Help - Over Wifi, looks functional. Over mobile data (5G/4G), only partially works

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
Exaskryz
OpenVpn Newbie
Posts: 5
Joined: Sun Nov 28, 2021 12:29 am

Help - Over Wifi, looks functional. Over mobile data (5G/4G), only partially works

Post by Exaskryz » Sun Nov 28, 2021 12:37 am

I am bludgeoning my way through this first VPN setup on a raspberry pi. I at least have it at a point where all my other devices seem to work without OpenVPN installed, good. My goal is to be remote and have my home address for content restrictions (streaming via xfinity steam) and otherwise be considered secure out in public.

If I connect via wifi at home or at a public restaurant network, I can surf the web. Reddit, Yahoo, whatever. I can stream youtube.

If I connect via wifi out in public, my xfinity stream app doesn't load. This may be a failsafe protection on their end, being my ISP afterall, for content licensing control. I'm not sure. No big deal if I can't make this work.

But what troubles me is this: If I disconnect from wifi entirely, and am connected via VPN, I can stream youtube in the youtube app. But I cannot browse the internet in Firefox or Firefox Focus whatsoever. Disconnecting from the VPN, yes, I have full internet access in all my apps.

This makes it seem like a client issue, but I see very few settings to adjust. If it's the host issue on the raspberry pi, I am at a loss after googling 5 hours and finding posts by people with similar issues but either no resolution, or a resolution that doesn't work for me (tried changing my cell service APN to run through IPv4 only as opposed to IPv6, but that makes no difference for me).

Even if there is no solution, I'd appreciate any explanation as to why the cell service (tmobile) isn't cooperating with my OpenVPN.

Edit: Client side on Android, OpenVPN does report status "Connected" in all situations. So it does not seem to be an issue in reaching the host raspberry pi.

Edit 2: Here is my log from attempting to first connect via 5G/LTE to Yahoo.com and failing, and then attempting to connect via Wifi to Yahoo.com and succeeding. I see literally no difference in the responses, other than the IP address. So I don't know what more to dig into.

Code: Select all

DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
OpenVPN 2.5.1 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
net_route_v4_best_gw query: dst 0.0.0.0
net_route_v4_best_gw result: via 192.168.0.1 dev wlan0
NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Diffie-Hellman initialized with 2048 bit key
CRL: loaded 1 CRLs from file crl.pem
Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
TUN/TAP device tun0 opened
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v4_add: 10.8.0.1/24 dev tun0
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v6_add: fddd:1194:1194:1194::1/64 dev tun0
Could not determine IPv4/IPv6 protocol. Using AF_INET
Socket Buffers: R=[180224->180224] S=[180224->180224]
UDPv4 link local (bound): [AF_INET]192.168.0.19:1194
UDPv4 link remote: [AF_UNSPEC]
GID set to nogroup
UID set to nobody
MULTI: multi_init called, r=256 v=256
IFCONFIG POOL IPv4: base=10.8.0.2 size=252
IFCONFIG POOL IPv6: base=fddd:1194:1194:1194::1000 size=65536 netbits=64
NOTE: IPv4 pool size is 252, IPv6 pool size is 65536. IPv4 pool size limits the number of clients that can be served from the pool
ifconfig_pool_read(), in='oneplus7,10.8.0.2,fddd:1194:1194:1194::1000'
succeeded -> ifconfig_pool_set(hand=0)
IFCONFIG POOL LIST
oneplus7,10.8.0.2,fddd:1194:1194:1194::1000
Initialization Sequence Completed
172.rst.uvw.xyz:42138 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
172.rst.uvw.xyz:42138 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
172.rst.uvw.xyz:42138 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
172.rst.uvw.xyz:42138 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
172.rst.uvw.xyz:42138 TLS: Initial packet from [AF_INET]172.rst.uvw.xyz:42138, sid=6462177a 1148084a
172.rst.uvw.xyz:42138 VERIFY OK: depth=1, CN=ChangeMe
172.rst.uvw.xyz:42138 VERIFY OK: depth=0, CN=oneplus7
172.rst.uvw.xyz:42138 peer info: IV_VER=3.git::662eae9a:Release
172.rst.uvw.xyz:42138 peer info: IV_PLAT=android
172.rst.uvw.xyz:42138 peer info: IV_NCP=2
172.rst.uvw.xyz:42138 peer info: IV_TCPNL=1
172.rst.uvw.xyz:42138 peer info: IV_PROTO=2
172.rst.uvw.xyz:42138 peer info: IV_IPv6=0
172.rst.uvw.xyz:42138 peer info: IV_AUTO_SESS=1
172.rst.uvw.xyz:42138 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.5-7182
172.rst.uvw.xyz:42138 peer info: IV_SSO=openurl
172.rst.uvw.xyz:42138 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
172.rst.uvw.xyz:42138 [oneplus7] Peer Connection Initiated with [AF_INET]172.rst.uvw.xyz:42138
oneplus7/172.rst.uvw.xyz:42138 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=fddd:1194:1194:1194::1000
oneplus7/172.rst.uvw.xyz:42138 MULTI: Learn: 10.8.0.2 -> oneplus7/172.rst.uvw.xyz:42138
oneplus7/172.rst.uvw.xyz:42138 MULTI: primary virtual IP for oneplus7/172.rst.uvw.xyz:42138: 10.8.0.2
oneplus7/172.rst.uvw.xyz:42138 MULTI: Learn: fddd:1194:1194:1194::1000 -> oneplus7/172.rst.uvw.xyz:42138
oneplus7/172.rst.uvw.xyz:42138 MULTI: primary virtual IPv6 for oneplus7/172.rst.uvw.xyz:42138: fddd:1194:1194:1194::1000
oneplus7/172.rst.uvw.xyz:42138 Data Channel: using negotiated cipher 'AES-256-GCM'
oneplus7/172.rst.uvw.xyz:42138 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
oneplus7/172.rst.uvw.xyz:42138 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
oneplus7/172.rst.uvw.xyz:42138 PUSH: Received control message: 'PUSH_REQUEST'
oneplus7/172.rst.uvw.xyz:42138 SENT CONTROL [oneplus7]: 'PUSH_REPLY,redirect-gateway def1 ipv6 bypass-dhcp,dhcp-option DNS 10.8.0.1,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fddd:1194:1194:1194::1000/64 fddd:1194:1194:1194::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)

