theinvinciblesun Posted March 14, 2016 Share Posted March 14, 2016 Hi, I setup OpenVPN correctly as guided by Darren in the "Access Internal Networks" video and it works perfectly. I can access all the nodes in the victim LAN. However the victim computer on which the turtle is deployed cannot access Internet. If try to ping any host on the internet say 8.8.8.8, it says 172.16.84.1 Destination unreachable Packets get rejected at the default gateway i.e. turtle However if I SSH into the turtle then I can ping any host on the internet using turtle shell. Its as if the turtle and the openvpn module access the internet but the victim computer cannot. Kindly advice. I have also updated the DNS servers as mentioned in the previous post but to no avail. Link to comment Share on other sites More sharing options...
TheLinuxMachine Posted June 4, 2016 Share Posted June 4, 2016 In this video I have described a problem that I have experienced with the openvpn access server, please watch this video, if you find a solution to the problem I have described please post it in this forum. Link to comment Share on other sites More sharing options...
monachus Posted September 2, 2016 Share Posted September 2, 2016 The problem is with the network config for uci. There are no default firewall rules for handling vpn traffic. Without them the turtle won't pass traffic from the vpn interface to the br-lan interface. You can correct this by adding the following to /etc/config/firewall on the turtle. Put it in around line 26, before the lines that start with "config rule": config zone option name 'vpn' list network 'vpn' option input ACCEPT option output ACCEPT option forward REJECT config forwarding option src lan option dest vpn config forwarding option src vpn option dest lan After doing so, run the following: /etc/init.d/network restart This will bounce the interfaces and reset the firewall rules. With these instructions in place, you'll be able to reach the network on the far side of the turtle. Link to comment Share on other sites More sharing options...
monachus Posted September 6, 2016 Share Posted September 6, 2016 A correction to my previous post: eth1 (the physical RJ45 port) is wan, not lan, so your config mods should only be: config zone option name 'vpn' list network 'vpn' option input ACCEPT option output ACCEPT option forward REJECT config forwarding option src vpn option dest wan This was hidden in my earlier testing by some other direct iptables commands while I was trying to sort it out. I discovered today after rebooting the turtle that it no longer worked, and logging showed me that traffic was exiting the wan port. Link to comment Share on other sites More sharing options...
MartyRS1975 Posted September 18, 2016 Share Posted September 18, 2016 Hi I have followed all the instruction here and on Darrens video. Problem i am having is once the VPN opens i have no internet. But i can access the OpenVPN AS from the FQDN but nothing else. I am stumped on what is going on. Link to comment Share on other sites More sharing options...
monachus Posted September 20, 2016 Share Posted September 20, 2016 On 9/18/2016 at 6:05 AM, MartyRS1975 said: Hi I have followed all the instruction here and on Darrens video. Problem i am having is once the VPN opens i have no internet. But i can access the OpenVPN AS from the FQDN but nothing else. I am stumped on what is going on. If your FQDN resolves to a public IP, and you can still reach that when the VPN is up, it sounds like all of your Internet traffic is being routed over the VPN. You probably don't want that (or maybe you do). If you do, check that your OpenVPN AS system is configured to NAT traffic from your VPN network and that it has IP forwarding enabled. OVAS _should_ do this for you with its rules, but check anyway. You can use tcpdump to see if traffic from your client is leaving the VPN server without being NATted first, or if it's leaving at all. On the other hand, if this is _not_ what you want, go into the admin area of AS and under VPN Settings / Routing select "No" for "Should client Internet traffic be routed through the VPN?" If this doesn't resolve your issue, please create a new post with specific information about how you've set up the server, the client, and exactly what behavior you're experiencing. Include details like: Is this with the Turtle or with your computer? Can you ping by IP but not by hostname? Have your DNS servers changed after connecting to the VPN? Have you run the client in debug mode to get more information about the problem? What client are you using, and on what OS? The reason for creating a new post is because your problem is unique to you. We don't want a 400-page long thread about OpenVPN that answers 26 different questions. The reason for including details is because without them, we can only guess, and when we get into guessing, the quality of support drops rapidly. /m Link to comment Share on other sites More sharing options...
