Raspberry and 3G modem = no Internet with VPN

[Phx 0]

Hello friends,

I can't solve following problem:

I want to use Raspberry Pi as 3G VPN router for my PC. I connect:
 3G modem E3131 (ppp0)
WiFi card TP-LINK: WN  725N (wlan0)

 

PC -> Raspberry (WLAN0) -> VPN -> Modem 3G (ppp0)

I install Sakis3g (to make connect over 3G modem) and UMTSkeeper (to auto reconnect 3G modem ). Both work great, Internet work ok
After that I install openvpn, whan I start it, Internet on Pi not work. I am only able to connect from my PC over wlan0  and then VPN work (this is what I want to get). Unfortunately after few minutes (1-2 min) VPN drop and in result there is no internet on PC and not on PI.

iptables:

# Generated by iptables-save v1.4.21 on Tue May  3 18:02:06 2016
*nat
:PREROUTING ACCEPT [75:14892]
:INPUT ACCEPT [3:734]
:OUTPUT ACCEPT [5:487]
:POSTROUTING ACCEPT [3:335]
-A POSTROUTING -o tun0 -j MASQUERADE
COMMIT
# Completed on Tue May  3 18:02:06 2016
# Generated by iptables-save v1.4.21 on Tue May  3 18:02:06 2016
*filter
:INPUT ACCEPT [20:3124]
:FORWARD ACCEPT [12:936]
:OUTPUT ACCEPT [29:5147]
-A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o tun0 -j ACCEPT
COMMIT
# Completed on Tue May  3 18:02:06 2016

interfaces:

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback
iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet static
  address 192.168.43.1
  netmask 255.255.255.0

up iptables-restore < /etc/iptables.ipv4.nat

route without VPN:
 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.64.64.64     0.0.0.0         UG    0      0        0 ppp0
10.64.64.64     *               255.255.255.255 UH    0      0        0 ppp0
link-local      *               255.255.0.0     U     303    0        0 wlan0
192.168.43.0    *               255.255.255.0   U     0      0        0 wlan0

route with VPN

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.4.0.1        128.0.0.0       UG    0      0        0 tun0
default         10.64.64.64     0.0.0.0         UG    0      0        0 ppp0
10.4.0.0        *               255.255.0.0     U     0      0        0 tun0
10.64.64.64     *               255.255.255.255 UH    0      0        0 ppp0
128.0.0.0       10.4.0.1        128.0.0.0       UG    0      0        0 tun0
link-local      *               255.255.0.0     U     303    0        0 wlan0
192.168.43.0    *               255.255.255.0   U     0      0        0 wlan0
195.154.194.18  10.64.64.64     255.255.255.255 UGH   0      0        0 ppp0

ERROR from VPN:

Fri May  6 11:21:48 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #480 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Fri May  6 11:22:37 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #512 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Fri May  6 11:26:16 2016 [server] Inactivity timeout (--ping-restart), restarting
Fri May  6 11:26:16 2016 SIGUSR1[soft,ping-restart] received, process restarting
Fri May  6 11:26:16 2016 Restart pause, 2 second(s)
Fri May  6 11:26:18 2016 Socket Buffers: R=[163840->131072] S=[163840->131072]

After : Fri May  6 11:26:18 2016 Socket Buffers: R=[163840->131072] S=[163840->131072]   NOTHING HAPPEN MORE

 

openvpn --version:

 

OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_maintainer_mode=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_ifconfig_path=/sbin/ifconfig with_iproute_path=/sbin/ip with_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_route_path=/sbin/route with_sysroot=no

 

I have made some test in config and when cable is connect insted of 3G modem - eth1 work ok with VPN without any problem. So there is only problem with 3G modem (ppp0). How to force ppp0 to go over tun0 ?

 

[LZ1 663]

Hello !

 

Isn't a Pi too weak to run a VPN though?