###The above fails to connect. Just get an "error 500 timeout" on client side browser. The below succeeds to connect and loads the webpage as expcted. (Although with ads... it seems to push through pihole, but that's another issue for another time)

24.abc.def.ghi:37473 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
24.abc.def.ghi:37473 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
24.abc.def.ghi:37473 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
24.abc.def.ghi:37473 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
24.abc.def.ghi:37473 TLS: Initial packet from [AF_INET]24.abc.def.ghi:37473, sid=9634edd6 82214588
oneplus7/172.rst.uvw.xyz:42138 SIGTERM[soft,remote-exit] received, client-instance exiting
24.abc.def.ghi:37473 VERIFY OK: depth=1, CN=ChangeMe
24.abc.def.ghi:37473 VERIFY OK: depth=0, CN=oneplus7
24.abc.def.ghi:37473 peer info: IV_VER=3.git::662eae9a:Release
24.abc.def.ghi:37473 peer info: IV_PLAT=android
24.abc.def.ghi:37473 peer info: IV_NCP=2
24.abc.def.ghi:37473 peer info: IV_TCPNL=1
24.abc.def.ghi:37473 peer info: IV_PROTO=2
24.abc.def.ghi:37473 peer info: IV_IPv6=0
24.abc.def.ghi:37473 peer info: IV_AUTO_SESS=1
24.abc.def.ghi:37473 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.5-7182
24.abc.def.ghi:37473 peer info: IV_SSO=openurl
24.abc.def.ghi:37473 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
24.abc.def.ghi:37473 [oneplus7] Peer Connection Initiated with [AF_INET]24.abc.def.ghi:37473
oneplus7/24.abc.def.ghi:37473 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=fddd:1194:1194:1194::1000
oneplus7/24.abc.def.ghi:37473 MULTI: Learn: 10.8.0.2 -> oneplus7/24.abc.def.ghi:37473
oneplus7/24.abc.def.ghi:37473 MULTI: primary virtual IP for oneplus7/24.abc.def.ghi:37473: 10.8.0.2
oneplus7/24.abc.def.ghi:37473 MULTI: Learn: fddd:1194:1194:1194::1000 -> oneplus7/24.abc.def.ghi:37473
oneplus7/24.abc.def.ghi:37473 MULTI: primary virtual IPv6 for oneplus7/24.abc.def.ghi:37473: fddd:1194:1194:1194::1000
oneplus7/24.abc.def.ghi:37473 Data Channel: using negotiated cipher 'AES-256-GCM'
oneplus7/24.abc.def.ghi:37473 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
oneplus7/24.abc.def.ghi:37473 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
oneplus7/24.abc.def.ghi:37473 PUSH: Received control message: 'PUSH_REQUEST'
oneplus7/24.abc.def.ghi:37473 SENT CONTROL [oneplus7]: 'PUSH_REPLY,redirect-gateway def1 ipv6 bypass-dhcp,dhcp-option DNS 10.8.0.1,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fddd:1194:1194:1194::1000/64 fddd:1194:1194:1194::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
Edit 3: For some more completeness, here's the log with mirrored scenario but for streaming to youtube. However, this just looks like it's establishing connections and not every single packet logs at all, eh? So these two sets of logs should be nearly the same, if not the same, if they only log the client connecting to the host. I'll try to research where those traffic logs are kept.

