No internet while connected to OpenVPN server after installing RT-ac68u

[the_townie]

THIS PROBLEM HAS BEEN SOLVED

The new ASUS RT-AC68U was using a different default IP range than the Linksys routers which is why the Linksys Routers would work. The AC68U's default IP range apparently matched another LAN at the office (where the server is). This was causing conflict between the systems which would not allow access to the internet on my machine at home.

Thanks to Rmerlin, Ford Prefect, & ColinTaylor

Hi everyone,

I searched through the forums and have read through as many posts as I can and I have yet to find a solution to my problem.

A little background info: I was using a linksys ea3500 for a while and was able to connect to the OpenVPN server at my office. I did not configure any settings on the router at all for the VPN to work. A few weeks ago, the ea3500 died on me so as a temporary router, I used my old linksys wrt54g. I just plugged it in and let it go. No configuration required. I simply would click on a OpenVPN desktop icon, click connect, type user/pass, and I would be good to go.

Now that I have my new RT-ac68u running the latest merlin build, I am having problems.

I am not using the OpenVPN Client page in the router settings (not sure exactly how to use it). I'm still using the icon.

I can connect to the server and browse the files just fine. However, when I try to view a webpage, it can't connect.

I do not have access to the server config file, but I know that it is set up to allow all traffic through it.


So.... Here's what I'd like to be able to do:

1. Connect to my office OpenVPN server to get what I need there (mainly just files).
2. Instead of routing all of my internet traffic through the office, I'd prefer to keep it local to take advantage of my higher up/down speeds.

I'm not sure what all information you guys need to help me with this, but I'm happy to provide what you need. Please just tell me how and where to get it. I'm by no means a whiz at all this stuff.

Thanks in advance!

 

[Ford Prefect]

I am not using the OpenVPN Client page in the router settings (not sure exactly how to use it). I'm still using the icon.

Just for completeness, what OS and VPN-client are you using on you local system?

I can connect to the server and browse the files just fine. However, when I try to view a webpage, it can't connect.

I do not have access to the server config file, but I know that it is set up to allow all traffic through it.

This is not a matter of the server side to allow all traffic to pass, but if the server will push the default route to you client

So.... Here's what I'd like to be able to do:

1. Connect to my office OpenVPN server to get what I need there (mainly just files).
2. Instead of routing all of my internet traffic through the office, I'd prefer to keep it local to take advantage of my higher up/down speeds.

...not sure if I understand that correctly..
Is the setting/effect for (2) currently active, so you want to change that?
In either case, how do you tell if internet traffic gets routed through VPN towards your office?

I'm not sure what all information you guys need to help me with this, but I'm happy to provide what you need. Please just tell me how and where to get it. I'm by no means a whiz at all this stuff.

Thanks in advance!

Honestly, ATM I do not think that the AC68U is the possible cause to your problem.
Maybe the server-side config has changed or you messed up your local VPN client config in some way..
Can you re-test with the linksys of yours...does the problem persist?
Did you set-up parental control on the ASUS? If DNS queries are not routed through the VPN, this might block I-Net access, but this would be the case even when you're not connected to the office VPN:

 

[the_townie]

Just for completeness, what OS and VPN-client are you using on you local system?

Windows 7 Professional SP1 32bit, OpenVPN GUI v5.

I'm pretty sure the server is set so that it will push the default route to me. When I initially got started with using OpenVPN, I had this problem and the technician that installed it said that he changed the configuration to allow me to access the internet through the connection. He made a change and it immediately started working.

Quote:
So.... Here's what I'd like to be able to do:

1. Connect to my office OpenVPN server to get what I need there (mainly just files).
2. Instead of routing all of my internet traffic through the office, I'd prefer to keep it local to take advantage of my higher up/down speeds.

...not sure if I understand that correctly..
Is the setting/effect for (2) currently active, so you want to change that?
In either case, how do you tell if internet traffic gets routed through VPN towards your office?

To answer your question... I'm not exactly sure that it's being routed through the VPN towards my office, nor do I know exactly how to check that. All I know is that the tech. said he changed the setting so it would all pass through the server which would slow down my connection because the internet speeds at the office are slower than my speeds at home. If it is ALL being routed through the office, I would rather it not. I only want to be able to get to the files I need. I would prefer to let my local machine handle everything else.

Maybe the server-side config has changed or you messed up your local VPN client config in some way...

