problems with hybrid Vpn

[iidjscottybxz]

i dont know if im doing this right but ive used wireguard on that list and configed the file from sufshark its all saying its connected to wireguard etc but when i add the stuff i want to use as a vpn im not getting no internet on the device. on the device rules it says online and vpn active is there something in the router setting thats stopping me from doing this. i think im on the beta version of netduma R3 router (v4.0.478) 

[Netduma Fraser]

Can you provide the config you're using and omit the private keys please? 

Does anything show in the VPN logs?

[iidjscottybxz]

thats the info to set it up i have tried openvpn to and it says it all on but there is nothing being sent to the devices tried on my ps5 and iphone and laptop its found a obtained ip address on the devices but nothing is sending through its like something in the router is blocking it ipv6 with lan on the router wont make that go funny will it ? 

 

[Netduma Fraser]

I wouldn't have thought so no, have you put a device in the DMZ or anything like that? What is the model of the modem/router the R3 is connected to and how have you set that to ensure all traffic flows to the R3? E.g. R3 in its DMZ, modem/bridge mode

[iidjscottybxz]

virgin media hub is in modem mode and its pluged right into the wan port on the r3 i havent set anything on DMZ. its just strange its all says vpn is online but when i add a device it just dont do anything brings up the ip addresses (on the devices) and thats it wont let me load any web page or anything i didnt know if it was a bug with the beta version i think im on or im putting something wrong in that confi file i dont know lol 

[Netduma Fraser]

Try setting one of the DNS in the config file in the HybridVPN DNS section and see if it works then please

[iidjscottybxz]

nope still the same i have tried openvpn as well and it not working but i get alot of vpn logs i will send now 

[Netduma Fraser]

Can you get the whole log, just copy/paste please

[iidjscottybxz]

Sun Jan 26 23:39:55 2025 OpenVPN 2.4.9 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] Sun Jan 26 23:39:55 2025 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10 Sun Jan 26 23:39:55 2025 WARNING: --ping should normally be used with --ping-restart or --ping-exit Sun Jan 26 23:39:55 2025 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sun Jan 26 23:39:55 2025 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Sun Jan 26 23:39:55 2025 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Sun Jan 26 23:39:55 2025 TCP/UDP: Preserving recently used remote address: [AF_INET]178.239.163.97:1194 Sun Jan 26 23:39:55 2025 Socket Buffers: R=[212992->212992] S=[212992->212992] Sun Jan 26 23:39:55 2025 UDP link local: (not bound) Sun Jan 26 23:39:55 2025 UDP link remote: [AF_INET]178.239.163.97:1194 Sun Jan 26 23:39:55 2025 TLS: Initial packet from [AF_INET]178.239.163.97:1194, sid=94dd4bfd 0651a520 Sun Jan 26 23:39:55 2025 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sun Jan 26 23:39:55 2025 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA Sun Jan 26 23:39:55 2025 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA Sun Jan 26 23:39:55 2025 VERIFY KU OK Sun Jan 26 23:39:55 2025 Validating certificate extended key usage Sun Jan 26 23:39:55 2025 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sun Jan 26 23:39:55 2025 VERIFY EKU OK Sun Jan 26 23:39:55 2025 VERIFY OK: depth=0, CN=uk-lon-v347.prod.surfshark.com Sun Jan 26 23:39:55 2025 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1581' Sun Jan 26 23:39:55 2025 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM' Sun Jan 26 23:39:55 2025 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]' Sun Jan 26 23:39:55 2025 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA Sun Jan 26 23:39:55 2025 [uk-lon-v347.prod.surfshark.com] Peer Connection Initiated with [AF_INET]178.239.163.97:1194 Sun Jan 26 23:39:56 2025 SENT CONTROL [uk-lon-v347.prod.surfshark.com]: 'PUSH_REQUEST' (status=1) Sun Jan 26 23:39:56 2025 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.4 255.255.255.0,peer-id 0,cipher AES-256-GCM' Sun Jan 26 23:39:56 2025 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.4.9) Sun Jan 26 23:39:56 2025 OPTIONS IMPORT: timers and/or timeouts modified Sun Jan 26 23:39:56 2025 OPTIONS IMPORT: explicit notify parm(s) modified Sun Jan 26 23:39:56 2025 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified Sun Jan 26 23:39:56 2025 Socket Buffers: R=[212992->425984] S=[212992->425984] Sun Jan 26 23:39:56 2025 OPTIONS IMPORT: --ifconfig/up options modified Sun Jan 26 23:39:56 2025 OPTIONS IMPORT: route options modified Sun Jan 26 23:39:56 2025 OPTIONS IMPORT: route-related options modified Sun Jan 26 23:39:56 2025 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sun Jan 26 23:39:56 2025 OPTIONS IMPORT: peer-id set Sun Jan 26 23:39:56 2025 OPTIONS IMPORT: adjusting link_mtu to 1624 Sun Jan 26 23:39:56 2025 OPTIONS IMPORT: data channel crypto options modified Sun Jan 26 23:39:56 2025 Data Channel: using negotiated cipher 'AES-256-GCM' Sun Jan 26 23:39:56 2025 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Sun Jan 26 23:39:56 2025 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Sun Jan 26 23:39:56 2025 TUN/TAP device tun0 opened Sun Jan 26 23:39:57 2025 TUN/TAP TX queue length set to 100 Sun Jan 26 23:39:57 2025 /sbin/ifconfig tun0 10.8.8.4 netmask 255.255.255.0 mtu 1500 broadcast 10.8.8.255 Sun Jan 26 23:39:57 2025 /bin/touch /tmp/lua_chg3wj tun0 1500 1552 10.8.8.4 255.255.255.0 init Sun Jan 26 23:39:57 2025 Initialization Sequence Completed

[Netduma Fraser]

The log seems to indicate it has connected fine, have you made any changes to the network settings on the devices themselves or made any other rules for the devices on the router?