Code: Select all

DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
OpenVPN 2.5.1 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
net_route_v4_best_gw query: dst 0.0.0.0
net_route_v4_best_gw result: via 192.168.0.1 dev wlan0
NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Diffie-Hellman initialized with 2048 bit key
CRL: loaded 1 CRLs from file crl.pem
Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
TUN/TAP device tun0 opened
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v4_add: 10.8.0.1/24 dev tun0
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v6_add: fddd:1194:1194:1194::1/64 dev tun0
Could not determine IPv4/IPv6 protocol. Using AF_INET
Socket Buffers: R=[180224->180224] S=[180224->180224]
UDPv4 link local (bound): [AF_INET]192.168.0.19:1194
UDPv4 link remote: [AF_UNSPEC]
GID set to nogroup
UID set to nobody
MULTI: multi_init called, r=256 v=256
IFCONFIG POOL IPv4: base=10.8.0.2 size=252
IFCONFIG POOL IPv6: base=fddd:1194:1194:1194::1000 size=65536 netbits=64
NOTE: IPv4 pool size is 252, IPv6 pool size is 65536. IPv4 pool size limits the number of clients that can be served from the pool
ifconfig_pool_read(), in='oneplus7,10.8.0.2,fddd:1194:1194:1194::1000'
succeeded -> ifconfig_pool_set(hand=0)
IFCONFIG POOL LIST
oneplus7,10.8.0.2,fddd:1194:1194:1194::1000
Initialization Sequence Completed
172.rst.uvw.xyz:26907 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
172.rst.uvw.xyz:26907 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
172.rst.uvw.xyz:26907 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
172.rst.uvw.xyz:26907 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
172.rst.uvw.xyz:26907 TLS: Initial packet from [AF_INET]172.rst.uvw.xyz:26907, sid=6fd37937 0c0cafa8
172.rst.uvw.xyz:26907 VERIFY OK: depth=1, CN=ChangeMe
172.rst.uvw.xyz:26907 VERIFY OK: depth=0, CN=oneplus7
172.rst.uvw.xyz:26907 peer info: IV_VER=3.git::662eae9a:Release
172.rst.uvw.xyz:26907 peer info: IV_PLAT=android
172.rst.uvw.xyz:26907 peer info: IV_NCP=2
172.rst.uvw.xyz:26907 peer info: IV_TCPNL=1
172.rst.uvw.xyz:26907 peer info: IV_PROTO=2
172.rst.uvw.xyz:26907 peer info: IV_IPv6=0
172.rst.uvw.xyz:26907 peer info: IV_AUTO_SESS=1
172.rst.uvw.xyz:26907 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.5-7182
172.rst.uvw.xyz:26907 peer info: IV_SSO=openurl
172.rst.uvw.xyz:26907 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
172.rst.uvw.xyz:26907 [oneplus7] Peer Connection Initiated with [AF_INET]172.rst.uvw.xyz:26907
oneplus7/172.rst.uvw.xyz:26907 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=fddd:1194:1194:1194::1000
oneplus7/172.rst.uvw.xyz:26907 MULTI: Learn: 10.8.0.2 -> oneplus7/172.rst.uvw.xyz:26907
oneplus7/172.rst.uvw.xyz:26907 MULTI: primary virtual IP for oneplus7/172.rst.uvw.xyz:26907: 10.8.0.2
oneplus7/172.rst.uvw.xyz:26907 MULTI: Learn: fddd:1194:1194:1194::1000 -> oneplus7/172.rst.uvw.xyz:26907
oneplus7/172.rst.uvw.xyz:26907 MULTI: primary virtual IPv6 for oneplus7/172.rst.uvw.xyz:26907: fddd:1194:1194:1194::1000
oneplus7/172.rst.uvw.xyz:26907 Data Channel: using negotiated cipher 'AES-256-GCM'
oneplus7/172.rst.uvw.xyz:26907 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
oneplus7/172.rst.uvw.xyz:26907 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
oneplus7/172.rst.uvw.xyz:26907 PUSH: Received control message: 'PUSH_REQUEST'
oneplus7/172.rst.uvw.xyz:26907 SENT CONTROL [oneplus7]: 'PUSH_REPLY,redirect-gateway def1 ipv6 bypass-dhcp,dhcp-option DNS 10.8.0.1,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fddd:1194:1194:1194::1000/64 fddd:1194:1194:1194::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
24.abc.def.ghi:49253 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
24.abc.def.ghi:49253 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
24.abc.def.ghi:49253 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
24.abc.def.ghi:49253 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
24.abc.def.ghi:49253 TLS: Initial packet from [AF_INET]24.abc.def.ghi:49253, sid=630c6b94 d01e0160
oneplus7/172.rst.uvw.xyz:26907 SIGTERM[soft,remote-exit] received, client-instance exiting
24.abc.def.ghi:49253 VERIFY OK: depth=1, CN=ChangeMe
24.abc.def.ghi:49253 VERIFY OK: depth=0, CN=oneplus7
24.abc.def.ghi:49253 peer info: IV_VER=3.git::662eae9a:Release
24.abc.def.ghi:49253 peer info: IV_PLAT=android
24.abc.def.ghi:49253 peer info: IV_NCP=2
24.abc.def.ghi:49253 peer info: IV_TCPNL=1
24.abc.def.ghi:49253 peer info: IV_PROTO=2
24.abc.def.ghi:49253 peer info: IV_IPv6=0
24.abc.def.ghi:49253 peer info: IV_AUTO_SESS=1
24.abc.def.ghi:49253 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.5-7182
24.abc.def.ghi:49253 peer info: IV_SSO=openurl
24.abc.def.ghi:49253 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
24.abc.def.ghi:49253 [oneplus7] Peer Connection Initiated with [AF_INET]24.abc.def.ghi:49253
oneplus7/24.abc.def.ghi:49253 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=fddd:1194:1194:1194::1000
oneplus7/24.abc.def.ghi:49253 MULTI: Learn: 10.8.0.2 -> oneplus7/24.abc.def.ghi:49253
oneplus7/24.abc.def.ghi:49253 MULTI: primary virtual IP for oneplus7/24.abc.def.ghi:49253: 10.8.0.2
oneplus7/24.abc.def.ghi:49253 MULTI: Learn: fddd:1194:1194:1194::1000 -> oneplus7/24.abc.def.ghi:49253
oneplus7/24.abc.def.ghi:49253 MULTI: primary virtual IPv6 for oneplus7/24.abc.def.ghi:49253: fddd:1194:1194:1194::1000
oneplus7/24.abc.def.ghi:49253 Data Channel: using negotiated cipher 'AES-256-GCM'
oneplus7/24.abc.def.ghi:49253 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
oneplus7/24.abc.def.ghi:49253 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
oneplus7/24.abc.def.ghi:49253 PUSH: Received control message: 'PUSH_REQUEST'
oneplus7/24.abc.def.ghi:49253 SENT CONTROL [oneplus7]: 'PUSH_REPLY,redirect-gateway def1 ipv6 bypass-dhcp,dhcp-option DNS 10.8.0.1,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fddd:1194:1194:1194::1000/64 fddd:1194:1194:1194::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
Edit 4: Syslog seems to have gaps in it. Not sure why. But I did find this that corresponded to the errors when connecting via 5G/LTE on OpenVPN to Yahoo.