Unless the config file can change on its own, no one has touched it.

I haven't changed any settings on the Asus other than wireless channels. No parental controls or anything else.

I can unplug the Asus, plug in the old linksys, and it connects to the server and I can access the internet. I can connect straight to the modem as well and all is good.

Thanks!

 

[RMerlin]

Don't forget to run the OpenVPN client with administrator privileges, so it can establish its routes.

While the tunnel is up, see if IP-based traffic still works. Try pinging an IP address, for example:

ping 8.8.8.8

That will tell you if it's a DNS-related issue. You could also try a tracert to see where you traffic is trying to go.

 

[the_townie]

Don't forget to run the OpenVPN client with administrator privileges, so it can establish its routes.

While the tunnel is up, see if IP-based traffic still works. Try pinging an IP address, for example:

ping 8.8.8.8

That will tell you if it's a DNS-related issue. You could also try a tracert to see where you traffic is trying to go.

Here you go.

C:\Windows\system32>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=23ms TTL=47
Reply from 8.8.8.8: bytes=32 time=24ms TTL=47
Reply from 8.8.8.8: bytes=32 time=24ms TTL=47
Reply from 8.8.8.8: bytes=32 time=23ms TTL=47

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 24ms, Average = 23ms

C:\Windows\system32>tracert 8.8.8.8

Tracing route to google-public-dns-a.google.com [8.8.8.8]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  router.asus.com [192.168.1.1]
  2     8 ms     8 ms     7 ms  10.188.96.1
  3    12 ms    10 ms    10 ms  172.30.76.209
  4     9 ms    10 ms    35 ms  172.30.32.65
  5    25 ms    23 ms    23 ms  cr1.nwrla.ip.att.net [12.123.153.38]
  6    25 ms    25 ms    23 ms  cr2.nwrla.ip.att.net [12.123.153.126]
  7    22 ms    25 ms    25 ms  cr1.attga.ip.att.net [12.122.2.145]
  8    22 ms    56 ms    21 ms  12.122.29.205
  9     *        *        *     Request timed out.
 10    23 ms    34 ms    24 ms  72.14.239.100
 11    29 ms    24 ms    25 ms  209.85.142.138
 12    68 ms    68 ms    68 ms  209.85.142.157
 13     *        *        *     Request timed out.
 14    23 ms    23 ms    23 ms  google-public-dns-a.google.com [8.8.8.8]

Trace complete.

One more thing I might mention. When I'm connected to the OpenVPN, I cannot reach the router's web GUI

 

[RMerlin]

This looks like a perfectly working Internet connection to me: you can ping, you can traceroute, and you can even resolve IPs along that traceroute.

 

[the_townie]

I'm not sure where to go from here. You would think that I would be able to view webpages, etc. however, when I go to any webpage, it's unable to load. as soon as I disconnect from the OpenVPN, I can hit refresh and it loads right up.

Like I said above, I can't even access the router's IP address to change router settings,etc. when connected to the VPN

I'm at a loss.

 

[Ford Prefect]

Windows 7 Professional SP1 32bit, OpenVPN GUI v5.

I'm pretty sure the server is set so that it will push the default route to me. When I initially got started with using OpenVPN, I had this problem and the technician that installed it said that he changed the configuration to allow me to access the internet through the connection. He made a change and it immediately started working.



To answer your question... I'm not exactly sure that it's being routed through the VPN towards my office, nor do I know exactly how to check that. All I know is that the tech. said he changed the setting so it would all pass through the server which would slow down my connection because the internet speeds at the office are slower than my speeds at home. If it is ALL being routed through the office, I would rather it not. I only want to be able to get to the files I need. I would prefer to let my local machine handle everything else.



Unless the config file can change on its own, no one has touched it.

I haven't changed any settings on the Asus other than wireless channels. No parental controls or anything else.

I can unplug the Asus, plug in the old linksys, and it connects to the server and I can access the internet. I can connect straight to the modem as well and all is good.

Thanks!

OK, this *is* weird.
I cannot explain why the linksys works for you, while the ASUS does not.
And when using the ASUS, the office access works fine...if there were to be an IP Address conflict, the office access should not work as well, IMHO.
Only thing I could think of, is that the gateway for the default route that gets pushed to you, is on an IP that conflicts with the IP ranges used in your ASUS...maybe you were using other ranges in your old router and the linksys.

