Revision history [back]
 | 1 | initial version | posted 2017-07-10 16:47:10 +0200 |
VPN Client: Openvpn is not routing traffic through VPN
VPN Client: Openvpn is not routing traffic through VPN
I observed the following routing table, if I manually use openvpn on the CLI:
0.0.0.0/1 via 10.0.0.5 dev tun0
default via 192.168.0.100 dev wlan0
10.0.0.1 via 10.0.0.5 dev tun0
10.0.0.5 dev tun0 proto kernel scope link src 10.0.0.6
<vpn-ip> via 192.168.0.100 dev wlan0
128.0.0.0/1 via 10.0.0.5 dev tun0
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.100
192.168.0.100 dev wlan0 scope link
with the VPN Client the following routing table is created:
default via 192.168.0.100 dev wlan0
10.0.0.1 via 10.0.0.5 dev vpn0
10.0.0.5 dev vpn0 proto kernel scope link src 10.0.0.6
<vpn-ip> via 192.168.0.100 dev wlan0
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.100
192.168.0.100 dev wlan0 scope link
Is this a bug, or is it the intended behavior? The traffic is not per default routed through the VPN. Suggestions how to make it possible?
I tried:
ip route add default via 10.0.0.5
which gave back the following error: "RTNETLINK answers: File exists"
Configs:
First page:
- Server address
- Certificate Authority file
- OpenVPN password file
Advanced page:
- Protocol type LZO Compression = adaptive
- Prevent caching credentials
- Enforce remote certificate type = server
Info: The OpenVpn configuration file crashes the VPN Client.
Log:
Jul 10 00:00:01 Sailfish openvpn[26397]: OpenVPN 2.3.6 armv7l-unknown-linux-gnueabi [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov 27 2016
Jul 10 00:00:01 Sailfish openvpn[26397]: library versions: OpenSSL 1.0.2h-fips 3 May 2016, LZO 2.09
Jul 10 00:00:01 Sailfish openvpn[26397]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 00:00:01 Sailfish openvpn[26397]: UDPv4 link local: [undef]
Jul 10 00:00:01 Sailfish openvpn[26397]: UDPv4 link remote: [AF_INET]<vpn-ip>:<vpn-port>
Jul 10 00:00:03 Sailfish openvpn[26397]: [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Peer Connection Initiated with [AF_INET]<vpn-ip>:<vpn-port>
Jul 10 00:00:05 Sailfish openvpn[26397]: TUN/TAP device vpn0 opened
Jul 10 00:00:05 Sailfish openvpn[26397]: /usr/lib/connman/scripts/openvpn-script vpn0 1500 1570 10.0.0.6 10.0.0.5 init
Jul 10 00:00:05 Sailfish openvpn[26397]: Initialization Sequence Completed
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: ipconfig state 4 ipconfig method 1
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
| | 2 | No.2 Revision |
VPN Client: Openvpn is not routing traffic through VPN
VPN Client: Openvpn is not routing traffic through VPN
I observed the following routing table, if I manually use openvpn on the CLI:
0.0.0.0/1 via 10.0.0.5 dev tun0
default via 192.168.0.100 dev wlan0
10.0.0.1 via 10.0.0.5 dev tun0
10.0.0.5 dev tun0 proto kernel scope link src 10.0.0.6
<vpn-ip> via 192.168.0.100 dev wlan0
128.0.0.0/1 via 10.0.0.5 dev tun0
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.100
192.168.0.100 192.168.0.1 dev wlan0 scope link
with the VPN Client the following routing table is created:
default via 192.168.0.100 dev wlan0
10.0.0.1 via 10.0.0.5 dev vpn0
10.0.0.5 dev vpn0 proto kernel scope link src 10.0.0.6
<vpn-ip> via 192.168.0.100 dev wlan0
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.100
192.168.0.100 192.168.0.1 dev wlan0 scope link
Is this a bug, or is it the intended behavior? The traffic is not per default routed through the VPN. Suggestions how to make it possible?
I tried:
ip route add default via 10.0.0.5
which gave back the following error: "RTNETLINK answers: File exists"
Configs:
First page:
- Server address
- Certificate Authority file
- OpenVPN password file
Advanced page:
- Protocol type LZO Compression = adaptive
- Prevent caching credentials
- Enforce remote certificate type = server
Info: The OpenVpn configuration file crashes the VPN Client.
