DNS is leaked

pexis · 5 September 2021 23:04

Hi all,

I noticed that my DNS is leaking when using viscosity.

I saw the following on the logs:

2021-09-06 00:49:31: WARNING: The DNS server 192.168.100.1 is not routed through the VPN connection. DNS lookups to this server may travel over a different network interface (en0)

I have the options of full DNS (with the IP of the router where the vpn is installed) and I am redirecting all the traffic via the VPN.

I think it might be due to a misconfiguration. The full log:

2021-09-06 00:49:25: Viscosity Mac 1.9.4 (1578)
2021-09-06 00:49:25: Viscosity OpenVPN Engine Started
2021-09-06 00:49:25: Running on macOS 11.5.2
2021-09-06 00:49:25: ---------
2021-09-06 00:49:25: State changed to Connecting
2021-09-06 00:49:25: Checking reachability status of connection…
2021-09-06 00:49:25: Connection is reachable. Starting connection attempt.
2021-09-06 00:49:25: OpenVPN 2.4.11 arm-apple-darwin20.0.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Aug 26 2021
2021-09-06 00:49:25: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-09-06 00:49:26: Resolving address: x.ddns.net
2021-09-06 00:49:26: Valid endpoint found: XXXXX:udp
2021-09-06 00:49:26: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2021-09-06 00:49:26: TCP/UDP: Preserving recently used remote address: [AF_INET]XXXXX
2021-09-06 00:49:26: UDP link local: (not bound)
2021-09-06 00:49:26: UDP link remote: [AF_INET]XXXXX
2021-09-06 00:49:26: State changed to Authenticating
2021-09-06 00:49:26: [netgear] Peer Connection Initiated with [AF_INET]109.192.219.5:12974
2021-09-06 00:49:26: GDG6: problem writing to routing socket: No such process (errno=3)
2021-09-06 00:49:26: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2021-09-06 00:49:26: OpenVPN ROUTE: failed to parse/resolve route for host/network: fc00::/7
2021-09-06 00:49:26: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2021-09-06 00:49:26: OpenVPN ROUTE: failed to parse/resolve route for host/network: 3000::/4
2021-09-06 00:49:26: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2021-09-06 00:49:26: OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/4
2021-09-06 00:49:26: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2021-09-06 00:49:26: OpenVPN ROUTE: failed to parse/resolve route for host/network: ::/3
2021-09-06 00:49:26: DHCP enabled on tap interface en7
2021-09-06 00:49:27: TUN/TAP device en7 opened
2021-09-06 00:49:31: NOTE: unable to redirect default gateway – VPN gateway parameter (–route-gateway or --ifconfig) is missing
2021-09-06 00:49:31: WARNING: OpenVPN was configured to add an IPv6 route over en7. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
2021-09-06 00:49:31: WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
2021-09-06 00:49:31: Initialization Sequence Completed
2021-09-06 00:49:31: DNS mode set to Full
2021-09-06 00:49:31: DNS Server/s: 192.168.x.x
2021-09-06 00:49:31: WARNING: The DNS server 192.168.x.x is not routed through the VPN connection. DNS lookups to this server may travel over a different network interface (en0).
2021-09-06 00:49:31: State changed to Connected
2021-09-06 00:49:31: DNS change detected, restoring DNS settings
2021-09-06 00:49:54: Extracted DHCP router address: 192.168.x.x
2021-09-06 00:49:57: DNS change detected, restoring DNS settings

The extra configuration params are:

cipher AES-128-CBC
push “sndbuf 393216”
push “rcvbuf 393216”
sndbuf 393216
resolv-retry infinite
rcvbuf 393216
comp-lzo
verb 0

Any suggestion?

I would be really happy to get a couple of helping eyes here, thanks before hand!

James · 6 September 2021 08:06

Hi pexis,

The problem here is that your IP address information (and routing) is coming from a DHCP server, which is taking a few seconds, however OpenVPN isn’t configured to wait for this information. You can fix this with two quick changes:

Edit your connection in Viscosity
Click on the “Networking” tab
Enter “dhcp” (without the quotes) into the “Default Gateway” field
Click on the “Advanced” tab
On a new line in the configuration commands area enter “route-delay auto” (without the quotes)
Click Save and try connecting

Cheers,
James

pexis · 6 September 2021 20:00

Thanks!
Works like a charm

pexis · 8 September 2021 15:42

Update: After a couple of day the problem persists. I double check your answer and everything is as you wrote, the updated logs are:

2021-09-08 17:33:04: Viscosity Mac 1.9.4 (1578)
2021-09-08 17:33:04: Viscosity OpenVPN Engine Started
2021-09-08 17:33:04: Running on macOS 11.5.2
2021-09-08 17:33:04: ---------
2021-09-08 17:33:04: State changed to Connecting
2021-09-08 17:33:04: Checking reachability status of connection…
2021-09-08 17:33:04: DNS resolution failed for x.ddns.net
2021-09-08 17:33:04: Connection is not reachable. Disconnecting.
2021-09-08 17:33:04: State changed to Disconnected (Not Reachable)
2021-09-08 17:33:04: Connection will be reconnected when it becomes reachable
2021-09-08 17:33:07: Reconnecting connection as it is now reachable
2021-09-08 17:33:07: Viscosity Mac 1.9.4 (1578)
2021-09-08 17:33:07: Viscosity OpenVPN Engine Started
2021-09-08 17:33:07: Running on macOS 11.5.2
2021-09-08 17:33:07: ---------
2021-09-08 17:33:07: State changed to Connecting
2021-09-08 17:33:07: Checking reachability status of connection…
2021-09-08 17:33:07: Connection is reachable. Starting connection attempt.
2021-09-08 17:33:07: OpenVPN 2.4.11 arm-apple-darwin20.0.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Aug 26 2021
2021-09-08 17:33:07: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-09-08 17:33:07: Resolving address: XXXX
2021-09-08 17:33:07: Valid endpoint found: XXXX> :12974:> udp
2021-09-08 17:33:07: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2021-09-08 17:33:07: TCP/UDP: Preserving recently used remote address: [AF_INET]109.192.219.5:12974
2021-09-08 17:33:07: UDP link local: (not bound)
2021-09-08 17:33:07: UDP link remote: [AF_INET]XXXX:12974
2021-09-08 17:33:07: State changed to Authenticating
2021-09-08 17:33:07: [netgear] Peer Connection Initiated with [AF_INET]109.192.219.5:12974
2021-09-08 17:33:07: GDG6: problem writing to routing socket: No such process (errno=3)
2021-09-08 17:33:07: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2021-09-08 17:33:07: OpenVPN ROUTE: failed to parse/resolve route for host/network: fc00::/7
2021-09-08 17:33:07: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2021-09-08 17:33:07: OpenVPN ROUTE: failed to parse/resolve route for host/network: 3000::/4
2021-09-08 17:33:07: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2021-09-08 17:33:07: OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/4
2021-09-08 17:33:07: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2021-09-08 17:33:07: OpenVPN ROUTE: failed to parse/resolve route for host/network: ::/3
2021-09-08 17:33:07: TUN/TAP device en7 opened
2021-09-08 17:33:07: DHCP enabled on tap interface en7
2021-09-08 17:33:29: NOTE: unable to redirect default gateway – VPN gateway parameter (–route-gateway or --ifconfig) is missing
2021-09-08 17:33:29: WARNING: OpenVPN was configured to add an IPv6 route over en7. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
2021-09-08 17:33:29: WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
2021-09-08 17:33:29: Initialization Sequence Completed
2021-09-08 17:33:29: DNS mode set to Full
2021-09-08 17:33:29: DNS Server/s: 192.168.100.1
2021-09-08 17:33:29: WARNING: The DNS server 192.168.XXXi s not routed through the VPN connection. DNS lookups to this server may travel over a different network interface (en0).
2021-09-08 17:33:29: State changed to Connected
2021-09-08 17:33:37: Extracted DHCP router address: 192.168.XXX
2021-09-08 17:33:39: DNS change detected, restoring DNS settings

Any further suggestions?

pexis · 8 September 2021 16:33

I was able to get rid of many of those warnings following:
https://www.sparklabs.com/forum/t/strange-new-ipv6-warning/1476/1

Nevertheless, I still see:

2021-09-08 18:29:26: WARNING: The DNS server 192.168.100.1 is not routed through the VPN connection. DNS lookups to this server may travel over a different network interface (en0).

