OpenVPN client not tunneling all traffic via VPN connection

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
danymogh
Posts: 7
Joined: Tue Dec 23, 2014 4:03 pm

OpenVPN client not tunneling all traffic via VPN connection

Post by danymogh » Wed Mar 15, 2023 10:48 am

Hello,

I have Softether VPN server v4.41-9782-beta and I can connect and browse the web in a restricted country with no problems on PC and android with OpenVPN. however on linux , openvpn says it has connected to the server but no traffic is being redirected to the VPN server
here is the log

Code: Select all

sudo openvpn --config profile.ovpn
2023-03-15 14:39:46 Note: cipher 'AES-128-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2023-03-15 14:39:46 OpenVPN 2.6.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-03-15 14:39:46 library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
2023-03-15 14:39:46 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-03-15 14:39:46 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:443
2023-03-15 14:39:46 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-03-15 14:39:46 Attempting to establish TCP connection with [AF_INET]x.x.x.x:443
2023-03-15 14:39:46 TCP connection established with [AF_INET]x.x.xx:443
2023-03-15 14:39:46 TCPv4_CLIENT link local: (not bound)
2023-03-15 14:39:46 TCPv4_CLIENT link remote: [AF_INET]x.x.x.x:443
2023-03-15 14:39:46 TLS: Initial packet from [AF_INET]x.x.x.x:443, sid=6201b446 92b9b4bf
2023-03-15 14:39:46 VERIFY OK: depth=0, CN=ubuntu-custom-mn1, O=ubuntu-custom-mn1, OU=ubuntu-custom-mn1, C=US
2023-03-15 14:39:46 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-03-15 14:39:46 [ubuntu-custom-mn1] Peer Connection Initiated with [AF_INET]x.x.x.x:443
2023-03-15 14:39:46 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-03-15 14:39:46 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-03-15 14:39:48 SENT CONTROL [ubuntu-custom-mn1]: 'PUSH_REQUEST' (status=1)
2023-03-15 14:39:49 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.10.30.21 10.10.30.22,dhcp-option DNS 10.10.10.1,dhcp-option DNS 1.1.1.1,route-gateway 10.10.30.22,redirect-gateway def1'
2023-03-15 14:39:49 OPTIONS IMPORT: timers and/or timeouts modified
2023-03-15 14:39:49 OPTIONS IMPORT: --ifconfig/up options modified
2023-03-15 14:39:49 OPTIONS IMPORT: route options modified
2023-03-15 14:39:49 OPTIONS IMPORT: route-related options modified
2023-03-15 14:39:49 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-03-15 14:39:49 Using peer cipher 'AES-128-CBC'
2023-03-15 14:39:49 net_route_v4_best_gw query: dst 0.0.0.0
2023-03-15 14:39:49 net_route_v4_best_gw result: via 192.168.180.202 dev wlan0
2023-03-15 14:39:49 ROUTE_GATEWAY 192.168.180.202/255.255.255.0 IFACE=wlan0 HWADDR=xx:xx:xx:xx:xx:xx
2023-03-15 14:39:49 TUN/TAP device tun0 opened
2023-03-15 14:39:49 net_iface_mtu_set: mtu 1500 for tun0
2023-03-15 14:39:49 net_iface_up: set tun0 up
2023-03-15 14:39:49 net_addr_ptp_v4_add: 10.10.30.21 peer 10.10.30.22 dev tun0
2023-03-15 14:39:49 net_route_v4_add: xx.xx.xx.xx/32 via 192.168.180.202 dev [NULL] table 0 metric -1
2023-03-15 14:39:49 net_route_v4_add: 0.0.0.0/1 via 10.10.30.22 dev [NULL] table 0 metric -1
2023-03-15 14:39:49 net_route_v4_add: 128.0.0.0/1 via 10.10.30.22 dev [NULL] table 0 metric -1
2023-03-15 14:39:49 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2023-03-15 14:39:49 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-03-15 14:39:49 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2023-03-15 14:39:49 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-03-15 14:39:49 Initialization Sequence Completed
here is my client .ovpn file generated by softether and modified a little

Code: Select all

client
dev tun
proto tcp
;THE IP OF THE REMOTE OPENVPN SERVER:
remote x.x.x.x 443

tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256

cipher AES-128-CBC
data-ciphers AES-128-CBC
auth SHA1

resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3

... redacted [contains CA and user cert and keys]
what am i missing? I've googled this issue and it seems I need to manually add some entries via iptable. is there a way to do this via the ovpn profile? or from server side?

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: OpenVPN client not tunneling all traffic via VPN connection

Post by solo » Thu Mar 16, 2023 1:03 am

Connect to one of the 219.100.37.x OVPNs at https://www.vpngate.net/EN/ then post OVPN connection log and:

Code: Select all

route -n
ip route
ip rule
traceroute 9.9.9.9
iptables -S
ufw status
cat /proc/sys/net/ipv4/ip_forward

Post Reply