Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

After connection stablished can't access any of the VPNs websites #1128

Open
rafaelcn opened this issue Jul 20, 2023 · 30 comments
Open

After connection stablished can't access any of the VPNs websites #1128

rafaelcn opened this issue Jul 20, 2023 · 30 comments

Comments

@rafaelcn
Copy link

rafaelcn commented Jul 20, 2023
edited
Loading

Hi, I'm on Fedora and when connecting to a given VPN it does create a network device (ppp0), updates the routes and also prepends information on the DNS file resolve.conf with new entries. The problem is that I can't seem to access any of the services over that VPN, whenever I try to access a website that should be accessible there's no route to it.

I even tried the tun branch version but to no avail, it still doesn't work. If you want I can provide some logs. I tried to use two versions of the openfortivpn, the first is the package provided by my operating system (Fedora 38) with version 1.19.0 and the other I compiled myself from the branch tun (revision v1.20.4+git5.gbeefa44).

I don't know the version of FortiOS on the other end of the VPN.
@DimitriPapadopoulos
Copy link
Collaborator

DimitriPapadopoulos commented Jul 20, 2023
edited
Loading

Can you ping the IP address of the website but not the DNS name? Can you ping the DNS name?

Also please read Reporting issues. We'll see whether logs are needed after you answer the above questions.

@rafaelcn
Copy link
Author

rafaelcn commented Jul 20, 2023
edited
Loading

I can't do either, the only thing that resolves is the actual address of the VPN. I'll add more information as in the reporting issues section

@DimitriPapadopoulos
Copy link
Collaborator

Have you built the latest openfortivpn version? Used the RPM package?

@rafaelcn
Copy link
Author

Updated this information on the issue description

@DimitriPapadopoulos
Copy link
Collaborator

Then I guess routing hasn't been properly set. It would be useful to see routes before/after running the VPN:

ip route

@rafaelcn
Copy link
Author

rafaelcn commented Jul 20, 2023
edited
Loading

They were, I verified the routes before and after the VPN starts and also initialized the openfortivpn on debug mode just to see what it did. The routes look a lot like the ones that are set up on my Windows machine when I connect using the official VPN client. Same thing with the resolv.conf file, it gets updated with two addresses for a nameserver and a search statement with lots of domains from the VPN.

@msdobrescu

This comment was marked as off-topic.

Sign in to view
@msdobrescu

This comment was marked as off-topic.

Sign in to view
@DimitriPapadopoulos

This comment was marked as off-topic.

Sign in to view
@msdobrescu

This comment was marked as off-topic.

Sign in to view
@msdobrescu

This comment was marked as off-topic.

Sign in to view
@rafaelcn
Copy link
Author

@DimitriPapadopoulos any thoughts on how can I make any discovery about this problem? I can provide the log output from pppd and also the route/interface output.

@DimitriPapadopoulos
Copy link
Collaborator

You could try FortiClient in addition to openfortivpn and compare routing after starting either VPN. Possible issues:

Perhaps a detailed log (-v -v -v) might help here, but I suspect looking at routing after starting FortiClient and openfortivpn could provide better clues.

@rafaelcn
Copy link
Author

rafaelcn commented Jul 23, 2023
edited
Loading

I know for sure that I won't be using IPv6 and the official client doesn't work for some reason, it fails with the error Config routing table failed which I assumed was because it didn't require any root permissions but the vpn program from the official client requires and fails for the same reason. Either way, it is another product and I was happy when the openfortivpn client connected to the VPN successfully.

I have the routing table from both programs (one in Linux and the other in Windows) and I'll compare them). What would be the other routing issue from what I told you about?

@rafaelcn
Copy link
Author

I was worried that my requests were not being forwarded through the ppp0 interface created by openfortivpn so is there any way of debugging that? can I use iptables in some way to get more information about this problem?

@mrbaseman
Copy link
Collaborator

It could be the firewall, which doesn't allow the traffic that you would expect - either that your local iptables doesn't allow traffic to the ppp0 device, or the Fortigate at the other end of the tunnel. But if nothing is allowed per policy on the Fortigate, it wouldn't even push the routes.