I think it could be a misconfiguration at my side…

James · 9 September 2021 09:48

Hi pexis,

Can you please post a copy of the raw configuration data for your connection? Please feel free to censor out any sensitive details before posting.
https://www.sparklabs.com/support/kb/article/logs-and-information-to-provide-support-staff/#1-raw-configuration-data

Cheers,
James

pexis · 9 September 2021 10:50

Hi James,

Would yo mind to remove the ddns website of my first post?

This is the log with verb 5:

2021-09-09 12:42:30: Viscosity Mac 1.9.4 (1578)
2021-09-09 12:42:30: Viscosity OpenVPN Engine Started
2021-09-09 12:42:30: Running on macOS 11.5.2
2021-09-09 12:42:30: ---------
2021-09-09 12:42:30: State changed to Connecting
2021-09-09 12:42:30: Checking reachability status of connection…
2021-09-09 12:42:30: Connection is reachable. Starting connection attempt.
2021-09-09 12:42:30: Current Parameter Settings:
2021-09-09 12:42:30: config = ‘config.conf’
2021-09-09 12:42:30: mode = 0
2021-09-09 12:42:30: show_ciphers = DISABLED
2021-09-09 12:42:30: show_digests = DISABLED
2021-09-09 12:42:30: show_engines = DISABLED
2021-09-09 12:42:30: genkey = DISABLED
2021-09-09 12:42:30: key_pass_file = ‘[UNDEF]’
2021-09-09 12:42:30: show_tls_ciphers = DISABLED
2021-09-09 12:42:30: connect_retry_max = 0
2021-09-09 12:42:30: Connection profiles [0]:
2021-09-09 12:42:30: proto = udp
2021-09-09 12:42:30: local = ‘[UNDEF]’
2021-09-09 12:42:30: local_port = ‘[UNDEF]’
2021-09-09 12:42:30: remote = ‘ddns’
2021-09-09 12:42:30: remote_port = ‘12974’
2021-09-09 12:42:30: remote_float = DISABLED
2021-09-09 12:42:30: bind_defined = DISABLED
2021-09-09 12:42:30: bind_local = DISABLED
2021-09-09 12:42:30: bind_ipv6_only = DISABLED
2021-09-09 12:42:30: connect_retry_seconds = 5
2021-09-09 12:42:30: connect_timeout = 120
2021-09-09 12:42:30: socks_proxy_server = ‘[UNDEF]’
2021-09-09 12:42:30: socks_proxy_port = ‘[UNDEF]’
2021-09-09 12:42:30: tun_mtu = 1500
2021-09-09 12:42:30: tun_mtu_defined = ENABLED
2021-09-09 12:42:30: link_mtu = 1500
2021-09-09 12:42:30: link_mtu_defined = DISABLED
2021-09-09 12:42:30: tun_mtu_extra = 32
2021-09-09 12:42:30: tun_mtu_extra_defined = ENABLED
2021-09-09 12:42:30: mtu_discover_type = -1
2021-09-09 12:42:30: fragment = 0
2021-09-09 12:42:30: mssfix = 1450
2021-09-09 12:42:30: explicit_exit_notification = 0
2021-09-09 12:42:30: Connection profiles END
2021-09-09 12:42:30: remote_random = DISABLED
2021-09-09 12:42:30: ipchange = ‘[UNDEF]’
2021-09-09 12:42:30: dev = ‘vtap’
2021-09-09 12:42:30: dev_type = ‘tap’
2021-09-09 12:42:30: dev_node = ‘[UNDEF]’
2021-09-09 12:42:30: lladdr = ‘[UNDEF]’
2021-09-09 12:42:30: topology = 1
2021-09-09 12:42:30: ifconfig_local = ‘[UNDEF]’
2021-09-09 12:42:30: ifconfig_remote_netmask = ‘[UNDEF]’
2021-09-09 12:42:30: ifconfig_noexec = DISABLED
2021-09-09 12:42:30: ifconfig_nowarn = DISABLED
2021-09-09 12:42:30: ifconfig_ipv6_local = ‘[UNDEF]’
2021-09-09 12:42:30: ifconfig_ipv6_netbits = 0
