it should not be. The relevant subnets were in the routing table, though.

Direc ( 2019-12-06 21:24:43 +0200 )edit

Ah.. my comment was for having the VPN connection as the default route. Your case seems to be just for routing the internal company subnet(s) :)

accumulator ( 2019-12-07 13:57:42 +0200 )edit

Hi, I have the same issue (since 3.2 I think indeed), but adding those two routes manually doesn't seem to work. When I look at the routes generated by running OpenVPN in CLI, I see that the routes are on tun0 instead on vpn0:

0.0.0.0/1 via 10.8.0.1 dev tun0

128.0.0.0/1 via 10.8.0.1 dev tun0

But I get an error if I try to add the routes on tun0. Any idea?

Sthocs ( 2020-05-06 02:00:51 +0200 )edit

I haven't had the time to tackle this, but I guess you could edit the .ovpn file, and add the routes manually... Also, I have to give up using Sailfish OS in my work phone, because there is this application that simply doesn't work with Sailfish, so it looks like I won't be solving this either...

Direc ( 2020-05-24 22:42:34 +0200 )edit
Login/Signup to Answer

Question tools

Follow
2 followers

Stats

Asked: 2019-12-02 15:24:09 +0200

Seen: 623 times

Last updated: Dec 06 '19