Code: Select all

Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 TLS: Initial packet from [AF_INET]172.rst.uvw.xyz:63690, sid=5718450c 0a9aa958
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 VERIFY OK: depth=1, CN=ChangeMe
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 VERIFY OK: depth=0, CN=oneplus7
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 peer info: IV_VER=3.git::662eae9a:Release
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 peer info: IV_PLAT=android
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 peer info: IV_NCP=2
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 peer info: IV_TCPNL=1
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 peer info: IV_PROTO=2
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 peer info: IV_IPv6=0
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 peer info: IV_AUTO_SESS=1
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.5-7182
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 peer info: IV_SSO=openurl
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Nov 27 19:53:19 raspberrypi openvpn[23556]: 172.rst.uvw.xyz:63690 [oneplus7] Peer Connection Initiated with [AF_INET]172.rst.uvw.xyz:63690
Nov 27 19:53:19 raspberrypi openvpn[23556]: MULTI: new connection by client 'oneplus7' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Nov 27 19:53:19 raspberrypi openvpn[23556]: MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=fddd:1194:1194:1194::1000
Nov 27 19:53:19 raspberrypi openvpn[23556]: MULTI: Learn: 10.8.0.2 -> oneplus7/172.rst.uvw.xyz:63690
Nov 27 19:53:19 raspberrypi openvpn[23556]: MULTI: primary virtual IP for oneplus7/172.rst.uvw.xyz:63690: 10.8.0.2
Nov 27 19:53:19 raspberrypi openvpn[23556]: MULTI: Learn: fddd:1194:1194:1194::1000 -> oneplus7/172.rst.uvw.xyz:63690
Nov 27 19:53:19 raspberrypi openvpn[23556]: MULTI: primary virtual IPv6 for oneplus7/172.rst.uvw.xyz:63690: fddd:1194:1194:1194::1000
Nov 27 19:53:19 raspberrypi openvpn[23556]: Data Channel: using negotiated cipher 'AES-256-GCM'
Nov 27 19:53:19 raspberrypi openvpn[23556]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 27 19:53:19 raspberrypi openvpn[23556]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 27 19:53:19 raspberrypi openvpn[23556]: oneplus7/172.rst.uvw.xyz:63690 PUSH: Received control message: 'PUSH_REQUEST'
Nov 27 19:53:19 raspberrypi openvpn[23556]: oneplus7/172.rst.uvw.xyz:63690 SENT CONTROL [oneplus7]: 'PUSH_REPLY,redirect-gateway def1 ipv6 bypass-dhcp,dhcp-option DNS 10.8.0.1,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fddd:1194:1194:1194::1000/64 fddd:1194:1194:1194::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Nov 27 19:54:30 raspberrypi openvpn[23556]: event_wait : Interrupted system call (code=4)
Nov 27 19:54:30 raspberrypi openvpn[23556]: SENT CONTROL [oneplus7]: 'RESTART' (status=1)
Nov 27 19:54:30 raspberrypi systemd[1]: Stopping OpenVPN service for server...
Nov 27 19:54:32 raspberrypi openvpn[23556]: Closing TUN/TAP interface
Nov 27 19:54:32 raspberrypi openvpn[23556]: net_addr_v4_del: 10.8.0.1 dev tun0
Nov 27 19:54:32 raspberrypi openvpn[23556]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Nov 27 19:54:32 raspberrypi openvpn[23556]: Linux can't del IP from iface tun0
Nov 27 19:54:32 raspberrypi openvpn[23556]: net_addr_v6_del: fddd:1194:1194:1194::1/64 dev tun0