2021-09-09 12:42:30: ifconfig_ipv6_remote = ‘[UNDEF]’
2021-09-09 12:42:30: shaper = 0
2021-09-09 12:42:30: mtu_test = 0
2021-09-09 12:42:30: mlock = DISABLED
2021-09-09 12:42:30: keepalive_ping = 0
2021-09-09 12:42:30: keepalive_timeout = 0
2021-09-09 12:42:30: inactivity_timeout = 0
2021-09-09 12:42:30: ping_send_timeout = 0
2021-09-09 12:42:30: ping_rec_timeout = 0
2021-09-09 12:42:30: ping_rec_timeout_action = 0
2021-09-09 12:42:30: ping_timer_remote = DISABLED
2021-09-09 12:42:30: remap_sigusr1 = 0
2021-09-09 12:42:30: persist_tun = ENABLED
2021-09-09 12:42:30: persist_local_ip = DISABLED
2021-09-09 12:42:30: persist_remote_ip = DISABLED
2021-09-09 12:42:30: persist_key = ENABLED
2021-09-09 12:42:30: passtos = DISABLED
2021-09-09 12:42:30: resolve_retry_seconds = 1000000000
2021-09-09 12:42:30: resolve_in_advance = DISABLED
2021-09-09 12:42:30: username = ‘[UNDEF]’
2021-09-09 12:42:30: groupname = ‘[UNDEF]’
2021-09-09 12:42:30: chroot_dir = ‘[UNDEF]’
2021-09-09 12:42:30: cd_dir = ‘[UNDEF]’
2021-09-09 12:42:30: writepid = ‘[UNDEF]’
2021-09-09 12:42:30: up_script = ‘[UNDEF]’
2021-09-09 12:42:30: down_script = ‘[UNDEF]’
2021-09-09 12:42:30: down_pre = DISABLED
2021-09-09 12:42:30: up_restart = DISABLED
2021-09-09 12:42:30: up_delay = DISABLED
2021-09-09 12:42:30: daemon = DISABLED
2021-09-09 12:42:30: inetd = 0
2021-09-09 12:42:30: log = DISABLED
2021-09-09 12:42:30: suppress_timestamps = DISABLED
2021-09-09 12:42:30: machine_readable_output = DISABLED
2021-09-09 12:42:30: nice = 0
2021-09-09 12:42:30: verbosity = 5
2021-09-09 12:42:30: mute = 100
2021-09-09 12:42:30: status_file = ‘[UNDEF]’
2021-09-09 12:42:30: status_file_version = 1
2021-09-09 12:42:30: status_file_update_freq = 60
2021-09-09 12:42:30: occ = ENABLED
2021-09-09 12:42:30: rcvbuf = 393216
2021-09-09 12:42:30: sndbuf = 393216
2021-09-09 12:42:30: sockflags = 0
2021-09-09 12:42:30: fast_io = DISABLED
2021-09-09 12:42:30: comp.alg = 2
2021-09-09 12:42:30: comp.flags = 1
2021-09-09 12:42:30: route_script = ‘[UNDEF]’
2021-09-09 12:42:30: route_default_gateway = ‘[UNDEF]’
2021-09-09 12:42:30: route_default_metric = 0
2021-09-09 12:42:30: route_noexec = DISABLED
2021-09-09 12:42:30: route_delay = 120
2021-09-09 12:42:30: NOTE: --mute triggered…
2021-09-09 12:42:30: 182 variation(s) on previous 100 message(s) suppressed by --mute
2021-09-09 12:42:30: OpenVPN 2.4.11 arm-apple-darwin20.0.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Aug 26 2021
2021-09-09 12:42:30: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-09-09 12:42:31: Resolving address: ddns
2021-09-09 12:42:31: Valid endpoint found: Server:udp
2021-09-09 12:42:31: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2021-09-09 12:42:31: LZO compression initializing
2021-09-09 12:42:31: Control Channel MTU parms [ L:1654 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2021-09-09 12:42:31: Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
2021-09-09 12:42:31: Local Options String (VER=V4): ‘V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client’
