I have gotten everything set up to the point that AceManager > Status > VPN shows connected and /etc/openvpn/openvpn-status.log on my server show a connection. However, I can’t get any traffic to go anywhere (public or private) with the VPN enabled. If I disable the VPN and reboot, I can reach the public web.
I would appreciate any suggestions. This is my first day of ownership of this thing and I have a deadline of Monday. Right now I’m tempted to return this thing and use a Raspberry Pi with an LTE USB dongle. That would take me all of 2 hours, but people like things to be “Enterprise”.
I discovered a combination of 2 problems:
- The “VPN > VPN 1 > Advanced” section has these defaults:
tun-mtu 1500
fragment 1300
mssfix 1400
Unless you have specified fragment and mssfix on your OpenVPN server, you must change them to 0. If you change your server config to specify them, it will prevent everyone with existing ovpn configs from being able to send/receive packets even though they will be able to connect without errors.
- I created a test docker container from hub.docker.com/r/kylemanna/openvpn/ However, because the ES450 includes the deprecated “ns-cert-type server” in their client config, I am unable to connect.
Luckily, my production VPN server is old and includes the “nsCertType=server” option in its certificate, so to connect I only had to set:
fragment 0
mssfix 0
It would have saved me 126 hours of work if only I could read the openvpn.conf file the client was using. Not having access to the underlying Linux on this device is unacceptable.