Maybe endpoit detection is active and the Fortigate only allows specific clients (e.g. official windows Forticlient instances) - I have no experience, but I know this feature has been added to FortiOS

@DimitriPapadopoulos
Copy link
Collaborator

Indeed, endpoint detection might be the issue here. Have you tried FortiClient?

@rafaelcn
Copy link
Author

@DimitriPapadopoulos, yes I tried as I wrote in the previous comment. So I happen to connect to the endpoint successfully and I do have routes configured just right. @mrbaseman I tried to disable the firewall before and even change the selinux policy to permissive but it didn't work as I was expecting. I'll try to disable the firewall and then have a look at the IP tables and maybe add a rule to the VPN interface created by openfortivpn (?).

I even tried to reverse engineer the official client to see where the failure point was being thrown and I'm leaning towards the conclusion of the client not having the right set of permissions to configure routes or whatever it actually tries to do (it's very hard to read disassembled code)

@DimitriPapadopoulos
Copy link
Collaborator

The Windows client relies on IPSec by default, while the Linux client is an SSL VPN. Perhaps VPN SSL is not enabled on that VPN server.

I was happy when the openfortivpn client connected to the VPN successfully.

What happened since then? Upgrade of the VPN server? Upgrade of your own Linux machine?

@rafaelcn
Copy link
Author

I meant that I was happy that openfortivpn was able to connect to the VPN server as the official client couldn't. Even though I connect to the VPN server successfully I'm unable to access any of the websites over that VPN for some reason.

Let me show you the debug information for the openfortivpn client. Don't worry because all of the personal information is redacted in some way.

