OpenVPN works on LAN but not on wifi
Posted: Wed Mar 08, 2017 7:07 pm
Hello,
So I was configuring my OpenVPN server and my VPN connection works fine on my pc which is connected to LAN.
However when I use my wifi network my VPN does connect but the VPN doesn't want to communicate futher to the internet, I'm very sure I'm missing something.
what I basicly want todo is:
1) having 2 different ip ranges one for wifi and one for lan.
2) having my local dns server being able to communicate to other lan ip addresses inside the 10.8.0.0 vpn range.
So my modem hosts at LAN range:
I have connected my OpenWRT router to the WAN port and gave my DHCP server this as range for my routers network:
for my wifi network I decided to create a new interface and linked it via the wifi options (interface: wlan):
so both interfaces got internet now but as soon when my iphone connects to my VPN my iphone does not have internet while my pc does, I have tried to bridge my wlan interface with eth0 but that resulted in no internet on both interfaces.
here is my server.conf:
my routing table on my vpn server:
my traceroute from 10.8.0.1 and 10.8.0.2:
my openvpn pc client(LAN) was on ip 10.8.0.10 and when I tried to ping it, it resulted in a timeout.
when I pinged my iphone (wireless) 10.8.0.5 it also resulted in a timeout.
I also used iptables rules via the ufw firewall these rules where listed here:
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8
please take a extra note to this part:
my client config is (both clients have a different key):
on my vpn log on my iphone I can see it gives the routes to 10.8.0.5 but I don't see that it adds the gateway it is just blank, however no errors are shown.
so why would my wifi network not tunnel internet traffic through my vpn but my pc over LAN does?
thanks
So I was configuring my OpenVPN server and my VPN connection works fine on my pc which is connected to LAN.
However when I use my wifi network my VPN does connect but the VPN doesn't want to communicate futher to the internet, I'm very sure I'm missing something.
what I basicly want todo is:
1) having 2 different ip ranges one for wifi and one for lan.
2) having my local dns server being able to communicate to other lan ip addresses inside the 10.8.0.0 vpn range.
So my modem hosts at LAN range:
Code: Select all
gateway: 192.168.2.1
subnet: 255.255.255.0
dhcp: 192.168.2.0-192.168.2.150
Code: Select all
authoritative: no
ipv4: 10.254.53.1
dhcp: 10.254.53.1-10.254.53.150
gateway: empty, assuming it automaticly received the gateway from wan, this works.
dhcp options: 6,10.254.53.34 (gives local dns out)
Code: Select all
authoritative: no
ipv4: 10.60.48.0
subnet: 255.255.255.0
dhcp: 10.60.48.0-10.60.48.150
gateway: 10.254.53.1 (I also tried nothing, didn't make a difference)
here is my server.conf:
Code: Select all
;local a.b.c.d
port 444
proto tcp
;proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;route 10.8.0.0 255.255.255.0
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.69.38.205"
client-to-client
;duplicate-cn
tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
cipher AES-256-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
;comp-lzo //disabled this, seems to have issues with my fritzbox modem
;max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 1
;mute 20
sndbuf 0
rcvbuf 0
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default <redacted external server ip> 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
<redacted external server ip> * 255.255.255.255 UH 0 0 0 eth0
Code: Select all
traceroute to 10.8.0.1 (10.8.0.1), 30 hops max, 60 byte packets
1 10.8.0.1 (10.8.0.1) 0.051 ms 0.013 ms 0.011 ms
traceroute to 10.8.0.2 (10.8.0.2), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * *
I aborted it because it didn't found any ips.
when I pinged my iphone (wireless) 10.8.0.5 it also resulted in a timeout.
I also used iptables rules via the ufw firewall these rules where listed here:
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8
please take a extra note to this part:
Code: Select all
#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-before-input
# ufw-before-output
# ufw-before-forward
#
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES
Code: Select all
client
proto tcp
;proto udp
remote <redacted external ip> 444
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert thuis.crt
key thuis.key
ns-cert-type server
tls-auth ta.key 1
cipher AES-256-CBC
;comp-lzo
verb 3
sndbuf 0
rcvbuf 0
so why would my wifi network not tunnel internet traffic through my vpn but my pc over LAN does?
thanks