[iidjscottybxz]

i have not set anything to rules on devices i havent touched anything like that all i have tried to do is put the vpn on and the only thing ive changed in the router setting for the lan is ipv6 on device thats it. i have changed the setting back to normal that hasnt even worked as well so i dont if something in the router is stopping it from working or bug somewhere in the beta i dont know unless its something to do with sufshark maybe the joys of tech 

[Netduma Fraser]

Try changing All activities to something specific like web, then check if you have internet on the device, then check if the IP has changed on an IP check site

[iidjscottybxz]

nope still the same something is blocking it from going through to the device tried it on the ps5. it cant find a ip address just keeps saying check run a test then it says there is no internet connection even though my pc is on the internet 

[Netduma Fraser]

I don't think there would be anything on the router blocking it specifically, it's created a tunnel between you and the VPN server. Could you enable it again and then get the logs from the troubleshooting page please?

[iidjscottybxz]

Mon Jan 27 17:55:38 2025 OpenVPN 2.4.9 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] Mon Jan 27 17:55:38 2025 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10 Mon Jan 27 17:55:38 2025 WARNING: --ping should normally be used with --ping-restart or --ping-exit Mon Jan 27 17:55:38 2025 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mon Jan 27 17:55:38 2025 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Mon Jan 27 17:55:38 2025 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Mon Jan 27 17:55:38 2025 TCP/UDP: Preserving recently used remote address: [AF_INET]86.106.157.244:1194 Mon Jan 27 17:55:38 2025 Socket Buffers: R=[212992->212992] S=[212992->212992] Mon Jan 27 17:55:38 2025 UDP link local: (not bound) Mon Jan 27 17:55:38 2025 UDP link remote: [AF_INET]86.106.157.244:1194 Mon Jan 27 17:55:38 2025 TLS: Initial packet from [AF_INET]86.106.157.244:1194, sid=e0ed3256 448cb35c Mon Jan 27 17:55:38 2025 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mon Jan 27 17:55:38 2025 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA Mon Jan 27 17:55:38 2025 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA Mon Jan 27 17:55:38 2025 VERIFY KU OK Mon Jan 27 17:55:38 2025 Validating certificate extended key usage Mon Jan 27 17:55:38 2025 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Mon Jan 27 17:55:38 2025 VERIFY EKU OK Mon Jan 27 17:55:38 2025 VERIFY OK: depth=0, CN=uk-lon-v365.prod.surfshark.com Mon Jan 27 17:55:38 2025 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1581' Mon Jan 27 17:55:38 2025 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM' Mon Jan 27 17:55:38 2025 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]' Mon Jan 27 17:55:38 2025 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA Mon Jan 27 17:55:38 2025 [uk-lon-v365.prod.surfshark.com] Peer Connection Initiated with [AF_INET]86.106.157.244:1194 Mon Jan 27 17:55:39 2025 SENT CONTROL [uk-lon-v365.prod.surfshark.com]: 'PUSH_REQUEST' (status=1) Mon Jan 27 17:55:39 2025 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.7 255.255.255.0,peer-id 7,cipher AES-256-GCM' Mon Jan 27 17:55:39 2025 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.4.9) Mon Jan 27 17:55:39 2025 OPTIONS IMPORT: timers and/or timeouts modified Mon Jan 27 17:55:39 2025 OPTIONS IMPORT: explicit notify parm(s) modified Mon Jan 27 17:55:39 2025 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified Mon Jan 27 17:55:39 2025 Socket Buffers: R=[212992->425984] S=[212992->425984] Mon Jan 27 17:55:39 2025 OPTIONS IMPORT: --ifconfig/up options modified Mon Jan 27 17:55:39 2025 OPTIONS IMPORT: route options modified Mon Jan 27 17:55:39 2025 OPTIONS IMPORT: route-related options modified Mon Jan 27 17:55:39 2025 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Mon Jan 27 17:55:39 2025 OPTIONS IMPORT: peer-id set Mon Jan 27 17:55:39 2025 OPTIONS IMPORT: adjusting link_mtu to 1624 Mon Jan 27 17:55:39 2025 OPTIONS IMPORT: data channel crypto options modified Mon Jan 27 17:55:39 2025 Data Channel: using negotiated cipher 'AES-256-GCM' Mon Jan 27 17:55:39 2025 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mon Jan 27 17:55:39 2025 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mon Jan 27 17:55:39 2025 TUN/TAP device tun0 opened Mon Jan 27 17:55:39 2025 TUN/TAP TX queue length set to 100 Mon Jan 27 17:55:39 2025 /sbin/ifconfig tun0 10.8.8.7 netmask 255.255.255.0 mtu 1500 broadcast 10.8.8.255 Mon Jan 27 17:55:39 2025 /bin/touch /tmp/lua_7kzYMh tun0 1500 1552 10.8.8.7 255.255.255.0 init Mon Jan 27 17:55:39 2025 Initialization Sequence Completed

 

thats all thats on that again i was thinking of going back of the beta and trying it with out the beta ?

[Netduma Fraser]

Logs from the troubleshooting page, not the VPN log

[iidjscottybxz]

You on about the system logs ? 

[iidjscottybxz]

guess what problem sovled  and it was the most random thing ever ! i turned the router on and back on again it dont make sence all that problems but im still on the beta to was going to downgrade again but it seems to be fine now thanks for all your help

[Netduma Fraser]

That's super weird but glad to hear that resolved it, thanks for the update! No worries!