PiVPN issues routing to the local subnet - a Bug

Having issues with your DietPi installation, or, found a bug? Post it here.
dpsguard
Posts: 33
Joined: Mon Aug 03, 2020 12:48 am

PiVPN issues routing to the local subnet - a Bug

Post by dpsguard »

Hi All, Just installed Diet-Pi latest version on a Rpi 4B. And then installed Pi-VPN. From outside the network, I can connect fine from windows laptop or Android phone using OpenVPN client and I can ping the Rpi default VPN subnet gateway ip of 10.8.0.1 as well as I can then SSH into it from that IP. Client to client also works.

The issue I have is that while I can also ping the LAN side IP of the RPi, anything else on the LAN is not reachable. I have pushed route for the Local LAN subnet and client routing table shows the route installed for the Pi-Server LAN subnet. There is no compression statement in server.conf or client config / ovpn files. So I have ruled that out as well.

I then installed tcpdump on the server side RPi and even though I am doing a continuous ping to the LAN interface (eth0) address, tcpdump 0i eth0 icmp and host 192.168.240.225 does not capture any packets. Same happens with any other IP address behind the eth0 on the local network (my home network).

While I should not need any static route in my firewall (pfsense) as eth0 of Rpi is in same subnet as the devices I am trying to reach over VPN from outside home. But I went ahead and added a static route for 10.8.0.0/24 pointed back to the 192.168.240.225 (IP of the RPi). And verified that from any devices at home, I can then ping 10.8.0.1 dircetly. But this did not help pinging 10.8.0.2 or 0.3 for the clients on the VPN.

I have done reboots and restarted the openvpn service on both ends and nothing works. When I do traceroute to eth0 IP from the client side, it works and shows one hop getting to the eth0 address. When I do traceroute to any other address in the same subnet as eth0, there is nothing shown on traceroute. I looked into Iptables -L and there are no rules. So routing should not get affected. Tried adding the NAT masquerading under iptables and saving it and restarting service, does not even show anything populating under iptables. But NAT is only needed if I were to go thru server U-turning back into Internet from there, but I needed simple split tunneling. I commented out statement to not push default route (two split internet prefixes routes), and that works to ensure internet keeps working locally for the connected client.

I had installed Pi-VPN from within DietPi-Software. I then uninstalled it from there and then installed it back using the curl script. Also changed to TCP from UDP etc. Everytime client connects fine (and automatically) and can ping other client and server 10.8.0.1, but nothing behind the server side.

Seems like a bug. Can someone help any further steps to resolve this issue for me? I will be very happy to contribute for the cause.

Thanks so much.
Last edited by dpsguard on Mon Aug 03, 2020 5:46 am, edited 1 time in total.
User avatar
Joulinar
Posts: 2052
Joined: Sat Nov 16, 2019 12:49 am

Re: PiVPN issues routing to the local subnet

Post by Joulinar »

Hi,

many thanks for your message. Pls can you check if you have set net.ipv4.ip_forward=1 within /etc/sysctl.conf
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
dpsguard
Posts: 33
Joined: Mon Aug 03, 2020 12:48 am

Re: PiVPN issues routing to the local subnet

Post by dpsguard »

Thanks for your very prompt help. Yes IP forwarding is enabled in there by default.
dpsguard
Posts: 33
Joined: Mon Aug 03, 2020 12:48 am

Re: PiVPN issues routing to the local subnet

Post by dpsguard »

just flashed another SDcard with raspbian lite and installed PiVPN and it works without any issues. Clearly there is a bug in routing module in the DietPi (at least in new version as I never tested any older versions).
User avatar
Joulinar
Posts: 2052
Joined: Sat Nov 16, 2019 12:49 am

Re: PiVPN issues routing to the local subnet - a Bug

Post by Joulinar »

Hi,

pls can you check the output of following

Code: Select all

sysctl net.ipv4.ip_forward
If you get net.ipv4.ip_forward = 0 you probably missing the symlink

Code: Select all

/etc/sysctl.d/99-sysctl.conf => /etc/sysctl.conf
To recover this symlink if needed

Code: Select all

ln -sf /etc/sysctl.conf /etc/sysctl.d/99-sysctl.conf
Once rebooted, you should get

Code: Select all

net.ipv4.ip_forward = 1
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
dpsguard
Posts: 33
Joined: Mon Aug 03, 2020 12:48 am

Re: PiVPN issues routing to the local subnet - a Bug

Post by dpsguard »

Thanks again. Everything is correct in the file as you have indicated. net.ipv4.ip_forward comes out to be 1.
User avatar
Joulinar
Posts: 2052
Joined: Sat Nov 16, 2019 12:49 am

Re: PiVPN issues routing to the local subnet - a Bug

Post by Joulinar »

I tried it today on may RPi3B+ and it was working well. From my OpenVPN client, I could reach all internal systems as well as connect to the internet.

Do you have the symlink as indicated?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
dpsguard
Posts: 33
Joined: Mon Aug 03, 2020 12:48 am

Re: PiVPN issues routing to the local subnet - a Bug

Post by dpsguard »

Believe the issue could be with RPi 4 B related then. Everything is exactly same. I am now running a test with the VPN link via continuous ping on the Raspbian lite based set up to check the reliability of the tunnel for past two hours. I do have the SDCrad with DietPI set up saved but I will probably try reinstalling the DietPi once again (though I had only PiVPn on top, nothing else), but you never know. I dont have RPi 3 to test on.

I also tested on VirtualBox, but did not get chance to fully test it as VPN server. Will do in a day or two.

Thanks
User avatar
Joulinar
Posts: 2052
Joined: Sat Nov 16, 2019 12:49 am

Re: PiVPN issues routing to the local subnet - a Bug

Post by Joulinar »

I will do a test later the day with my RPi4. But as the image is the same, I don't expect any difference. We will see.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
Joulinar
Posts: 2052
Joined: Sat Nov 16, 2019 12:49 am

Re: PiVPN issues routing to the local subnet - a Bug

Post by Joulinar »

ok I did a test with my RPi4B now. Same result, all working fine. I just flashed a new image and finished initial setup. Once done I was running installation for PiVPN. No further configuration except that it was needed to create following symlink on my system.

Code: Select all

ln -sf /etc/sysctl.conf /etc/sysctl.d/99-sysctl.conf
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply