ER605 OpenVPN is always in Full Mode
Hello,
Since the last firmware update, which added Full Mode for OpenVPN traffic, the VPN works only in full mode even when it is unchecked.
Current config:
Am I the only one who encounters this behaviour?
Kind regard!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Dear @ispeaknousa
Thank you for your feedback.
Did you re-generate the OpenVPN configure file and apply the new file on your client devices?
- Copy Link
- Report Inappropriate Content
Hi @Hank21,
Thanks for the reply!
I did. I also compared the new .ovpn with the one generated when the Full Mode was enabled, and the only difference where the keys.
Kind regards!
- Copy Link
- Report Inappropriate Content
@ispeaknousa Why are you using your local mask as 16 bits and for VPN mask is 24 bits, running in the same network addresses/segments?
- Copy Link
- Report Inappropriate Content
Hi @ObiWanKenobi,
I'd like that all VPN ips to be in 192.168.1.*, but the VPN clients should be able to access both 192.168.0.* and 192.168.1.* .
Kind regards!
- Copy Link
- Report Inappropriate Content
@ispeaknousa IMO the mask should be 24 (192.168.0.1/24 192.168.0.0/24), and reach networks via NAT/Firewall and not via mask.
- Copy Link
- Report Inappropriate Content
Hi @ObiWanKenobi ,
Well, I'm still in the designated "private network" allocation, so that shouldn't be a problem (I can confirm that clients can access desired resources).
The issue I'm facing is that the clients do cross into internet through VPN.
Kind regards!
- Copy Link
- Report Inappropriate Content
Hi there, try to manually edit the .ovpn file, search for option
redirect-gateway def1
and put an hash before text, like #redirect-gateway def1
save and import the modified .ovpn file on client.
- Copy Link
- Report Inappropriate Content
Hi @Liuck1975,
Unfortunately I don't have the option.
This is the .ovpn config (until the certificates part):
client dev tun proto udp float nobind cipher AES-128-CBC comp-lzo no resolv-retry infinite remote-cert-tls server persist-key auth-user-pass remote <IP> 1194
Kind regards!
- Copy Link
- Report Inappropriate Content
ispeaknousa wrote
Hi @Liuck1975,
Unfortunately I don't have the option.
This is the .ovpn config (until the certificates part):
client dev tun proto udp float nobind cipher AES-128-CBC comp-lzo no resolv-retry infinite remote-cert-tls server persist-key auth-user-pass remote <IP> 1194
Kind regards!
I found on the openvpn site the following instruction that could be useful for your scope:
Method 2: ignore
There are 2 options that can be used to ignore routes pushed by the server:
--route-noexec Don't add or remove routes automatically. Instead pass routes to --route-up script using environmental variables.
--route-nopull When used with --client or --pull, accept options pushed by server EXCEPT for routes and dhcp options like DNS servers. When used on the client, this option effectively bars the server from adding routes to the client's routing table, however note
You can give it a chance!!! :)
- Copy Link
- Report Inappropriate Content
Hi @Liuck1975,
Thank you very much for the options, but my problem is not necessarily of being routed on my PC (I'm on Linux and can configure which traffic to go where), but on every other device (mobile phone, relative's hardware) the options should also be set.
This fix would be only client-side for a server-side issue. The fact is that the server routes traffic outside the network even if it shouldn't. That's what I want to stop from happening (both from client configuration convenience and security perspective).
I'm kind of hoping to get a confirmation if it's a firmware issue, or if someone has it working on ER605 v2.0 in which case it's my router's issue.
Kind regards!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1363
Replies: 10
Voters 0
No one has voted for it yet.