2021-09-09 12:42:31: Expected Remote Options String (VER=V4): ‘V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server’
2021-09-09 12:42:31: TCP/UDP: Preserving recently used remote address: [AF_INET]Server:12974
2021-09-09 12:42:31: Socket Buffers: R=[786896->393216] S=[9216->393216]
2021-09-09 12:42:31: UDP link local: (not bound)
2021-09-09 12:42:31: UDP link remote: [AF_INET]Server:12974
2021-09-09 12:42:31: State changed to Authenticating
2021-09-09 12:42:31: TLS: Initial packet from [AF_INET]Server:12974, sid=1c5ffdfd 8b669bef
2021-09-09 12:42:31: VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, emailAddress=> [email protected]
2021-09-09 12:42:31: VERIFY OK: depth=0, C=TW, ST=TW, O=netgear, OU=netgear, CN=netgear, emailAddress=> [email protected]
2021-09-09 12:42:31: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 1024 bit RSA
2021-09-09 12:42:31: [netgear] Peer Connection Initiated with [AF_INET]Server:12974
2021-09-09 12:42:31: SENT CONTROL [netgear]: ‘PUSH_REQUEST’ (status=1)
2021-09-09 12:42:31: PUSH: Received control message: ‘PUSH_REPLY,sndbuf 393216,rcvbuf 393216,route 192.XXX.XXX.XXX 255.255.255.0,route-delay 5,route-gateway dhcp,ping 10,ping-restart 120,peer-id 0,cipher AES-256-GCM’
2021-09-09 12:42:31: Pushed option removed by filter: ‘route-delay 5’
2021-09-09 12:42:31: OPTIONS IMPORT: timers and/or timeouts modified
2021-09-09 12:42:31: OPTIONS IMPORT: --sndbuf/–rcvbuf options modified
2021-09-09 12:42:31: Socket Buffers: R=[393216->393216] S=[393216->393216]
2021-09-09 12:42:31: OPTIONS IMPORT: route options modified
2021-09-09 12:42:31: OPTIONS IMPORT: route-related options modified
2021-09-09 12:42:31: OPTIONS IMPORT: peer-id set
2021-09-09 12:42:31: OPTIONS IMPORT: adjusting link_mtu to 1657
2021-09-09 12:42:31: OPTIONS IMPORT: data channel crypto options modified
2021-09-09 12:42:31: Data Channel: using negotiated cipher ‘AES-256-GCM’
2021-09-09 12:42:31: Data Channel MTU parms [ L:1585 D:1450 EF:53 EB:411 ET:32 EL:3 ]
2021-09-09 12:42:31: Outgoing Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
2021-09-09 12:42:31: Incoming Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
2021-09-09 12:42:31: DHCP enabled on tap interface en7
2021-09-09 12:42:32: TUN/TAP device en7 opened
2021-09-09 12:42:51: Extracted DHCP router address: 192.XXX.XXX.XXX
2021-09-09 12:42:52: /sbin/route add -net 192.168.XXX.0 192.168.XXX.1 255.255.255.0
2021-09-09 12:42:52: WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
2021-09-09 12:42:52: Initialization Sequence Completed
2021-09-09 12:42:52: DNS mode set to Full
2021-09-09 12:42:52: DNS Server/s: 192.168.XXX.XXX
2021-09-09 12:42:52: WARNING: The DNS server 192.168.XXX.XXX is not routed through the VPN connection. DNS lookups to this server may travel over a different network interface (en0).
2021-09-09 12:42:53: State changed to Connected
2021-09-09 12:42:53: DNS change detected, restoring DNS settings