Nov 27 19:54:32 raspberrypi openvpn[23556]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Nov 27 19:54:32 raspberrypi openvpn[23556]: Linux can't del IPv6 from iface tun0
Nov 27 19:54:32 raspberrypi dhcpcd[537]: tun0: carrier lost
Nov 27 19:54:32 raspberrypi openvpn[23556]: SIGTERM[hard,] received, process exiting
Nov 27 19:54:32 raspberrypi systemd[1]: openvpn-server@server.service: Succeeded.
Nov 27 19:54:32 raspberrypi systemd[1]: Stopped OpenVPN service for server.
Nov 27 19:54:32 raspberrypi systemd[1]: openvpn-server@server.service: Consumed 53.581s CPU time.
Nov 27 19:54:32 raspberrypi systemd[1]: Starting OpenVPN service for server...
Nov 27 19:54:32 raspberrypi systemd[1]: Started OpenVPN service for server.
Nov 27 19:54:32 raspberrypi dhcpcd[537]: tun0: removing interface
Nov 27 19:54:32 raspberrypi dhcpcd[537]: tun0: IAID 74:75:6e:30
Nov 27 19:54:32 raspberrypi dhcpcd[537]: tun0: using static address 10.8.0.1/24
Nov 27 19:54:32 raspberrypi dhcpcd[537]: tun0: adding route to 10.8.0.0/24
Nov 27 19:54:32 raspberrypi dhcpcd[537]: tun0: adding default route via 192.168.0.1
Nov 27 19:54:32 raspberrypi dhcpcd[537]: if_route (ADD): Network is unreachable
Nov 27 19:54:32 raspberrypi dhcpcd[537]: tun0: soliciting an IPv6 router
Nov 27 19:54:32 raspberrypi dhcpcd[537]: tun0: pid 537 deleted route to 10.8.0.0/24
Nov 27 19:56:25 raspberrypi dbus-daemon[850]: [session uid=1000 pid=850] Activating service name='org.xfce.Xfconf' requested by ':1.33' (uid=1000 pid=7935 comm="mousepad ")
Nov 27 19:56:25 raspberrypi dbus-daemon[850]: [session uid=1000 pid=850] Successfully activated service 'org.xfce.Xfconf'
Nov 27 19:56:28 raspberrypi dbus-daemon[850]: [session uid=1000 pid=850] Activating service name='ca.desrt.dconf' requested by ':1.33' (uid=1000 pid=7935 comm="mousepad ")
Nov 27 19:56:28 raspberrypi dbus-daemon[850]: [session uid=1000 pid=850] Successfully activated service 'ca.desrt.dconf'
Nov 27 19:56:32 raspberrypi dbus-daemon[399]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.246' (uid=1000 pid=7935 comm="mousepad ")
Nov 27 19:56:32 raspberrypi systemd[1]: Starting Hostname Service...
Nov 27 19:56:32 raspberrypi dbus-daemon[399]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 27 19:56:32 raspberrypi systemd[1]: Started Hostname Service.
Nov 27 19:57:03 raspberrypi systemd[1]: systemd-hostnamed.service: Succeeded.
Nov 27 19:57:48 raspberrypi dbus-daemon[399]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.249' (uid=1000 pid=7935 comm="mousepad ")
Nov 27 19:57:48 raspberrypi systemd[1]: Starting Hostname Service...
Nov 27 19:57:48 raspberrypi dbus-daemon[399]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 27 19:57:48 raspberrypi systemd[1]: Started Hostname Service.
Nov 27 19:58:18 raspberrypi systemd[1]: systemd-hostnamed.service: Succeeded.
Maybe that will help someone clue me in. Looks like it just can't find an IPv6 address?? How do I change it so that's not required?

User avatar
TinCanTech
Forum Team
Posts: 10242
Joined: Fri Jun 03, 2016 1:17 pm

Re: Help - Over Wifi, looks functional. Over mobile data (5G/4G), only partially works

Post by TinCanTech » Sun Nov 28, 2021 4:41 am

Exaskryz wrote:
Sun Nov 28, 2021 12:37 am
I am bludgeoning my way through this first VPN setup on a raspberry pi
Did you use https://pivpn.io ?