Regarding your request to enable internet acess though your local provider when connected with the VPN...well, easiest way would be to ask your sysdmin again and switch it off.
Alternatively, you'll have to change the default route of your Win PC back to pointing at the ASUS IP when the VPN is estabished...don't know if there is an option to run a script in the VPN client after the connection is made.

 

[RMerlin]

I'm not sure where to go from here. You would think that I would be able to view webpages, etc. however, when I go to any webpage, it's unable to load. as soon as I disconnect from the OpenVPN, I can hit refresh and it loads right up.

Like I said above, I can't even access the router's IP address to change router settings,etc. when connected to the VPN

I'm at a loss.

Is there an IP conflict perhaps? Make sure that your LAN, your VPN tunnel, and your office's LAN are all on different IP ranges.

 

[the_townie]

Do you guys have any preferred ranges that are unlikely to be in use? I think the VPN uses 10.x.x.x. If I remember right, the office uses a couple of them between 192.168.1-5.XXX.

Should I use 169.254.0.0 through 169.254.255.255 or 172.16.0.0 through 172.31.255.255? I don't understand all of this completely so your guidance is appreciated. Once I know the range to use, I'll set it up on the router and report back as to whether it fixes the issue or not.

Thanks again guys!

 

[ColinTaylor]

OK this is a bit of a random idea but I'll throw in it anyway.

As I understand it;
1. You can ping and traceroute through the VPN connection with no problem
2. DNS appears to be working correctly
3. You can access files on the remote system.
4. You can't browse to websites with the VPN active.

If the above is true can we assume that this is a browser issue?

That gets me thinking that the browser might need a proxy server setting. I wouldn't expect a corporate LAN to allow web traffic to go straight out necessarily.

But why is it only a problem with the ASUS? Is it because the browser has "Automatically detect settings" turned on in "LAN settings" and the ASUS is overriding the WPAD info being pushed out by the office network? Is it something to do with the "dhcp-option=252,"\n"" line in the ASUS's dnsmasq.conf?

Just a thought.

 

[the_townie]

@Colin
1-4 are true, but as for the rest of your thoughts...I have no idea. That goes right over my head! I'm up for trying whatever I can to get this working.

Thanks!

 

[RMerlin]

the office uses a couple of them between 192.168.1-5.XXX.

There's your problem then. Your home is on 192.168.1.x, and your office as well. Both networks are conflicting. I suspect your Asus uses 192.168.1.1, while your other router uses a different IP.

 

[Ford Prefect]

There's your problem then. Your home is on 192.168.1.x, and your office as well. Both networks are conflicting. I suspect your Asus uses 192.168.1.1, while your other router uses a different IP.

Yep, that's what I thought as well.

@OP...try to use something wide away from the standards, like 192.168.101.x/255.255.255.0 in your home LAN/WLAN setup.

 

[the_townie]

That's what it was. I changed it late last night and got it working.Thank you all for the help. I appreciate it.

Now, for the last part of my original question... How can I test to see whether or not all of my traffic is going through the VPN or if it's just allowing me to get to the files I need and everything else is sent directly? And... what do I need to do to set it that way if it's not?

You guys are awesome! I really appreciate the help.

 

[RMerlin]

That's what it was. I changed it late last night and got it working.Thank you all for the help. I appreciate it.

Now, for the last part of my original question... How can I test to see whether or not all of my traffic is going through the VPN or if it's just allowing me to get to the files I need and everything else is sent directly? And... what do I need to do to set it that way if it's not?

You guys are awesome! I really appreciate the help.

Access a website such as www.whatismyip.com, and see if the displayed IP is your home, or your office's. If it's your office's, it means your Internet traffic is being rerouted through it. if that's the case, tell your server admin to ensure that they don't use "redirect-gateway" on their server's config. There might be other related settings, but I don't know them - I've never actually manually configured a server with redirection enabled.

 

[the_townie]

Access a website such as www.whatismyip.com, and see if the displayed IP is your home, or your office's. If it's your office's, it means your Internet traffic is being rerouted through it. if that's the case, tell your server admin to ensure that they don't use "redirect-gateway" on their server's config. There might be other related settings, but I don't know them - I've never actually manually configured a server with redirection enabled.

I checked the IP it's showing against the server's and it is showing mine. Thanks again to all who helped. Who would've thought something so simple would cause all of these headaches? That's usually how it goes.

This problem has been SOLVED.