Log:
Jul 10 00:00:01 Sailfish openvpn[26397]: OpenVPN 2.3.6 armv7l-unknown-linux-gnueabi [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov 27 2016
Jul 10 00:00:01 Sailfish openvpn[26397]: library versions: OpenSSL 1.0.2h-fips 3 May 2016, LZO 2.09
Jul 10 00:00:01 Sailfish openvpn[26397]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 00:00:01 Sailfish openvpn[26397]: UDPv4 link local: [undef]
Jul 10 00:00:01 Sailfish openvpn[26397]: UDPv4 link remote: [AF_INET]<vpn-ip>:<vpn-port>
Jul 10 00:00:03 Sailfish openvpn[26397]: [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Peer Connection Initiated with [AF_INET]<vpn-ip>:<vpn-port>
Jul 10 00:00:05 Sailfish openvpn[26397]: TUN/TAP device vpn0 opened
Jul 10 00:00:05 Sailfish openvpn[26397]: /usr/lib/connman/scripts/openvpn-script vpn0 1500 1570 10.0.0.6 10.0.0.5 init
Jul 10 00:00:05 Sailfish openvpn[26397]: Initialization Sequence Completed
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: ipconfig state 4 ipconfig method 1
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
| | 3 | No.3 Revision |
VPN Client: Openvpn is not routing traffic through VPN
VPN Client: Openvpn is not routing traffic through VPN
I observed the following routing table, if I manually use openvpn on the CLI:
0.0.0.0/1 via 10.0.0.5 dev tun0
default via 192.168.0.100 dev wlan0
10.0.0.1 via 10.0.0.5 dev tun0
10.0.0.5 dev tun0 proto kernel scope link src 10.0.0.6
<vpn-ip> via 192.168.0.100 dev wlan0
128.0.0.0/1 via 10.0.0.5 dev tun0
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.100
192.168.0.1 dev wlan0 scope link
with the VPN Client the following routing table is created:
default via 192.168.0.100 dev wlan0
10.0.0.1 via 10.0.0.5 dev vpn0
10.0.0.5 dev vpn0 proto kernel scope link src 10.0.0.6
<vpn-ip> via 192.168.0.100 dev wlan0
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.100
192.168.0.1 dev wlan0 scope link
Is this a bug, or is it the intended behavior? The traffic is not per default routed through the VPN. Suggestions how to make it possible?
I tried:
ip route add default via 10.0.0.5
which gave back the following error: "RTNETLINK answers: File exists"
Configs:
First page:
- Server address
- Certificate Authority file
- OpenVPN password file
Advanced page:
- Protocol type LZO Compression = adaptive
- Prevent caching credentials
- Enforce remote certificate type = server
Info: The OpenVpn configuration file crashes the VPN Client.
Log:
Jul 10 00:00:01 Sailfish openvpn[26397]: OpenVPN 2.3.6 armv7l-unknown-linux-gnueabi [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov 27 2016
Jul 10 00:00:01 Sailfish openvpn[26397]: library versions: OpenSSL 1.0.2h-fips 3 May 2016, LZO 2.09
Jul 10 00:00:01 Sailfish openvpn[26397]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 00:00:01 Sailfish openvpn[26397]: UDPv4 link local: [undef]
Jul 10 00:00:01 Sailfish openvpn[26397]: UDPv4 link remote: [AF_INET]<vpn-ip>:<vpn-port>
Jul 10 00:00:03 Sailfish openvpn[26397]: [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Peer Connection Initiated with [AF_INET]<vpn-ip>:<vpn-port>
Jul 10 00:00:05 Sailfish openvpn[26397]: TUN/TAP device vpn0 opened
Jul 10 00:00:05 Sailfish openvpn[26397]: /usr/lib/connman/scripts/openvpn-script vpn0 1500 1570 10.0.0.6 10.0.0.5 init
Jul 10 00:00:05 Sailfish openvpn[26397]: Initialization Sequence Completed
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: ipconfig state 4 ipconfig method 1
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Edit: It is fixed for me in SF OS 2.1.1.26, but now a new bug arose:
If you disconnect from the VPN and reconnect to it again and get a new IP address from the VPN Server, the old address is not flushed from the routing table.
Is this behavior intended? Thanks for your investigation.
default dev vpn0 scope link
10.13.10.1 via 10.13.10.5 dev vpn0
10.13.10.5 dev vpn0 proto kernel scope link src 10.13.10.6
.