Exaskryz
OpenVpn Newbie
Posts: 5
Joined: Sun Nov 28, 2021 12:29 am

Re: Help - Over Wifi, looks functional. Over mobile data (5G/4G), only partially works

Post by Exaskryz » Sun Nov 28, 2021 10:26 am

No, I used https://pi-hole.net's walkthrough, particularly item 4 for Pi-Hole + OpenVPN

User avatar
TinCanTech
Forum Team
Posts: 10242
Joined: Fri Jun 03, 2016 1:17 pm

Re: Help - Over Wifi, looks functional. Over mobile data (5G/4G), only partially works

Post by TinCanTech » Sun Nov 28, 2021 3:18 pm

pivpn is literally written for people like you..

However, you are setting your client DNS to your Server VPN IP and I suspect your DNS server is not configured correctly.

You can try the instructions here for further help:
viewtopic.php?f=30&t=22603#p68963

Exaskryz
OpenVpn Newbie
Posts: 5
Joined: Sun Nov 28, 2021 12:29 am

Re: Help - Over Wifi, looks functional. Over mobile data (5G/4G), only partially works

Post by Exaskryz » Sun Nov 28, 2021 3:28 pm

I want to be clear, because nothing ever said I needed two of them -- can I achieve Pi-Hole and a VPN (either I scrap the work I did so far with OpenVPN and try pivpn or keep tweaking stuff) on the same physical single raspberry pi?

I'll explore the latest thread topic you shared, and if not, I'll uninstall all of my openvpn stuff and try the pivpn from the start.

I can say that about 30% of queries are blocked this morning without using the VPN, so the pihole sinkhole/dns aspect *seems* to be working. If not blocked, it forwards requests to OpenDNS's DNS servers; checking pihole logs I get "OK, answered by
dns.opendns.com#53"

---

Edit with all the files requested from the thread. If you see a glaring error, would appreciate it, because everything is as walkthrough said to do. (IDK if anyone here is in touch with pihole team... they may want to change their wiki if you find a mistake). I had just changed the verb 4 at the very end because pihole team says use verb 3 but your "help request" thread says use 4. After saving this change and restarting the server, I got the other information requests. I guess the verb 3 on line 23 gets ignored with the verb 4 at line 27.

server

local 192.168.0.19
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
server-ipv6 fddd:1194:1194:1194::/64
push "redirect-gateway def1 ipv6 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 10.8.0.1"
#push "dhcp-option DNS 208.67.222.222"
#push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
explicit-exit-notify
log /var/log/openvpn.log
verb 4


After restarting at 10:38 I connected my Android via VPN via cell data. I navigated to Yahoo where it timed out. At 10:39 I connected to the youtube app where it was functional.

Immediately after, before 10:39:30 I had turned off my cell data and turned on Wifi. The VPN reconnected. I navigated to Yahoo where it loaded and also the youtube app loaded.

