1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Routing issues with OpenVPN on Tomato using iOS client

Discussion in 'Networking Issues' started by dlb9000, Apr 11, 2014.

  1. dlb9000

    dlb9000 Network Newbie Member

    I have successfully set up a second Linksys E2500 router flashed with Shibby's Tomato on my network, and it is functioning just fine. Devices can successfully connect and access other systems on my network, as well as the internet.

    I am now trying to set up a VPN connection between an iOS device and my home network using OpenVPN. I want the ability to access other systems on my home network, as well as route all internet traffic through my home internet connection.

    I am using the OpenVPN client on my iPhone, and am able to successfully establish a VPN connection.

    However, the only address I can successfully ping when connected is 10.8.0.1. I cannot ping any other systems on my network (such as 10.88.55.11), nor can I browse the internet -- implying WAN traffic is not getting routed. So I suspect I am missing some routing rules.

    Any ideas what is wrong with my configuration?

    All configs and (cleansed) logs below.

    Thanks in advance.



    I have the following setup:
    - DLink DIR-655 with stock firmware, connected to my cablemodem
    - Linksys E2500 v2 running Shibby's Tomato
    - OpenVPN configured
    - iPhone 5s with OpenVPN client

    DLink DIR-655 config:
    - IP: 10.88.55.1
    - subnet mask: 255.255.255.0
    - virtual server: 10.88.55.2, udp public port 443, udp private port 443, allow all

    E2500 config:
    - static IP of 10.88.55.2
    - subnet mask: 255.255.255.0
    - wired connection to the DLink DIR-655
    - "router" mode

    Routing rules:
    Destination Gateway / Next Hop Subnet Mask Metric Interface
    10.8.0.2 * 255.255.255.255 0 tun21
    10.88.55.0 * 255.255.255.0 0 br0 (LAN)
    10.8.0.0 10.8.0.2 255.255.255.0 0 tun21
    127.0.0.0 * 255.0.0.0 0 lo
    default 10.88.55.1 0.0.0.0 0 br0 (LAN)

    Mode: Router

    OpenVPN Server Config:
    Interface Type: TUN
    Protocol: UDP
    Port: 443
    Firewall: Automatic
    Authorization Mode: TLS
    Extra HMAC authorization: Disabled
    VPN subnet/netmask: 10.8.0.0 255.255.255.0

    Poll Interval: 0
    Push LAN to clients: checked
    Direct clients to redirect Internet traffic: checked
    Respond to DNS: checked
    Advertise DNS to clients: no
    Encryption cipher: Use default
    Compression: Adaptive
    TLS Renegotiation Time: -1
    Manage Client-Specific Options: no
    Allow User/Pass Auth: no
    Custom Configuration: <none>

    iOS Client ovpn file:
    client
    dev tun
    proto udp
    remote <WAN IP> 443
    resolv-retry infinite
    nobind
    user nobody
    group nobody
    persist-key
    persist-tun
    ns-cert-type server
    comp-lzo
    verb 5
    <ca>
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    </ca>
    <cert>
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    </cert>
    <key>
    -----BEGIN RSA PRIVATE KEY-----
    ...
    -----END RSA PRIVATE KEY-----
    </key>


