Armbian, OpenVPN connects, but no browsing, ping or DNS resolution.

mjoycemjoyce
in Linux VPN Setup
Hello,

I'm running Armbian on an Orange Pi PC, and have followed the instruction to setup Openvpn for PIA.
When I connect via the Network Manager, it report success, but it's not usable.  Browsing, DNS and PING, do not work.

Here's my network config after connecting
eth0      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx  
          inet addr:192.168.0.20  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::7c7d:18ff:fe96:3256/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5939 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2344 errors:2 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4422825 (4.4 MB)  TX bytes:266632 (266.6 KB)
          Interrupt:114 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:802 (802.0 B)  TX bytes:802 (802.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.9.10.6  P-t-P:10.9.10.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:118650 errors:0 dropped:116221 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:176124699 (176.1 MB)

ip route
default via 10.9.10.5 dev tun0  proto static  metric 50 
default via 192.168.0.1 dev eth0  proto static  metric 100 
10.9.10.1 via 10.9.10.5 dev tun0  proto static  metric 50 
10.9.10.5 dev tun0  proto kernel  scope link  src 10.9.10.6  metric 50 
169.254.0.0/16 dev eth0  scope link  metric 1000
When I disconnect, connectivity returns.

I'm not sure how to proceed.
Any advice?




 

Comments

  • mjoycemjoyce
    When I connect via cli, I see an error.
    Mon Jan 22 11:43:58 2018 OpenVPN 2.3.10 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Mon Jan 22 11:43:58 2018 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Enter Auth Username: ********
Enter Auth Password: **********
Mon Jan 22 11:44:13 2018 UDPv4 link local: [undef]
Mon Jan 22 11:44:13 2018 UDPv4 link remote: [AF_INET]82.102.27.75:1198
Mon Jan 22 11:44:14 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jan 22 11:44:15 2018 [4bc2ae59c22661aedb07642d186c783c] Peer Connection Initiated with [AF_INET]82.102.27.75:1198
Mon Jan 22 11:44:18 2018 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
Mon Jan 22 11:44:18 2018 Exiting due to fatal error


  • martoufmartouf
    sudo openvpn config-file.ovpn --verb 3 &

    contents of resolv.conf part of "network configuration" .. also iptables rules.  interface list and route table shown already looks good.
  • Max-PMax-P
    Something actually feels off about this routing table:

    You have a default route to 192.168.0.1 as one would expect for a home setup:
    default via 192.168.0.1 dev eth0  proto static  metric 100 
    However, there is no route for 192.168.0.0/24 in that routing table, but instead an IPv4 autoconfigured:
    169.254.0.0/16 dev eth0  scope link  metric 1000
    Therefore for this machine shouldn't have network access at all, and in turn that means OpenVPN have no way to send its packets to PIA.

    Can you give us the logs NetworkManager produced, as it's likely that OpenVPN itself printed some errors?
    grep -i openvpn /var/log/syslog


  • mjoycemjoyce
    Max-P said:

    Can you give us the logs NetworkManager produced, as it's likely that OpenVPN itself printed some errors?
    grep -i openvpn /var/log/syslog


    This is the result, directly after connecting vpn via Network Manger.
    Jan 23 11:33:52 localhost NetworkManager[441]: (nm-openvpn-service:21312): nm-openvpn-WARNING **: Directory '/var/lib/openvpn/chroot' not usable for chroot by 'nm-openvpn', openvpn will not be chrooted.
Jan 23 11:33:52 localhost NetworkManager[441]: nm-openvpn-Message: openvpn[21319] started
Jan 23 11:33:52 localhost nm-openvpn[21319]: OpenVPN 2.3.10 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Jan 23 11:33:52 localhost nm-openvpn[21319]: library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Jan 23 11:33:52 localhost nm-openvpn[21319]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 23 11:33:52 localhost nm-openvpn[21319]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Jan 23 11:33:52 localhost nm-openvpn[21319]: UDPv4 link local: [undef]
Jan 23 11:33:52 localhost nm-openvpn[21319]: UDPv4 link remote: [AF_INET]137.59.252.183:1198
Jan 23 11:33:52 localhost nm-openvpn[21319]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
Jan 23 11:33:52 localhost nm-openvpn[21319]: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
Jan 23 11:33:52 localhost nm-openvpn[21319]: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Jan 23 11:33:52 localhost nm-openvpn[21319]: [35660c2381babdaa509536eba24fffe6] Peer Connection Initiated with [AF_INET]137.59.252.183:1198
Jan 23 11:33:55 localhost nm-openvpn[21319]: TUN/TAP device tun0 opened
Jan 23 11:33:55 localhost nm-openvpn[21319]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --bus-name org.freedesktop.NetworkManager.openvpn.Connection_4 --tun -- tun0 1500 1558 10.27.10.6 10.27.10.5 init
Jan 23 11:33:55 localhost nm-openvpn[21319]: GID set to nm-openvpn
Jan 23 11:33:55 localhost nm-openvpn[21319]: UID set to nm-openvpn
Jan 23 11:33:55 localhost nm-openvpn[21319]: Initialization Sequence Completed


  • Max-PMax-P
    This seems fine to me. I was expecting it to maybe complain about not knowing how to set up the default gateway but everything looks fine.

    Can you paste us the output of "ip ro" both before connecting and while connected to the VPN so we can compare the two?
Sign In or Register to comment.