Problem with Lan-Route using VPN

[F.L.]

OK, did an upgrade to latest merlin beta and a factory reset.

Activated PPTP only to test and I still cant access the rest of the network.
Tested with a S4, Nexus 7 and a Windows machine.

Since I´m out of ideas I´ll give up for the moment

 

[Xerxist]

OK, did an upgrade to latest merlin beta and a factory reset.

Activated PPTP only to test and I still cant access the rest of the network.
Tested with a S4, Nexus 7 and a Windows machine.

Since I´m out of ideas I´ll give up for the moment

The only thing I can think of is that the device you are trying to access through VPN doesn't have the gateway defined so it doesn't know the route back.

It's a bit difficult to say as I don't know your setup.

 

[Martineau]

OK, did an upgrade to latest merlin beta and a factory reset.

Activated PPTP only to test and I still cant access the rest of the network.
Tested with a S4, Nexus 7 and a Windows machine.

Since I´m out of ideas I´ll give up for the moment

There is certainly something that certainly borked OpenVPN server on 374.33_beta1 for me at least.

Upgraded from 374.32_0dwrpyd with no NVRAM reset - although with a manual /JFFS format and recovered contents from WinSCp backup.

Samsung SGSII phone and Samsung Tab8.9 both failed to view IP cameras (IP Cam viewer defined using I/P addresses).

Errors in Syslog:

openvpn[2337]: SGSII_EIC/xxx.xxx.xxx.xxx:48994 IP packet with unknown IP version=15 seen


Reinstalled 374.32_0dwrpyd and OpenVPN stills fails to show any of the 5 camera feeds, although fortunately the PPTP connection works from both Android devices.


Reinstalled 374.33_beta1 with NVRAM reset and reconfigured RT-N66U from scratch.


Samsung devices still fail to show canera feeds, and the following error was shown in Syslog:

SGSII_EIC/xxx.xxx.xxx.xxx:44544 Authenticate/Decrypt packet error: cipher final failed

Doh!



Finally (more by chance), I finally got both the Android devices to sucsessfully view the camera feeds via OpenVPN:

As shown below




# Automatically generated configuration
daemon
server 10.8.0.0 255.255.255.0
proto udp
port 1194
dev tun21
cipher AES-128-CBC
comp-lzo yes
keepalive 15 60
verb 3
push "route xxx.xxx.xxx.0 255.255.255.0"
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status

# Custom Configuration

 

[F.L.]

Xerxist: Thanks for the suggestion but I have the issue with all machines on the LAN (including the NAS which I´m sure have gateway defined)
I understand that it is difficult without knowing the complete setup but thanks anyway.


Martineau: At least you got it to work I will try you server conf tomorrow. Maybe that one will do the trick (but I doubt it since PPTP is not working either..)
Anything special in your client conf?

 

[Martineau]

Xerxist: Thanks for the suggestion but I have the issue with all machines on the LAN (including the NAS which I´m sure have gateway defined)
I understand that it is difficult without knowing the complete setup but thanks anyway.


Martineau: At least you got it to work I will try you server conf tomorrow. Maybe that one will do the trick (but I doubt it since PPTP is not working either..)
Anything special in your client conf?

From personal experience I recall Android PPTP was prone to be very hit and miss, as out of 6 Samsung mobile devices 2 simply refused to connect using PPTP, but installing the OpenVPN client this allowed all 6 to connect to their respective RT-N66Us.

A dump of my SGSII OpenVPN Client config window shows:


# Enables connection to GUI
management /data/data/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold

setenv IV_OPENVPN_GUI_VERSION "de.blinkt.openvpn 0.5.43"
# Log window is better readable this way
suppress-timestamps
client
verb 3
connect-retry-max 5
connect-retry 5
resolv-retry 60
dev tun
remote My_DDNS_server 1194 udp
comp-lzo
nobind
cipher AES-128-CBC
persist-tun
# persist-tun also sets persist-remote-ip to avoid DNS resolve problem
persist-remote-ip
# Use system proxy setting
management-query-proxy
# Custom configuration options
# You are on your on own here
# These Options were found in the config file do not map to config settings:
resolv-retry infinite
ns-cert-type server

Regards,

 

[F.L.]

Finally got it to work!
Not sure how really, but I left the router without power over night.
Then today I could connect to some of the PC:s on the LAN using PPTP.
But not the PI.

Reading up on the raspbmc it seems the team added some iptables in their final release.
(The raspbmc auto update)
After removing those I could connect!

Then I used Martineau settings to config OpenVPN on the router and now it seems OK again.

Many thanks to all of you and ofc to RMerlin for this wonderful fw