OpenVPN Connecting, but Traffic doesn't go through

Hello,

I have a clean install of OpenSUSE 13.2 (2 days old), first time I’m using this distro.

I normally use a VPN for everything online, which works fine on multiple windows and Ubuntu computers. I have set it up in OpenSUSE as well (using the same config files). When I click in the network manager to connect, it establishes a connection and seems to be working. Half an hour later I figured it out that actually no traffic was going through the VPN, but everything out in the open. (made me quite mad…)

  • VPN works flawlessly on 3 other computers with the same config
  • Works on Ubuntu linux too(also with openVPN)
  • Tried disabling default firewall, problem still exists
  • traceroute shows that all traffic goes through normal interface not the VPN connection/server
  • Issue affects both wired and wireless connection

Is this a known issue or am I just a special case? What could be the solution? (found a few threads about this, all unresolved)

Thanks in advance.

Ok, so I have managed to get a step “further”.
*
This works form me (under KDE):

  1. Open connection editor from the plasma widget.

  2. Select OpenVPN connection

  3. Select Edit from Connection menu.

  4. Select IPv4 tab

  5. Click Routes button

  6. Uncheck: Use only for resources on this connection*


source: https://bugzilla.opensuse.org/show_bug.cgi?id=904511#c10

However, now I have no internet connection at all. Any suggestions after this point?

(still better than believing that I am protected by a VPN, but yeah still far from the aim.)

You should inspect your routing table after connecting to the VPN.
The command

route

should show entries pointing to the tunnel device (e.g.: “tun0”).

Hendrik

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         VPN             0.0.0.0         UG    1024   0        0 tun0
VPN             *               255.255.255.255 UH    0      0        0 tun0
192.168.178.0   *               255.255.255.0   U     0      0        0 wlp0s20u1

This is the output.

Can you try to start the vpn manually at the command line?

openvpn your_config_file.conf

And, if that works, compare the output of

route

.

Hi,

I had to add the absolute path of the crt and pem files in the conf, but after that it managed to connect.

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.178.1   0.0.0.0         UG    1024   0        0 wlp0s20u1
VPN             192.168.178.1   255.255.255.255 UGH   0      0        0 wlp0s20u1
10.199.1.1      10.199.1.5      255.255.255.255 UGH   0      0        0 tun0
10.199.1.5      *               255.255.255.255 UH    0      0        0 tun0
128.0.0.0       10.199.1.5      128.0.0.0       UG    0      0        0 tun0
192.168.178.0   *               255.255.255.0   U     0      0        0 wlp0s20u1

It seems that I get connected, Thank you!
However my DNS is sill leaking through. Also, there is no GUI notification in the menu bar. Nevertheless, this has narrowed down the problem to the GUI side some(I assume?).

I’ll go ahead and see if I can get rid of the DNS leak first while connecting from the terminal and then look into why the gui isn’t working. Any ideas on that?

No. I stopped using GUIs for this kind of jobs long ago. Saved a lot of time and nerves …

Hendrik

I have set up a script, no problem.

I’m still a bit confused though. ipchicken shows my VPN’s IP, but dnsleaktest.com shows my real IP. However, if I go to dnsleaktest and actually perform a test, it shows only the VPN (!). Why is this happening? I don’t know what to think of this.

Also, are you using any method to detect when the connection is dropped and your data would go unencrypted?

The problem is a missing route entry.

See this:


128.0.0.0       10.199.1.5      128.0.0.0       UG    0      0        0 tun0

It means that only ip addresses > than 128.0.0.0 are going through the VPN.

To doublecheck, type this:


ip route get 8.8.8.8

You’ll see it goes through wlp0s20u1, which is the normal and unencrypted interface.

What is missing is this entry:


0.0.0.0       10.199.1.5      128.0.0.0       UG    0      0        0 tun0

In my experience the problem happens when you use Networkmanager to manage the normal connections and the openvpn daemon (as a service) for the VPN. I guess NetworkManager overrides the routing rules set by OpenVPN.

Ok, so I have managed to resolve this issue by removing NetworkManager completely and installing Wicd instead.

You can get Wicd from http://software.opensuse.org/package/wicd and during the installation process the NetworkManager will be removed automatically. Then by connecting with

sudo openvpn cofingfile

Everything seems OK. Different IP checking websites also seem to show the VPN’s IP only.


sudo ip route get 8.8.8.8
8.8.8.8 via 10.160.1.5 dev tun0  src 10.160.1.6 
    cache 
sudo route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.160.1.5      128.0.0.0       UG    0      0        0 tun0
default         fritz.box       0.0.0.0         UG    0      0        0 wlp0s20u1
VPN             fritz.box       255.255.255.255 UGH   0      0        0 wlp0s20u1
10.160.1.1      10.160.1.5      255.255.255.255 UGH   0      0        0 tun0
10.160.1.5      *               255.255.255.255 UH    0      0        0 tun0
128.0.0.0       10.160.1.5      128.0.0.0       UG    0      0        0 tun0
192.168.178.0   *               255.255.255.0   U     0      0        0 wlp0s20u1