    E2500 Log (from OpenVPN startup):
    Apr 10 19:36:14 unknown user.info kernel: tun: Universal TUN/TAP device driver, 1.6
    Apr 10 19:36:14 unknown user.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
    Apr 10 19:36:14 unknown user.info kernel: device tun21 entered promiscuous mode
    Apr 10 19:36:15 unknown daemon.notice openvpn[1052]: OpenVPN 2.3.2 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Jan 19 2014
    Apr 10 19:36:15 unknown daemon.notice openvpn[1052]: Diffie-Hellman initialized with 1024 bit key
    Apr 10 19:36:15 unknown daemon.notice openvpn[1052]: Socket Buffers: R=[112640->131072] S=[112640->131072]
    Apr 10 19:36:15 unknown daemon.notice openvpn[1052]: TUN/TAP device tun21 opened
    Apr 10 19:36:15 unknown daemon.notice openvpn[1052]: TUN/TAP TX queue length set to 100
    Apr 10 19:36:15 unknown daemon.notice openvpn[1052]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Apr 10 19:36:15 unknown daemon.notice openvpn[1052]: /sbin/ifconfig tun21 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
    Apr 10 19:36:15 unknown daemon.notice openvpn[1052]: /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
    Apr 10 19:36:15 unknown daemon.notice openvpn[1062]: UDPv4 link local (bound): [undef]
    Apr 10 19:36:15 unknown daemon.notice openvpn[1062]: UDPv4 link remote: [undef]
    Apr 10 19:36:15 unknown daemon.notice openvpn[1062]: MULTI: multi_init called, r=256 v=256
    Apr 10 19:36:15 unknown daemon.notice openvpn[1062]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
    Apr 10 19:36:15 unknown daemon.notice openvpn[1062]: Initialization Sequence Completed
    Apr 10 19:36:19 unknown daemon.err openvpn[1062]: event_wait : Interrupted system call (code=4)
    Apr 10 19:36:19 unknown daemon.notice openvpn[1062]: TITLE,OpenVPN 2.3.2 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Jan 19 2014
    Apr 10 19:36:19 unknown daemon.notice openvpn[1062]: TIME,Thu Apr 10 19:36:19 2014,1397172979
    Apr 10 19:36:19 unknown daemon.notice openvpn[1062]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username
    Apr 10 19:36:19 unknown daemon.notice openvpn[1062]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
    Apr 10 19:36:19 unknown daemon.notice openvpn[1062]: GLOBAL_STATS,Max bcast/mcast queue length,0
    Apr 10 19:36:19 unknown daemon.notice openvpn[1062]: END
    Apr 10 19:43:39 unknown daemon.err openvpn[1062]: event_wait : Interrupted system call (code=4)
    Apr 10 19:43:39 unknown daemon.notice openvpn[1062]: TITLE,OpenVPN 2.3.2 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Jan 19 2014
    Apr 10 19:43:39 unknown daemon.notice openvpn[1062]: TIME,Thu Apr 10 19:43:39 2014,1397173419
    Apr 10 19:43:39 unknown daemon.notice openvpn[1062]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username
    Apr 10 19:43:39 unknown daemon.notice openvpn[1062]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
    Apr 10 19:43:39 unknown daemon.notice openvpn[1062]: GLOBAL_STATS,Max bcast/mcast queue length,0
    Apr 10 19:43:39 unknown daemon.notice openvpn[1062]: END
    Apr 10 20:00:01 unknown syslog.info root: -- MARK --
    Apr 10 20:19:44 unknown daemon.err openvpn[1062]: event_wait : Interrupted system call (code=4)
    Apr 10 20:19:44 unknown daemon.notice openvpn[1062]: TITLE,OpenVPN 2.3.2 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Jan 19 2014
    Apr 10 20:19:44 unknown daemon.notice openvpn[1062]: TIME,Thu Apr 10 20:19:44 2014,1397175584
    Apr 10 20:19:44 unknown daemon.notice openvpn[1062]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username
    Apr 10 20:19:44 unknown daemon.notice openvpn[1062]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
    Apr 10 20:19:44 unknown daemon.notice openvpn[1062]: GLOBAL_STATS,Max bcast/mcast queue length,0
    Apr 10 20:19:44 unknown daemon.notice openvpn[1062]: END
    Apr 10 20:23:16 unknown daemon.err openvpn[1062]: event_wait : Interrupted system call (code=4)
    Apr 10 20:23:16 unknown daemon.notice openvpn[1062]: TITLE,OpenVPN 2.3.2 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Jan 19 2014
    Apr 10 20:23:16 unknown daemon.notice openvpn[1062]: TIME,Thu Apr 10 20:23:16 2014,1397175796
    Apr 10 20:23:16 unknown daemon.notice openvpn[1062]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username
    Apr 10 20:23:16 unknown daemon.notice openvpn[1062]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
    Apr 10 20:23:16 unknown daemon.notice openvpn[1062]: GLOBAL_STATS,Max bcast/mcast queue length,0
    Apr 10 20:23:16 unknown daemon.notice openvpn[1062]: END
    Apr 10 20:38:36 unknown daemon.notice openvpn[1062]: <iPhone WAN IP>:57379 TLS: Initial packet from [AF_INET]<iPhone WAN IP>:57379, sid=3a50a9ff 3901073c
    Apr 10 20:38:37 unknown daemon.notice openvpn[1062]: <iPhone WAN IP>:57379 VERIFY OK: depth=1, C=xx, ST=xx, L=xx, O=xx, CN=xx-OpenVPN, emailAddress=MyMail@gmail.com
    Apr 10 20:38:37 unknown daemon.notice openvpn[1062]: <iPhone WAN IP>:57379 VERIFY OK: depth=0, C=xx, ST=xx, L=xx, O=xx, OU=changeme, CN=iphone-5s, name=changeme, emailAddress=MyMail@gmail.com
    Apr 10 20:38:38 unknown daemon.notice openvpn[1062]: <iPhone WAN IP>:57379 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Apr 10 20:38:38 unknown daemon.notice openvpn[1062]: <iPhone WAN IP>:57379 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Apr 10 20:38:38 unknown daemon.notice openvpn[1062]: <iPhone WAN IP>:57379 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Apr 10 20:38:38 unknown daemon.notice openvpn[1062]: <iPhone WAN IP>:57379 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Apr 10 20:38:38 unknown daemon.notice openvpn[1062]: <iPhone WAN IP>:57379 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Apr 10 20:38:38 unknown daemon.notice openvpn[1062]: <iPhone WAN IP>:57379 [iphone-5s] Peer Connection Initiated with [AF_INET]<iPhone WAN IP>:57379
    Apr 10 20:38:38 unknown daemon.notice openvpn[1062]: iphone-5s/<iPhone WAN IP>:57379 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
    Apr 10 20:38:38 unknown daemon.notice openvpn[1062]: iphone-5s/<iPhone WAN IP>:57379 MULTI: Learn: 10.8.0.6 -> iphone-5s/<iPhone WAN IP>:57379
    Apr 10 20:38:38 unknown daemon.notice openvpn[1062]: iphone-5s/<iPhone WAN IP>:57379 MULTI: primary virtual IP for iphone-5s/<iPhone WAN IP>:57379: 10.8.0.6
    Apr 10 20:38:39 unknown daemon.notice openvpn[1062]: iphone-5s/<iPhone WAN IP>:57379 PUSH: Received control message: 'PUSH_REQUEST'
    Apr 10 20:38:39 unknown daemon.notice openvpn[1062]: iphone-5s/<iPhone WAN IP>:57379 send_push_reply(): safe_cap=940
    Apr 10 20:38:39 unknown daemon.notice openvpn[1062]: iphone-5s/<iPhone WAN IP>:57379 SENT CONTROL [iphone-5s]: 'PUSH_REPLY,route 10.88.55.0 255.255.255.0,redirect-gateway def1,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5' (status=1)
    Apr 10 20:54:40 unknown daemon.warn openvpn[1062]: iphone-5s/<iPhone WAN IP>:57379 IP packet with unknown IP version=2 seen
    Apr 10 20:56:40 unknown daemon.notice openvpn[1062]: iphone-5s/<iPhone WAN IP>:57379 [iphone-5s] Inactivity timeout (--ping-restart), restarting
    Apr 10 20:56:40 unknown daemon.notice openvpn[1062]: iphone-5s/<iPhone WAN IP>:57379 SIGUSR1[soft,ping-restart] received, client-instance restarting