openfortivpn -v 

DEBUG:  openfortivpn 1.19.0
DEBUG:  revision unavailable
DEBUG:  Loaded configuration file "/etc/openfortivpn/config".
DEBUG:  Loaded password from configuration file "/etc/openfortivpn/config"
DEBUG:  Configuration host = "teletrabalho.someplace.com.br"
DEBUG:  Configuration realm = ""
DEBUG:  Configuration port = "443"
DEBUG:  Configuration username = "user.name"
DEBUG:  Resolving gateway host ip
DEBUG:  Establishing ssl connection
DEBUG:  SO_KEEPALIVE: OFF
DEBUG:  TCP_KEEPIDLE: 7200
DEBUG:  TCP_KEEPINTVL: 75
DEBUG:  TCP_KEEPCNT: 9
DEBUG:  SO_SNDBUF: 16384
DEBUG:  SO_RCVBUF: 131072
DEBUG:  server_addr: 187.72.XXX.XXX
DEBUG:  server_port: 443
DEBUG:  gateway_addr: 187.72.XXX.XXX
DEBUG:  gateway_port: 443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Setting minimum protocol version to: 0x303.
DEBUG:  Gateway certificate validation succeeded.
INFO:   Connected to gateway.
DEBUG:  Empty cookie.
Two-factor authentication token: 
DEBUG:  Cookie: SVPNCOOKIE=<redacted>
INFO:   Authenticated.
DEBUG:  Cookie: SVPNCOOKIE=<redacted>
INFO:   Remote gateway has allocated a VPN.
DEBUG:  SO_KEEPALIVE: OFF
DEBUG:  TCP_KEEPIDLE: 7200
DEBUG:  TCP_KEEPINTVL: 75
DEBUG:  TCP_KEEPCNT: 9
DEBUG:  SO_SNDBUF: 16384
DEBUG:  SO_RCVBUF: 131072
DEBUG:  server_addr: 187.72.XXX.XXX
DEBUG:  server_port: 443
DEBUG:  gateway_addr: 187.72.XXX.XXX
DEBUG:  gateway_port: 443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Setting minimum protocol version to: 0x303.
DEBUG:  Gateway certificate validation succeeded.
DEBUG:  Retrieving configuration
DEBUG:  found dns suffix b.br;s.com.br;h.com.br;s.c.br;c.com.br in xml config
DEBUG:  found dns server 10.210.XXX.XXX in xml config
DEBUG:  found dns server 10.100.XXX.XXX in xml config
DEBUG:  Establishing the tunnel
DEBUG:  ppp_path: /usr/sbin/pppd
DEBUG:  Switch to tunneling mode
DEBUG:  Starting IO through the tunnel
DEBUG:  pppd_read thread
DEBUG:  ssl_read thread
DEBUG:  ssl_write thread
DEBUG:  if_config thread
Using interface ppp0
Connect: ppp0 <--> /dev/pts/5
DEBUG:  pppd ---> gateway (16 bytes)
DEBUG:  pppd_write thread
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  gateway ---> pppd (16 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  pppd ---> gateway (17 bytes)
DEBUG:  pppd ---> gateway (18 bytes)
DEBUG:  pppd ---> gateway (16 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  gateway ---> pppd (6 bytes)
DEBUG:  gateway ---> pppd (17 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  pppd ---> gateway (6 bytes)
DEBUG:  pppd ---> gateway (6 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  gateway ---> pppd (24 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  gateway ---> pppd (6 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
INFO:   Got addresses: [172.20.XXX.XXX], ns [10.210.XXX.XXX, 10.100.XXX.XXX], ns_suffix [b.br;s.com.br;h.com.br;s.c.br;c.com.br]
INFO:   Negotiation complete.
DEBUG:  Got Address: 172.20.XXX.XXX
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 172.20.XXX.XXX
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 172.20.XXX.XXX
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  Got Address: 172.20.XXX.XXX
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 172.20.XXX.XXX
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 172.20.XXX.XXX
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 172.20.XXX.XXX
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  Got Address: 172.20.XXX.XXX
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (16 bytes)
DEBUG:  pppd ---> gateway (16 bytes)
DEBUG:  gateway ---> pppd (6 bytes)
INFO:   Negotiation complete.
DEBUG:  pppd ---> gateway (6 bytes)
local  IP address 172.20.XXX.XXX
remote IP address 169.254.XXX.XXX
DEBUG:  pppd ---> gateway (42 bytes)
DEBUG:  Got Address: 172.20.XXX.XXX
DEBUG:  Interface Name: ppp0
DEBUG:  Interface Addr: 172.20.XXX.XXX
INFO:   Interface ppp0 is UP.
INFO:   Setting new routes...
DEBUG:  ip route show to 0.0.XXX.XXX/0.0.XXX.XXX dev !ppp0
DEBUG:  ip route show to 187.72.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  Route not found.
DEBUG:  ip route show to 187.72.XXX.XXX/255.255.XXX.XXX dev !ppp0
DEBUG:  Setting route to vpn server...
DEBUG:  ip route show to 187.72.XXX.XXX/255.255.XXX.XXX via 192.168.XXX.XXX dev wlp3s0
DEBUG:  ip route add to 187.72.XXX.XXX/255.255.XXX.XXX via 192.168.XXX.XXX dev wlp3s0
DEBUG:  ip route add to 10.220.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.100.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.210.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.221.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.222.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.223.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.224.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.223.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.222.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.240.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.228.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.230.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.238.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.223.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.210.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.26.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.228.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.228.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.228.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 172.21.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 172.21.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 172.21.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 177.66.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 177.66.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 177.66.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 200.218.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 172.21.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 172.21.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.219.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.219.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 172.21.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.209.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 172.21.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 200.198.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 189.9.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 189.9.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 200.19.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 200.19.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 200.19.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 200.19.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 191.239.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 200.175.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 177.54.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.0.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.0.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.0.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.0.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.0.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 198.18.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.0.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 177.54.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.228.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.232.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.0.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 177.54.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 177.54.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 177.54.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 177.54.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 177.54.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 177.54.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 187.72.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 189.125.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 187.72.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 187.72.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 189.125.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 187.72.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 189.125.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 104.41.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 18.231.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 200.242.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.0.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.222.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 177.11.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 189.87.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 189.9.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 192.168.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.219.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.219.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.219.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.219.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 177.11.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 189.87.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.219.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 104.18.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 104.18.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 104.19.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 177.54.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.219.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.219.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 10.219.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 172.21.XXX.XXX/255.255.XXX.XXX dev ppp0
DEBUG:  ip route add to 200.19.XXX.XXX/255.255.XXX.XXX dev ppp0
INFO:   Adding VPN nameservers...
DEBUG:  Attempting to modify /etc/resolv.conf directly.
DEBUG:  Adding "nameserver 10.210.XXX.XXX", to /etc/resolv.conf.
DEBUG:  Adding "nameserver 10.100.XXX.XXX", to /etc/resolv.conf.
DEBUG:  dns_suffix already present in /etc/resolv.conf.
INFO:   Tunnel is up and running.
DEBUG:  pppd ---> gateway (42 bytes)
DEBUG:  pppd ---> gateway (203 bytes)
DEBUG:  pppd ---> gateway (203 bytes)
DEBUG:  pppd ---> gateway (203 bytes)
DEBUG:  pppd ---> gateway (42 bytes)
DEBUG:  pppd ---> gateway (70 bytes)
DEBUG:  pppd ---> gateway (70 bytes)
DEBUG:  pppd ---> gateway (203 bytes)
DEBUG:  pppd ---> gateway (42 bytes)
DEBUG:  pppd ---> gateway (70 bytes)
DEBUG:  pppd ---> gateway (70 bytes)
DEBUG:  pppd ---> gateway (70 bytes)
DEBUG:  pppd ---> gateway (70 bytes)
DEBUG:  pppd ---> gateway (203 bytes)
DEBUG:  pppd ---> gateway (203 bytes)
DEBUG:  pppd ---> gateway (203 bytes)
DEBUG:  pppd ---> gateway (203 bytes)