My Name Jeff Posted March 6, 2017 Share Posted March 6, 2017 Hello All! I was having the same issue with the destination port unreachable until I made the following changes at the end of Darren's video. If you need help or need screenshots let me know! -Jeff Link to comment Share on other sites More sharing options...
CzarKaan Posted November 5, 2017 Share Posted November 5, 2017 Here is a very simple fix I found that may help. I did the trick for me. https://www.monach.us/operations/turtle-uci-modifications-for-openvpn/ As noted here the default plug-n-play configuration for OpenVPN Access Server doesn’t work. The problem is with the network config for uci. There are no default firewall rules for handling vpn traffic. Without them the turtle won’t pass traffic from the vpn interface to the br-lan interface. You can correct this by adding the following to /etc/config/firewall on the turtle. Put it in around line 26, before the lines that start with config rule: config zone option name 'vpn' list network 'vpn' option input ACCEPT option output ACCEPT option forward REJECT config forwarding option src vpn option dest wan After doing so, run the following: /etc/init.d/network restart This will bounce the interfaces and reset the firewall rules. With these instructions in place, you’ll be able to reach the network on the far side of the turtle. NOTE (2016/09/06): An earlier version of this article (and a corresponding forum post) mistakenly configured the lan interface instead of the wan interface. On the LAN Turtle the RJ45 port is wan. Link to comment Share on other sites More sharing options...
blackha7 Posted January 13, 2019 Share Posted January 13, 2019 Is there any difference between LanTurtle SD and LanTurtle 3G ? I followed the video and additional tweaks to firewall configuration but still cannot ping any machine on the remote turtle network. It says port unreachable once I connect both VPN clients from turtle and local machine. Link to comment Share on other sites More sharing options...
blackha7 Posted January 21, 2019 Share Posted January 21, 2019 Will anyone from Hak5 reply? Guys, it seems you care only for the sales. Link to comment Share on other sites More sharing options...
monachus Posted January 21, 2019 Share Posted January 21, 2019 21 minutes ago, blackha7 said: Will anyone from Hak5 reply? Guys, it seems you care only for the sales. That's not fair. They'll support the product, but you're using open source software, and you're responsible for supporting it. There's no significant difference in the underlying functionality between SD and 3G that would affect your OpenVPN configuration. You haven't given enough information to allow anyone to do any troubleshooting. You said, "I did something, and it doesn't work. Help me." If you'd like to get people to respond, post enough information to allow someone else to understand or duplicate the issue. Some things to ask: Is your VPN up? How do you know? Have you checked the logs on both sides? Anything interesting? How do you have it configured? Routed? Bridged? Are the routes configured properly? You said "firewall," and the response you're getting (destination port unreachable) sounds like firewall interference. If you followed the steps in the video that someone else said fixed this error, and if you still have the error, have you tried opening access completely? Are your zones and interfaces named correctly? Have you run tcpdump on both sides to see if the traffic is routed over the VPN or if it dies locally, remotely, and on what interface? You might also get better visibility and assistance if you start a new thread. Link to comment Share on other sites More sharing options...
sqerk Posted February 8, 2019 Share Posted February 8, 2019 Or use the "route-nopull" option in the client config. Its simple, the client uses the default interface. If the vpn connection is only there for you to connect from the outside, its the way to go. I needed to install OpenVPN 2.4 today, I couldn't find it for the LAN Turtle. I flashed an updated OpenWRT and it works great. Plus access to other more updated Entware packages. Its bare bones, I think smaller than the Hak5 firmware, so a little more breathing room for Entware. https://downloads.openwrt.org/snapshots/targets/ar71xx/generic/openwrt-ar71xx-generic-lan-turtle-squashfs-sysupgrade.bin Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.