    iOS OpenVPN Client Log:
    2014-04-10 20:38:37 ----- OpenVPN Start (iOS 64-bit) -----
    2014-04-10 20:38:37 UNUSED OPTIONS
    4 [resolv-retry] [infinite]
    5 [nobind]
    6 [user] [nobody]
    7 [group] [nobody]
    8 [persist-key]
    9 [persist-tun]
    12 [verb] [5]

    2014-04-10 20:38:37 LZO-ASYM init swap=0 asym=0
    2014-04-10 20:38:37 EVENT: RESOLVE
    2014-04-10 20:38:37 Contacting <WAN IP>:443 via UDP
    2014-04-10 20:38:37 EVENT: WAIT
    2014-04-10 20:38:37 Connecting to <WAN IP>:443 (<WAN IP>) via UDPv4
    2014-04-10 20:38:37 EVENT: CONNECTING
    2014-04-10 20:38:37 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
    2014-04-10 20:38:37 Peer Info:
    IV_GUI_VER=net.openvpn.connect.ios 1.0.4-140
    IV_VER=3.0
    IV_PLAT=ios
    IV_NCP=1
    IV_LZO=1

    2014-04-10 20:38:38 VERIFY OK: depth=1
    cert. version : 3
    serial number : xx:xx:xx:xx:xx:xx:xx:xx
    issuer name : C=Xx, ST=Xx, L=Xx, O=Xx, CN=Xx-OpenVPN, emailAddress=Mymail@gmail.com
    subject name : C=xx, ST=xx L=Xx, O=Xx, CN=Xx-OpenVPN, emailAddress=Mymail@gmail.com
    issued on : 2014-03-17 00:06:49
    expires on : 2024-03-14 00:06:49
    signed using : RSA+SHA1
    RSA key size : 1024 bits

    2014-04-10 20:38:38 VERIFY OK: depth=0
    cert. version : 3
    serial number : 01
    issuer name : C=Xx, ST=Xx, L=xx, O=Xx, CN=Xx-OpenVPN, emailAddress=Mymail@gmail.com
    subject name : C=xx, ST=xx, L=xx, O=xxxx, OU=changeme, CN=server, 0x29=changeme, emailAddress=Mymail@gmail.com
    issued on : 2014-03-17 00:08:20
    expires on : 2024-03-14 00:08:20
    signed using : RSA+SHA1
    RSA key size : 1024 bits

    2014-04-10 20:38:39 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
    2014-04-10 20:38:39 Session is ACTIVE
    2014-04-10 20:38:40 EVENT: GET_CONFIG
    2014-04-10 20:38:40 Sending PUSH_REQUEST to server...
    2014-04-10 20:38:40 OPTIONS:
    0 [route] [10.88.55.0] [255.255.255.0]
    1 [redirect-gateway] [def1]
    2 [route] [10.8.0.1]
    3 [topology] [net30]
    4 [ping] [15]
    5 [ping-restart] [60]
    6 [ifconfig] [10.8.0.6] [10.8.0.5]

    2014-04-10 20:38:40 LZO-ASYM init swap=0 asym=0
    2014-04-10 20:38:40 EVENT: ASSIGN_IP
    2014-04-10 20:38:40 Google DNS fallback enabled
    2014-04-10 20:38:40 Connected via tun
    2014-04-10 20:38:40 EVENT: CONNECTED @<WAN IP>:443 (<WAN IP>) via /UDPv4 on tun/10.8.0.6/
    2014-04-10 20:38:40 NET WiFi:NotReachable/WR t------
    2014-04-10 20:38:40 NET Internet:ReachableViaWWAN/WR t----l-
     

Share This Page