<---- template headericclude ----->
OpenVPN (client) connection issues with certain LAN setup (home)
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 12 of 12
  1. #1
    Join Date
    May 2006
    Posts
    299
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    OpenVPN (client) connection issues with certain LAN setup (home)

    I've done a lot of testing and I've identified and cleared up a lot of factors in this problem, so I hope it helps you guys to figure this out.

    Problem: OpenVPN (client, through "sudp openvpn --config client.ovpn" command) connects, but after initialization completes, it behaves as if I have no internet connection. Adapter is on, tray icon is ok, but trying to browse to anything (even just google) either gets an error or tries (and fails) to load forever (throbber icon in browser tabs just keep spinning to no avail).

    When/Where does this happen:
    1.) In my main desktop ("Computer A" from here on), running Fedora 25, at my home LAN.
    2.) In my main laptop ("Computer B" from here on), running Fedora 25, at my home LAN
    3.) In my secondary laptop ("Computer C" from here on) running Ubuntu 17.04 (just an extra factor I tested to see if it is a general linux problem, and not just Fedora) at my home LAN.
    4.) [UPDATE] Computer C, swapped in a different SSD, running CentOS 7.3 now, at my home LAN.

    Scenarios tested when/where this does NOT happen (i.e., OpenVPN client works perfectly fine):
    1.) Computer A, at home LAN, when I boot into Windows 7.
    2.) Computer B, running Fedora 25, at my friend's house (different LAN)
    3.) Android smartphone, running the official OpenVPN app, on any LAN I've tested so far.

    (Note: all of these tests connect to the same VPN server at work)

    From all the test cases above, these are some sticky factors we gathered:
    a.) The Android client and Windows client don't seem to have a problem.
    b.) Linux distros (Fedora 25, Ubuntu 17.04, CentOS 7.3) encounter the problem, but only at my home LAN, since they work at my friend's house / LAN.

    What's the difference between my LAN at home and at my friend's house?
    My friend has only 1 network device at his house - his ISP's wifi-router. His computer and our laptops/phones connect to it directly.
    At my home, I connect to a wifi network switch in my room, which is just an extension of the main wifi swtich in the living room (signal issues), which in turn is connected to my ISP-provided router. It doesn't matter which switch I am connected to (my room switch or the living room switch), openvpn client just doesn't work.

    If I emulate my friend's LAN setup (by plugging my laptop directly to the ISP-provided router), voila! OpenVPN works as expected.


    Concluding take-aways, so far:
    It seems to me like a NetworkManager problem, or at least something in the network stack of current linux distros, that don't play well with my LAN setup / network devices. On the same network, the Android and Windows clients work fine, only the Fedora/Ubuntu/CentOS distros don't (haven't tested any other distros). But when plugged directly to the ISP-router, they are fine.

    At this point, I don't even know what to check anymore. Making this thread to get suggestions of what to try.
    Last edited by jvroig; 12th June 2017 at 05:24 AM. Reason: Added CentOS 7.3 to the distros tested and that displays same issue

  2. #2
    Join Date
    Jan 2010
    Posts
    8,205
    Mentioned
    13 Post(s)
    Tagged
    0 Thread(s)

    Re: OpenVPN (client) connection issues with certain LAN setup (home)

    The only thing I can offer is that I don't use NetworkManager and openvpn works perfectly for me.
    What happens if you disable NetworkManager.service, reboot, use dhclient to get an address for your ethernet card and then try to connect?

  3. #3
    Join Date
    May 2006
    Posts
    299
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: OpenVPN (client) connection issues with certain LAN setup (home)

    H, smr54.

    Thanks for the suggestion, I was thinking about disabling NetworkManager. I don't know how to get my network up using dhclient, though. After some googling, is it as simple as this?
    Code:
    dhclient -r && dhclient eth0
    dhclient -r && dhclient wlp3s0
    (eth0 for wired [PC] and wlp3s0 for wifi [laptop])

    Also, another update to the thread as a whole:

    I used Computer C (secondary laptop, as per original post) and installed CentOS 7.3 on it (swapped a different SSD into it). It exhibits the exact same symptoms - so that's Fedora 25, Ubuntu 17.04, and CentOS 7.3 all with the same issue. It really has to be something in the linux networking stack that they all have in common (like NM).

    I'll update the OP with this info, so it's all centralized there in case of new visitors to this thread.

  4. #4
    Join Date
    Jan 2011
    Posts
    193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: OpenVPN (client) connection issues with certain LAN setup (home)

    FWIW: I use NetworkManager on 2 Fedora 25 and 1 Arch systems with no problems and have used 2 different VPN providers, so doubt that is the basic problem.
    Didn't notice that you stated such, have you confirmed that computers are actually connecting to your home network?

  5. #5
    Join Date
    Jan 2010
    Posts
    8,205
    Mentioned
    13 Post(s)
    Tagged
    0 Thread(s)

    Re: OpenVPN (client) connection issues with certain LAN setup (home)

    I have a somewhat dated page on taking NetworkManager out of the equation at http://srobb.net/wireless.html

    It also explains how to get wireless working on the command line. As for bringing the card up afterwards, you would edit /etc/sysconfig/network-scripts/ifcfg-eth0, see that it's set to dhcp and to come up on boot (if that's what you want) and enable the network service. But first, see if NetworkManager is the issue.

