Can't access specific sites on the Web and printers are not visible

[akastrin]

I have installed the latest version (1.14.1) of the openfortivpn on my Arch Linux machine. I intend to use VPN connection primarily for browsing Web of Science and Scopus services through my faculty network. However, it seems that "something" is going wrong, while I can't browse the aforementioned sites and even my work printers are not visible through VPN. I kindly ask for any suggestion. Below I pasted some listings from my current settings.

sudo openfortivpn

INFO:   Connected to gateway.
INFO:   Authenticated.
INFO:   Remote gateway has allocated a VPN.
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
INFO:   Got addresses: [10.10.50.32], ns [212.235.239.49, 212.235.239.50]
INFO:   Negotiation complete.
INFO:   Negotiation complete.
Cannot determine ethernet address for proxy ARP
local  IP address 10.10.50.32
remote IP address 192.0.2.1
INFO:   Interface ppp0 is UP.
INFO:   Setting new routes...
INFO:   Adding VPN nameservers...
INFO:   Tunnel is up and running.

/etc/openfortivpn/config

host = vpn.bla.org
port = 443
username = bla
password = foo

ifconfig

docker0   Link encap:Ethernet  HWaddr 02:42:0c:f1:06:d9  
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

enp2s0    Link encap:Ethernet  HWaddr 98:e7:f4:6e:eb:84  
          inet addr:192.168.1.23  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::9ae7:f4ff:fe6e:eb84/64 Scope:Link
          inet6 addr: 2a00:ee2:1000:3400:e3cb:2e79:e4ef:6233/64 Scope:Global
          inet6 addr: fe80::797:1d44:9ffe:c54/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500
          RX packets:92429 errors:0 dropped:0 overruns:0 frame:0
          TX packets:77045 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:76657131 (73.1 MiB)  TX bytes:10732805 (10.2 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536
          RX packets:962 errors:0 dropped:0 overruns:0 frame:0
          TX packets:962 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:66914 (65.3 KiB)  TX bytes:66914 (65.3 KiB)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.10.50.32  P-t-P:192.0.2.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1354
          RX packets:109 errors:0 dropped:0 overruns:0 frame:0
          TX packets:117 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:1081 (1.0 KiB)  TX bytes:1608 (1.5 KiB)

virbr0    Link encap:Ethernet  HWaddr 52:54:00:84:2f:6f  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

route -n (after is have started openfortivpn with sudo openfortivpn)

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    202    0        0 enp2s0
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 ppp0
88.200.21.0     0.0.0.0         255.255.255.0   U     0      0        0 ppp0
88.200.22.0     0.0.0.0         255.255.255.0   U     0      0        0 ppp0
172.16.0.0      0.0.0.0         255.240.0.0     U     0      0        0 ppp0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.0.2.1       0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.0.0     0.0.0.0         255.255.0.0     U     0      0        0 ppp0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp2s0
192.168.1.0     0.0.0.0         255.255.255.0   U     202    0        0 enp2s0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
193.2.64.0      0.0.0.0         255.255.255.0   U     0      0        0 ppp0
193.2.69.0      0.0.0.0         255.255.255.0   U     0      0        0 ppp0
193.2.90.0      0.0.0.0         255.255.255.0   U     0      0        0 ppp0
193.2.94.0      0.0.0.0         255.255.255.0   U     0      0        0 ppp0
193.2.95.0      0.0.0.0         255.255.255.0   U     0      0        0 ppp0
193.2.97.0      0.0.0.0         255.255.255.0   U     0      0        0 ppp0
212.235.237.0   0.0.0.0         255.255.255.0   U     0      0        0 ppp0
212.235.238.0   0.0.0.0         255.255.255.0   U     0      0        0 ppp0
212.235.239.0   0.0.0.0         255.255.255.192 U     0      0        0 ppp0
212.235.239.126 192.168.1.1     255.255.255.255 UGH   0      0        0 enp2s0
212.235.239.128 0.0.0.0         255.255.255.128 U     0      0        0 ppp0

[mrbaseman]

I can't see anything obvious related to routing. Could it perhaps be that a local firewall is blocking the traffic on ppp0? Maybe hints in dmesg or syslog? I had to add the interface explicitly to my shorewall configuration... If that's not the solution, maybe there is a debug message when you start openfortivpn with -v

[DimitriPapadopoulos]

What do you mean by "not visible"? Could it be a DNS issue? Can you try to access these sites using their IP address instead of the hostname?

[DimitriPapadopoulos]

Also note that openfortivpn supports IPv4 only, you might be accessing these site using IPv6 outside the VPN tunneL.

[DimitriPapadopoulos]

@akastrin Were you able to sort this out? If not please send the (sanitized) output of openfortivpn -v.

I'm not certain Web of Science and Scopus use IPv6 so it's probably not an IPv6 issue. Perhaps a DNS issue? A firewall?

[akastrin]

It was a DNS issue. Thanks anyway. I close this issue.