OpenVPN client, connected but no internet

Mindspeed Comcerto 2000 based
Post Reply
orrpan
Posts: 9
Joined: Wed Feb 10, 2016 11:40 am

OpenVPN client, connected but no internet

Post by orrpan » Tue Apr 18, 2017 6:28 am

Hi

Used openvpn-openssl package from entware-ng (zyxel-models also installed),
edited the startup script to correct path of tun.ko

in /opt/etc/init.d/S20openvpn

Code: Select all

insmod /opt/net/tun.ko 
to

Code: Select all

insmod /opt/lib/modules/$(uname -r)/kernel/drivers/net/tun.ko
lsmod gives:

Code: Select all

Module                  Size  Used by    Tainted: P  
tun                    10190  2 
so it's loaded.

It is connected (removed the ip and bcast)

Code: Select all

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr: HIDDEN  P-t-P: HIDDEN  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:782 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:77272 (75.4 KiB)
This is the route

Code: Select all

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         HIDDEN1         128.0.0.0       UG    0      0        0 tun0
0.0.0.0         10.0.2.1        0.0.0.0         UG    6      0        0 egiga0
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 egiga0
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 egiga1
HIDDEN2         0.0.0.0         255.255.255.0   U     0      0        0 tun0
128.0.0.0       HIDDEN1         128.0.0.0       UG    0      0        0 tun0
HIDDEN3         10.0.2.1        255.255.255.255 UGH   0      0        0 egiga0
I can ping to make the RX change. But no internet
Anyone got any idea? (I use both eth-ports)

jagdtigger
Posts: 118
Joined: Sat Jun 08, 2013 9:02 am

Re: OpenVPN client, connected but no internet

Post by jagdtigger » Sun Apr 30, 2017 7:41 am

Hi.

Here is a how-to for what you want:
https://openvpn.net/index.php/open-sour ... l#redirect
Zyxel NSA325 [4.81(AAAJ.1) + Metarepo]
Zyxel NAS540 [V5.20(AATB.0) + Metarepo]
Synology DS416

swider
Posts: 14
Joined: Sun Mar 27, 2016 1:05 pm

Re: OpenVPN client, connected but no internet

Post by swider » Tue Sep 19, 2017 8:51 am

but it requires ip_tables nat module which is missing in zymodules opkg package.

Could you share this module for nas540 as well ?

Mijzelf
Posts: 6226
Joined: Mon Jun 16, 2008 10:45 am

Re: OpenVPN client, connected but no internet

Post by Mijzelf » Tue Sep 26, 2017 12:28 pm

I'm afraid that can't be done. The kernel is build without iptables support, and in that case the iptables module just won't fit.

swider
Posts: 14
Joined: Sun Mar 27, 2016 1:05 pm

Re: OpenVPN client, connected but no internet

Post by swider » Tue Sep 26, 2017 1:14 pm

So what you are saying that on latest software (V5.21(AATB.0)) running OpenVPN is not possible ?

I had to revert to previous drop which I received from Zyxel where I've built kernel with such support but I regret that my firmware is not up to date :(

Mijzelf
Posts: 6226
Joined: Mon Jun 16, 2008 10:45 am

Re: OpenVPN client, connected but no internet

Post by Mijzelf » Tue Sep 26, 2017 1:57 pm

swider wrote:So what you are saying that on latest software (V5.21(AATB.0)) running OpenVPN is not possible ?
No. I'm saying that running iptables is (virtually) impossible.

For OpenVPN you only need the tun module, which is available, and works, AFAIK.

I think you only need the iptables nat module, when you want to use the NAS as a VPN gateway to your lan. In that case you could also use a tup interface and bridge that. Here I wrote something about that for firmware <5.10. You can't use that software, but the idea should still work.

jagdtigger
Posts: 118
Joined: Sat Jun 08, 2013 9:02 am

Re: OpenVPN client, connected but no internet

Post by jagdtigger » Sun Oct 01, 2017 2:39 pm

Without NAT it is possible if the kernel supports packet forwarding. You just have to add a static route in your router for the VPN subnet.
Zyxel NSA325 [4.81(AAAJ.1) + Metarepo]
Zyxel NAS540 [V5.20(AATB.0) + Metarepo]
Synology DS416

Post Reply