  6. #6
    Join Date
    May 2006
    Posts
    299
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: OpenVPN (client) connection issues with certain LAN setup (home)

    Quote Originally Posted by zuser
    FWIW: I use NetworkManager on 2 Fedora 25 and 1 Arch systems with no problems and have used 2 different VPN providers, so doubt that is the basic problem.
    Didn't notice that you stated such, have you confirmed that computers are actually connecting to your home network?
    Thanks for contributing, zuser. To answer your query, yes, as long as I'm not enabling openvpn (through the terminal with "openvpn --config client.ovpn"), network/internet access is just fine.

    And to recap, and why I think the problem is some tricky thing in how Linux deals with stuff internally in the network stack:
    1.) In a simpler home network configuration (where all devices - wireless and wired - just connect directly to the ISP modem router), everything works as expected with openVPN (Windows client, Android client, Fedora25 / Ubuntu 17.04 / CentOS 7.3)

    2.) In my specific home network configuration, though, where I have two different wifi-switches connected to the ISP router, and all devices connect to one of those two switches instead of the ISP router directly, openvpn in Fedora / Ubuntu / CentOS don't work. But the Windows and Android clients still work as expected.

    So that's kind of how it shakes out. It's not that the openvpn client just flat out doesn't work all the time. It does work, as long as my network connection is directly through the ISP router. But when I'm connected to a switch that is connected to the router, then the Linux openvpn clients get borked, even though the Android and Windows ones just keep trucking.



    Hey smr54.

    Thanks for the link! That'll definitely be useful when I continue my home-debugging by Friday.



    Will update this when I have new info. In the meantime, if there are any other items/factors you guys think I should check (e.g., specific features/settings in my switches that may cause issues in Linux) or similar tips, I'll be glad to get them. I'm not really a network person, so I don't know all the network wizardry stuff that you guys do.

  7. #7
    Join Date
    May 2006
    Posts
    299
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: OpenVPN (client) connection issues with certain LAN setup (home)

    Got back home and did another round of verification.

    First:
    Was able to recreate all critical points in OP, so the issue is exactly as detailed in the OP, with all its subtleties (nothing is just flat-out broken in a straightforward manner, which would be far easier to troubleshoot)

    Second:
    Did as smr54 suggested, disabled NetworkManager and enabled my network card (wireless, in this case) through old-school commandline wizardry (as per his very clear and wonderful guide, which he linked to earlier).

    Unfortunately, the exact same symptoms appear. I just can't make a vpn tunnel through the Linux client unless my network connection is directly connected to my ISP modem router.

    Theories:
    1.) It could simply be that the OpenVPN server isn't updated. After all, the android client doesn't auto update, nor does the windows client, but the Linux client does (since the ones in the repo are "new" and I'm using the latest distros).

    2.) Or, it could be a setting in my wifi router (that's in-between my computers and the ISP modem router) that just has something I need to toggle to make it friendly to linux-based openvpn client? That's kind of a stretch, but I'm all ears to any suggestion. I have full access to the router now (I got my credentials from an old backup), it's a D-Link DIR-600L model.

  8. #8
    Join Date
    Jan 2010
    Posts
    8,205
    Mentioned
    13 Post(s)
    Tagged
    0 Thread(s)

    Re: OpenVPN (client) connection issues with certain LAN setup (home)

    Thanks for the kind words about the guide,sorry it was for naught. Some routers do have a checkbox to allow various forms of VPN, so, though these days that usually isn't necessary, maybe there is a setting in it.

    http://forums.dlink.com/index.php?topic=13352.0 was found with a cursory google. Whether it has any use for you, I don't know.

  9. #9
    Join Date
    May 2006
    Posts
    299
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: OpenVPN (client) connection issues with certain LAN setup (home)

    I wasn't alerted there was a new reply here, sorry!

    Thanks for that link smr54! That looks very promising, will try it out!

    (I've been busy at work, this home issue was put in the backburner, but I'd be very happy to get this fixed!)

  10. #10
    Join Date
    Jan 2010
    Posts
    8,205
    Mentioned
    13 Post(s)
    Tagged
    0 Thread(s)

    Re: OpenVPN (client) connection issues with certain LAN setup (home)

    Don't worry about it, just update once you've checked, in case it can help others. Even if it doesn't work, it can save them some time.

  11. #11
    Join Date
    May 2006
    Posts
    299
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: OpenVPN (client) connection issues with certain LAN setup (home)

    Update: Tried out the instructions in the link and configured the Port Forwarding rules and Firewall & DMZ settings as instructed there.

    Still no change, same behavior as described in OP. (It would have been fine if it worked, but it also kinda makes sense that it didn't work - if the router was really blocking the openvpn ports, then how is the Android and Windows clients working at all?)