firewall configuration 

$ firewall-cmd --list-all
FedoraWorkstation (active)
  target: default
  icmp-block-inversion: no
  interfaces: wlp3s0
  sources: 
  services: dhcpv6-client mdns samba-client ssh
  ports: 1025-65535/udp 1025-65535/tcp
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

@DimitriPapadopoulos
Copy link
Collaborator

That's the code that emits the DEBUG: Route not found message, which looks suspect:

	if (rtfound == 0) {
		// should not occur anymore unless there is no default route
		log_debug("Route not found.\n");

By the way, are you able to ping the DNS servers 10.210.XXX.XXX and 10.100.XXX.XXX?

@rafaelcn
Copy link
Author

rafaelcn commented Jul 25, 2023
edited
Loading

Yes, both of them are accessible by ping just fine. Interestingly, the address from that route not found debug message is shown when I try to find it with ip route show | grep "187.72.XXX.XXX". And it shows that the address is accessible from the default gateway of my network.

$ ip route show | grep "187.72.XXX.XXX"
187.72.XXX.XXX via 192.168.0.1 dev wlp3s0

@pkubaj

This comment was marked as off-topic.

Sign in to view
@DimitriPapadopoulos

This comment was marked as off-topic.

Sign in to view
@klaverjan

This comment was marked as off-topic.

Sign in to view
@DimitriPapadopoulos

This comment was marked as off-topic.

Sign in to view
@klaverjan

This comment was marked as off-topic.

Sign in to view
@klaverjan

This comment was marked as off-topic.

Sign in to view
@rafaelcn
Copy link
Author

I'm enjoying quite a lot of these other comments about the same problem. Gonna try to connect again in a few hours and try to do what you did @klaverjan.

@ElhanM
Copy link

ElhanM commented Mar 12, 2024

Similar problem here. I am on Linux Mint. Worked fine for a few days then just stopped working suddenly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@DimitriPapadopoulos @rafaelcn @pkubaj @msdobrescu @mrbaseman @klaverjan @ElhanM