I was able to see the right IP (internal VPN network with its location using https://whatismyipaddress.com/de/meine-ip) after doing the first solution that you told me. Thanks for having a look to the problem again!

James · 10 September 2021 12:26

Hi pexis,

That’s your log, however we really need a copy of your raw configuration file to see how your connection is configured. Information on how to obtain this can be found in the previous link.

I have edited out your server address.

Cheers,
James

James · 10 September 2021 12:29

Also, your remote VPN network is using the IP range 192.168.x.x. Is the network you are connecting from using the same 192.168.x.x range as well? If so, the remote range will be clashing with the local range, causing 192.168.x.x traffic to still use the local network.

Cheers,
James

pexis · 10 September 2021 19:37

The VPN network is 192.168.100.x so it shouldn’t, clash with the usual 192.168.1.x networks, please correct me if I am wrong.

The configuration data is:

#-- Configuration Generated By Viscosity --#

#viscosity startonopen false
#viscosity usepeerdns true
#viscosity dns full
#viscosity protocol openvpn
#viscosity dnsserver 192.168.100.1
#viscosity autoreconnect true
#viscosity ipv6 false
#viscosity name test
#viscosity dhcp true
route-gateway dhcp
remote dens 12974 udp
nobind
dev tap
persist-tun
persist-key
compress lzo
pull
tls-client
ca ca.crt
cert cert.crt
key key.key
resolv-retry infinite
route-delay auto
push “sndbuf 393216”
push “rcvbuf 393216”
cipher AES-128-CBC
rcvbuf 393216
comp-lzo
verb 5
sndbuf 393216

Cheers,
J

James · 12 September 2021 12:17

The VPN network is 192.168.100.x so it shouldn’t, clash with the usual 192.168.1.x networks, please correct me if I am wrong.

A clash can occur if the local network is using the same IP range as the remote network. If the network you’re connecting from is 192.168.100.x, and the remote VPN network also uses 192.168.100.x, then you have a clash.

Make sure that when testing your VPN connection you’re not connecting from the same networking you’re VPNing into. For example, if this setup is to allow remote access to your home, don’t attempt to test it by VPNing from your home network. Disconnect from your home network and use a different internet connection (for example, tethered to your phone).

I recommend connecting to the VPN connection and viewing the routing table, to see whether there are any other 192.168.100.x ranges being used locally.
https://www.sparklabs.com/support/kb/article/troubleshooting-connection-problems/#checking-for-a-routing-problem

The configuration data is

That all looks fine.

Cheers,
James

pexis · 13 September 2021 15:10

Hi James,

so I went back to my home after being in Spain, using my cellphone as a hotspot I didn’t have any kind of problems, I would reduce this to a clash of the IP address. The hotel was using 192.168.1.X and the VPN networks uses 192.168.100.X, what would be a recommended IP for the VPN network (at home)?

Cheers and thanks for the great support!
J

James · 14 September 2021 08:32

Hi pexis,

It sounds likely that while you were being assigned a 192.168.100.x IP address at the hotel, it was probably using the 192.168.1.x range as well (and pushing this out via the DHCP server). This is pretty common for large hotels (where they assign a different /24 or /16 range to each floor for example).

You have a couple of options:

You can change your home network to use a less common private range. You can see a list of available ranges at the link below. Typically picking something in the 10.x.x.x range has a greater chance of avoiding clashes (as it’s a much larger available range). For example, you could use 10.123.45.x for your VPN network. By default OpenVPN uses 10.8.0.x addresses for the VPN network.
https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses
You can leave your home network IP range as it is, and use a different IP range on the OpenVPN server and use NAT to remap the IP addresses. This is something you would need to consult your server documentation for, or find a guide.

OpenVPN also has a “client-nat” option, which allows you to remap IP addresses client side. For example, you could remap the 192.168.1.x to something like 10.1.2.x, and access things by the 10.1.2.x address instead. However it’s complex to set up, and can result in problems when the server/device you’re accessing isn’t aware it’s being accessed via a different IP address, so we don’t recommend its use unless you have a strong computer networking background.
https://www.sparklabs.com/support/kb/article/advanced-configuration-commands/#client-nat

Cheers,
James