    Slightly more info:
    One nuance I did not seem to elaborate on before was that upon connecting with openvpn on Linux, I can actually happily ping and ssh to my servers (all are using IP addresses, no hostnames). Once I've ssh'd, I can traverse directories, check them out with ls, etc. In other words, small commands and small bandwidth stuff (probably small packets?).

    But the moment I try something "heavier" (at least, from my point of view), the vpn connection chokes (it will completely freeze) until the connection restarts itself (I can monitor this visually through the terminal window where I issue the openvpn command). Something "heavy" could be an FTP file transfer, or any browser page load.

    So that's what's really happening. If all I want to do is ssh to a server and see if a process is still running (by checking ps or a log file, or both), that seems doable, mostly. But if I need to actually retrieve or send a file through FTP, or do any internet browsing (accessing a VPN-only web-based corporate system), then openvpn on linux will not work at all. I have to use the Windows client or the Android client for that.

    I wish I can do more troubleshooting. At this point, my lack of intermediate networking skills is a big hindrance - I don't even know where to start. But if I do end up making progress or outright solving this problem, I'll make sure to update this thread.

  12. #12
    Join Date
    Oct 2018
    Location
    New Milford, CT, USA
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: OpenVPN (client) connection issues with certain LAN setup (home)

    Quote Originally Posted by jvroig
    Update: Tried out the instructions in the link and configured the Port Forwarding rules and Firewall & DMZ settings as instructed there.

    Still no change, same behavior as described in OP. (It would have been fine if it worked, but it also kinda makes sense that it didn't work - if the router was really blocking the openvpn ports, then how is the Android and Windows clients working at all?)

    Slightly more info:
    One nuance I did not seem to elaborate on before was that upon connecting with openvpn on Linux, I can actually happily ping and ssh to my servers (all are using IP addresses, no hostnames). Once I've ssh'd, I can traverse directories, check them out with ls, etc. In other words, small commands and small bandwidth stuff (probably small packets?).

    But the moment I try something "heavier" (at least, from my point of view), the vpn connection chokes (it will completely freeze) until the connection restarts itself (I can monitor this visually through the terminal window where I issue the openvpn command). Something "heavy" could be an FTP file transfer, or any browser page load.

    So that's what's really happening. If all I want to do is ssh to a server and see if a process is still running (by checking ps or a log file, or both), that seems doable, mostly. But if I need to actually retrieve or send a file through FTP, or do any internet browsing (accessing a VPN-only web-based corporate system), then openvpn on linux will not work at all. I have to use the Windows client or the Android client for that.

    I wish I can do more troubleshooting. At this point, my lack of intermediate networking skills is a big hindrance - I don't even know where to start. But if I do end up making progress or outright solving this problem, I'll make sure to update this thread.
    Hey jvroig ,

    Just wondering if you've ever came up with a solution to this? I'm assuming by this point you've probably tried the latest version of Fedora (27/28) and now it just works (possibly???). I've having a similar yet slightly different problem. I have two laptops on the same network (both wired/wireless) and only difference is one has Fedora 28 and other Fedora 27. The one with Fedora 28 connects to the OpenVPN and works perfect. The other laptop running Fedora 27 won't even establish the initial connection. When I click connect (Fed27), it hangs for maybe 30-45 seconds trying to connect then fails. All configurations are identical other than the OS version between them.

    Unfortunately I can't upgrade the second laptop to Fed28 due to changes in the graphics and/or window manager. A LiveUSB of Fed28 won't even boot on the laptop (HP zBook 15 w/Nvidia dedicated graphics). The primary laptop with Fed28 has basic integrated graphics and that's the real difference between them. It's very frustrating that changes to the display drivers and window managers keep being made. I also have a Dell XPS 15 9560 laptop and Fed28 also won't even boot (even with adding additional boot kernel parameters in). The worst thing is that Fed25 works and boots, Fed26 doesn't, Fed27 does, Fed28 doesn't.

    Why in the world does this keep happening between versions? Both the HP zBook 15 and Dell XPS 15 have nVidia graphics adapters so that's the clear common denominator but it's really aggravating that I can't even boot them from a LiveUSB of Fed28 (btw I've also tried latest Ubuntu 18.04 LTS and that doesn't boot either) so it must be either nouveau drivers or the latest Gnome version. On the Fed27 I've updated to the latest kernel and still works fine.

Similar Threads

  1. How to setup PPPOE connection between Acces Concentrator and Client
    By anuragdixit09 in forum Servers & Networking
    Replies: 1
    Last Post: 12th July 2013, 06:07 PM
  2. [SOLVED]
    Client Login Issues on NIS/NFS-Based Setup using Fedora 17
    By physics in forum Servers & Networking
    Replies: 0
    Last Post: 1st September 2012, 12:02 AM
  3. OpenVPN client disconnects me from LAN
    By flaim in forum Servers & Networking
    Replies: 2
    Last Post: 16th September 2009, 08:02 PM
  4. Openvpn Client Setup on FC5
    By kw1502 in forum Servers & Networking
    Replies: 3
    Last Post: 29th October 2006, 08:59 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
[[template footer(Guest)]]