Tethering and OpenVPN

Apparently, I only needed the

➜  ~ sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

For the routing to work. Facebook messenger works like this. I cannot access websites, though. Which leads me to suspect there is still a persistent dns problem…

So is it a DNS problem or do you still have no Internet

I can chat over fb messenger. I cannot access i.e. google.com. I assume this has something to do with DNS.

From a smartphone, I assume.

From a smartphone or from the Pi itself? (Or both)

I can chat on fb messenger from my phone.
I can access the internet from my pi3. I cannot access google.com from my phone.

See here: Tethering - #11 by sam_nazarko

Unfortunately, I have a feeling that this won’t work with OpenVPN. But try it.

Why not?:slight_smile:
I’ve set my dnsproxy to yes already.

➜  ~ cat /etc/connman.prefs
# If set to yes, connman enables a dns proxy running on localhost port 53 and sets /etc/resolv.conf nameservers to point at 127.0.0.1
# If set to no, the dns proxy is disabled and connman will update nameservers directly in /etc/resolv.conf.

dnsproxy=yes

It would have helped if you mentioned that you’ve already set dnsproxy=yes.

What’s the output from running route -n

Sorry. Here’s my route:

➜  ~ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.117.182.1    128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
10.117.182.0    0.0.0.0         255.255.254.0   U     0      0        0 tun0
89.46.103.147   192.168.0.1     255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       10.117.182.1    128.0.0.0       UG    0      0        0 tun0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 tether

Please provide the output from:

cat /etc/resolv.conf
host -v google.com
➜  ~ cat /etc/resolv.conf              
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
➜  ~ host -v google.com  
Trying "google.com"
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31116
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		3	IN	A	74.125.128.138
google.com.		3	IN	A	74.125.128.139
google.com.		3	IN	A	74.125.128.113
google.com.		3	IN	A	74.125.128.100
google.com.		3	IN	A	74.125.128.102
google.com.		3	IN	A	74.125.128.101

Received 124 bytes from 127.0.0.1#53 in 1 ms
Trying "google.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12759
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.			IN	AAAA

;; ANSWER SECTION:
google.com.		242	IN	AAAA	2a00:1450:4013:c02::8b

Received 56 bytes from 127.0.0.1#53 in 0 ms
Trying "google.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7872
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.			IN	MX

;; ANSWER SECTION:
google.com.		542	IN	MX	50 alt4.aspmx.l.google.com.
google.com.		542	IN	MX	20 alt1.aspmx.l.google.com.
google.com.		542	IN	MX	40 alt3.aspmx.l.google.com.
google.com.		542	IN	MX	10 aspmx.l.google.com.
google.com.		542	IN	MX	30 alt2.aspmx.l.google.com.

Received 268 bytes from 127.0.0.1#53 in 46 ms

That means it’s already been cached. Let’s try something you’re unlikely to have used before.

host -v bhg.com

Dns resolution works locally on the pi :

➜  ~ host -v bhg.com
Trying "bhg.com"
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3698
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bhg.com.			IN	A

;; ANSWER SECTION:
bhg.com.		300	IN	A	198.186.175.108

Received 48 bytes from 127.0.0.1#53 in 106 ms
Trying "bhg.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6259
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;bhg.com.			IN	AAAA

;; AUTHORITY SECTION:
bhg.com.		900	IN	SOA	ns-1115.awsdns-11.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

Received 117 bytes from 127.0.0.1#53 in 72 ms
Trying "bhg.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27323
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bhg.com.			IN	MX

;; ANSWER SECTION:
bhg.com.		3600	IN	MX	10 us-smtp-inbound-1.mimecast.com.
bhg.com.		3600	IN	MX	10 us-smtp-inbound-2.mimecast.com.

Received 131 bytes from 127.0.0.1#53 in 93 ms

Yes and appears to be using the proxy correctly, though the error message is a bit strange.

So if you’re getting DNS problems only on the phone, it could be a DHCP problem. Can you see your IP address, etcs and DNS host on the phone?

This is getting interesting.
So I’m using WiFi Monitor on my phone to stat my connection.

My pi is in vpn with:

  • 89.36.224.11 as the assigned vpn ip
  • 188.192.11.131 as the local ip

My phone says:

  • external ip : 188.192.11.131 (so apparently no VPN…)
  • internal ip : 192.168.1.2 (assigned by dhcp I assume)
  • default gateway: 192.168.1.1 (ok I guess)
  • dns1: 0.0.0.0
  • dns2: 0.0.0.0
  • dhcp server: 192.168.1.1 (ok I guess)

Looks like the dns servers are not set and the tunnelling through vpn is not working…

Update: After a couple of minutes, the external ip address in WiFi Monitor on my phone field went blank. Nothing is displayed.

The 188 number doesn’t make a lot of sense to me, but let’s stick with DNS for now.

The two DNS addresses are zeroed. Since this isn’t a routing table, it’s effectively blank. So it looks like DHCP isn’t doing its stuff. Clearly, the next step must be to try, if possible, to manually set a DNS IP address on the phone.

… works if I set up a static IP. This is already a major win, thank you.
But I would really like to get dhcp running, if possible. What else could we try?

EDIT: I mean dhcp still assigns a correct automatic IP (192.168.1.2). So at least that part works, right?

EDIT2: Seems like my external IP from my phone is the one from VPN! Awesome.

It’s already running. just sub-optimally. :wink: I’ll need to do a bit of research to see what’s happening in the background.

1 Like

But 188.192.11.131 is your real IP address, so how is it being seen?