.
.
10.3.10.1 via 10.2.10.5 dev vpn0
10.2.10.1 via 10.3.10.5 dev vpn0
10.1.10.1 via 10.4.10.5 dev vpn0
<vpn-ip> via 192.168.0.100 dev wlan0
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.100
192.168.0.1 dev wlan0 scope link
<vpn-ns1> dev vpn0 scope link
<vpn-ns2> dev vpn0 scope link
| | 4 | No.4 Revision |
VPN Client: Openvpn is not routing traffic through VPN
VPN Client: Openvpn is not routing traffic through VPN
I observed the following routing table, if I manually use openvpn on the CLI:
0.0.0.0/1 via 10.0.0.5 dev tun0
default via 192.168.0.100 dev wlan0
10.0.0.1 via 10.0.0.5 dev tun0
10.0.0.5 dev tun0 proto kernel scope link src 10.0.0.6
<vpn-ip> via 192.168.0.100 dev wlan0
128.0.0.0/1 via 10.0.0.5 dev tun0
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.100
192.168.0.1 dev wlan0 scope link
with the VPN Client the following routing table is created:
default via 192.168.0.100 dev wlan0
10.0.0.1 via 10.0.0.5 dev vpn0
10.0.0.5 dev vpn0 proto kernel scope link src 10.0.0.6
<vpn-ip> via 192.168.0.100 dev wlan0
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.100
192.168.0.1 dev wlan0 scope link
Is this a bug, or is it the intended behavior? The traffic is not per default routed through the VPN. Suggestions how to make it possible?
I tried:
ip route add default via 10.0.0.5
which gave back the following error: "RTNETLINK answers: File exists"
Configs:
First page:
- Server address
- Certificate Authority file
- OpenVPN password file
Advanced page:
- Protocol type LZO Compression = adaptive
- Prevent caching credentials
- Enforce remote certificate type = server
Info: The OpenVpn configuration file crashes the VPN Client.
Log:
Jul 10 00:00:01 Sailfish openvpn[26397]: OpenVPN 2.3.6 armv7l-unknown-linux-gnueabi [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov 27 2016
Jul 10 00:00:01 Sailfish openvpn[26397]: library versions: OpenSSL 1.0.2h-fips 3 May 2016, LZO 2.09
Jul 10 00:00:01 Sailfish openvpn[26397]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 00:00:01 Sailfish openvpn[26397]: UDPv4 link local: [undef]
Jul 10 00:00:01 Sailfish openvpn[26397]: UDPv4 link remote: [AF_INET]<vpn-ip>:<vpn-port>
Jul 10 00:00:03 Sailfish openvpn[26397]: [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Peer Connection Initiated with [AF_INET]<vpn-ip>:<vpn-port>
Jul 10 00:00:05 Sailfish openvpn[26397]: TUN/TAP device vpn0 opened
Jul 10 00:00:05 Sailfish openvpn[26397]: /usr/lib/connman/scripts/openvpn-script vpn0 1500 1570 10.0.0.6 10.0.0.5 init
Jul 10 00:00:05 Sailfish openvpn[26397]: Initialization Sequence Completed
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: ipconfig state 4 ipconfig method 1
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Time request for server <time-server-ip?> failed (101/Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Jul 10 00:00:05 Sailfish connmand[624]: Adding host route failed (Network is unreachable)
Edit: It is fixed for me in SF OS 2.1.1.26, but now a new bug arose:
If you disconnect from the VPN and reconnect to it again and get a new IP address from the VPN Server, the old address is not flushed from the routing table.
Is this behavior intended? Thanks for your investigation.
default dev vpn0 scope link
10.13.10.1 via 10.13.10.5 dev vpn0
10.13.10.5 dev vpn0 proto kernel scope link src 10.13.10.6
.
.
.
10.3.10.1 via 10.2.10.5 dev vpn0
10.2.10.1 via 10.3.10.5 dev vpn0
10.1.10.1 via 10.4.10.5 dev vpn0
<vpn-ip> via 192.168.0.100 dev wlan0
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.100
192.168.0.1 dev wlan0 scope link
<vpn-ns1> dev vpn0 scope link
<vpn-ns2> dev vpn0 scope link
Edit2:
new thread opened on https://together.jolla.com/question/166581/vpn-client-openvpn-is-not-flushing-recent-connections/
closing this one...