Server log

Code: Select all

DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Current Parameter Settings:
  config = 'server.conf'
  mode = 1
  persist_config = DISABLED
  persist_mode = 1
  show_ciphers = DISABLED
  show_digests = DISABLED
  show_engines = DISABLED
  genkey = DISABLED
  genkey_filename = '[UNDEF]'
  key_pass_file = '[UNDEF]'
  show_tls_ciphers = DISABLED
  connect_retry_max = 0
Connection profiles [0]:
  proto = udp
  local = '192.168.0.19'
  local_port = '1194'
  remote = '[UNDEF]'
  remote_port = '1194'
  remote_float = DISABLED
  bind_defined = DISABLED
  bind_local = ENABLED
  bind_ipv6_only = DISABLED
  connect_retry_seconds = 5
  connect_timeout = 120
  socks_proxy_server = '[UNDEF]'
  socks_proxy_port = '[UNDEF]'
  tun_mtu = 1500
  tun_mtu_defined = ENABLED
  link_mtu = 1500
  link_mtu_defined = DISABLED
  tun_mtu_extra = 0
  tun_mtu_extra_defined = DISABLED
  mtu_discover_type = -1
  fragment = 0
  mssfix = 1450
  explicit_exit_notification = 1
  tls_auth_file = '[UNDEF]'
  key_direction = not set
  tls_crypt_file = '[INLINE]'
  tls_crypt_v2_file = '[UNDEF]'
Connection profiles END
  remote_random = DISABLED
  ipchange = '[UNDEF]'
  dev = 'tun'
  dev_type = '[UNDEF]'
  dev_node = '[UNDEF]'
  lladdr = '[UNDEF]'
  topology = 3
  ifconfig_local = '10.8.0.1'
  ifconfig_remote_netmask = '255.255.255.0'
  ifconfig_noexec = DISABLED
  ifconfig_nowarn = DISABLED
  ifconfig_ipv6_local = 'fddd:1194:1194:1194::1'
  ifconfig_ipv6_netbits = 64
  ifconfig_ipv6_remote = 'fddd:1194:1194:1194::2'
  shaper = 0
  mtu_test = 0
  mlock = DISABLED
  keepalive_ping = 10
  keepalive_timeout = 120
  inactivity_timeout = 0
  ping_send_timeout = 10
  ping_rec_timeout = 240
  ping_rec_timeout_action = 2
  ping_timer_remote = DISABLED
  remap_sigusr1 = 0
  persist_tun = ENABLED
  persist_local_ip = DISABLED
  persist_remote_ip = DISABLED
  persist_key = ENABLED
  passtos = DISABLED
  resolve_retry_seconds = 1000000000
  resolve_in_advance = DISABLED
  username = 'nobody'
  groupname = 'nogroup'
  chroot_dir = '[UNDEF]'
  cd_dir = '[UNDEF]'
  writepid = '[UNDEF]'
  up_script = '[UNDEF]'
  down_script = '[UNDEF]'
  down_pre = DISABLED
  up_restart = DISABLED
  up_delay = DISABLED
  daemon = DISABLED
  inetd = 0
  log = ENABLED
  suppress_timestamps = ENABLED
  machine_readable_output = DISABLED
  nice = 0
  verbosity = 4
  mute = 0
  gremlin = 0
  status_file = '/run/openvpn-server/status-server.log'
  status_file_version = 2
  status_file_update_freq = 60
  occ = ENABLED
  rcvbuf = 0
  sndbuf = 0
  mark = 0
  sockflags = 0
  fast_io = DISABLED
  comp.alg = 0
  comp.flags = 0
  route_script = '[UNDEF]'
  route_default_gateway = '10.8.0.2'
  route_default_metric = 0
  route_noexec = DISABLED
  route_delay = 0
  route_delay_window = 30
  route_delay_defined = DISABLED
  route_nopull = DISABLED
  route_gateway_via_dhcp = DISABLED
  allow_pull_fqdn = DISABLED
  management_addr = '[UNDEF]'
  management_port = '[UNDEF]'
  management_user_pass = '[UNDEF]'
  management_log_history_cache = 250
  management_echo_buffer_size = 100
  management_write_peer_info_file = '[UNDEF]'
  management_client_user = '[UNDEF]'
  management_client_group = '[UNDEF]'
  management_flags = 0
  shared_secret_file = '[UNDEF]'
  key_direction = not set
  ciphername = 'AES-256-CBC'
  ncp_enabled = ENABLED
  ncp_ciphers = 'AES-256-GCM:AES-128-GCM:AES-256-CBC'
  authname = 'SHA512'
  prng_hash = 'SHA1'
  prng_nonce_secret_len = 16
  keysize = 0
  engine = DISABLED
  replay = ENABLED
  mute_replay_warnings = DISABLED
  replay_window = 64
  replay_time = 15
  packet_id_file = '[UNDEF]'
  test_crypto = DISABLED
  tls_server = ENABLED
  tls_client = DISABLED
  ca_file = 'ca.crt'
  ca_path = '[UNDEF]'
  dh_file = 'dh.pem'
  cert_file = 'server.crt'
  extra_certs_file = '[UNDEF]'
  priv_key_file = 'server.key'
  pkcs12_file = '[UNDEF]'
  cipher_list = '[UNDEF]'
  cipher_list_tls13 = '[UNDEF]'
  tls_cert_profile = '[UNDEF]'
  tls_verify = '[UNDEF]'
  tls_export_cert = '[UNDEF]'
  verify_x509_type = 0
  verify_x509_name = '[UNDEF]'
  crl_file = 'crl.pem'
  ns_cert_type = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_eku = '[UNDEF]'
  ssl_flags = 0
  tls_timeout = 2
  renegotiate_bytes = -1
  renegotiate_packets = 0
  renegotiate_seconds = 3600
  handshake_window = 60
  transition_window = 3600
  single_session = DISABLED
  push_peer_info = DISABLED
  tls_exit = DISABLED
  tls_crypt_v2_metadata = '[UNDEF]'
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_pin_cache_period = -1
  pkcs11_id = '[UNDEF]'
  pkcs11_id_management = DISABLED
  server_network = 10.8.0.0
  server_netmask = 255.255.255.0
  server_network_ipv6 = fddd:1194:1194:1194::
  server_netbits_ipv6 = 64
  server_bridge_ip = 0.0.0.0
  server_bridge_netmask = 0.0.0.0
  server_bridge_pool_start = 0.0.0.0
  server_bridge_pool_end = 0.0.0.0
  push_entry = 'redirect-gateway def1 ipv6 bypass-dhcp'
  push_entry = 'dhcp-option DNS 10.8.0.1'
  push_entry = 'tun-ipv6'
  push_entry = 'route-gateway 10.8.0.1'
  push_entry = 'topology subnet'
  push_entry = 'ping 10'
  push_entry = 'ping-restart 120'
  ifconfig_pool_defined = ENABLED
  ifconfig_pool_start = 10.8.0.2
  ifconfig_pool_end = 10.8.0.253
  ifconfig_pool_netmask = 255.255.255.0
  ifconfig_pool_persist_filename = 'ipp.txt'
  ifconfig_pool_persist_refresh_freq = 600
  ifconfig_ipv6_pool_defined = ENABLED
  ifconfig_ipv6_pool_base = fddd:1194:1194:1194::1000
  ifconfig_ipv6_pool_netbits = 64
  n_bcast_buf = 256
  tcp_queue_limit = 64
  real_hash_size = 256
  virtual_hash_size = 256
  client_connect_script = '[UNDEF]'
  learn_address_script = '[UNDEF]'
  client_disconnect_script = '[UNDEF]'
  client_config_dir = '[UNDEF]'
  ccd_exclusive = DISABLED
  tmp_dir = '/tmp'
  push_ifconfig_defined = DISABLED
  push_ifconfig_local = 0.0.0.0
  push_ifconfig_remote_netmask = 0.0.0.0
  push_ifconfig_ipv6_defined = DISABLED
  push_ifconfig_ipv6_local = ::/0
  push_ifconfig_ipv6_remote = ::
  enable_c2c = DISABLED
  duplicate_cn = DISABLED
  cf_max = 0
  cf_per = 0
  max_clients = 1024
  max_routes_per_client = 256
  auth_user_pass_verify_script = '[UNDEF]'
  auth_user_pass_verify_script_via_file = DISABLED
  auth_token_generate = DISABLED
  auth_token_lifetime = 0
  auth_token_secret_file = '[UNDEF]'
  port_share_host = '[UNDEF]'
  port_share_port = '[UNDEF]'
  vlan_tagging = DISABLED
  vlan_accept = all
  vlan_pvid = 1
  client = DISABLED
  pull = DISABLED
  auth_user_pass_file = '[UNDEF]'
OpenVPN 2.5.1 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
net_route_v4_best_gw query: dst 0.0.0.0
net_route_v4_best_gw result: via 192.168.0.1 dev wlan0
NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Diffie-Hellman initialized with 2048 bit key
CRL: loaded 1 CRLs from file crl.pem
Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
TLS-Auth MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
TUN/TAP device tun0 opened
do_ifconfig, ipv4=1, ipv6=1
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v4_add: 10.8.0.1/24 dev tun0
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v6_add: fddd:1194:1194:1194::1/64 dev tun0
Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Could not determine IPv4/IPv6 protocol. Using AF_INET
Socket Buffers: R=[180224->180224] S=[180224->180224]
UDPv4 link local (bound): [AF_INET]192.168.0.19:1194
UDPv4 link remote: [AF_UNSPEC]
GID set to nogroup
UID set to nobody
MULTI: multi_init called, r=256 v=256
IFCONFIG POOL IPv4: base=10.8.0.2 size=252
IFCONFIG POOL IPv6: base=fddd:1194:1194:1194::1000 size=65536 netbits=64
NOTE: IPv4 pool size is 252, IPv6 pool size is 65536. IPv4 pool size limits the number of clients that can be served from the pool
ifconfig_pool_read(), in='oneplus7,10.8.0.2,fddd:1194:1194:1194::1000'
succeeded -> ifconfig_pool_set(hand=0)
IFCONFIG POOL LIST
oneplus7,10.8.0.2,fddd:1194:1194:1194::1000
Initialization Sequence Completed
MULTI: multi_create_instance called
172.abc.def.ghi:56557 Re-using SSL/TLS context
172.abc.def.ghi:56557 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
172.abc.def.ghi:56557 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
172.abc.def.ghi:56557 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
172.abc.def.ghi:56557 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
172.abc.def.ghi:56557 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
172.abc.def.ghi:56557 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
172.abc.def.ghi:56557 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
172.abc.def.ghi:56557 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
172.abc.def.ghi:56557 TLS: Initial packet from [AF_INET]172.abc.def.ghi:56557, sid=71a0b65e 6cc2c4fe
172.abc.def.ghi:56557 VERIFY OK: depth=1, CN=ChangeMe
172.abc.def.ghi:56557 VERIFY OK: depth=0, CN=oneplus7
172.abc.def.ghi:56557 peer info: IV_VER=3.git::662eae9a:Release
172.abc.def.ghi:56557 peer info: IV_PLAT=android
172.abc.def.ghi:56557 peer info: IV_NCP=2
172.abc.def.ghi:56557 peer info: IV_TCPNL=1
172.abc.def.ghi:56557 peer info: IV_PROTO=2
172.abc.def.ghi:56557 peer info: IV_IPv6=0
172.abc.def.ghi:56557 peer info: IV_AUTO_SESS=1
172.abc.def.ghi:56557 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.5-7182
172.abc.def.ghi:56557 peer info: IV_SSO=openurl
172.abc.def.ghi:56557 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
172.abc.def.ghi:56557 [oneplus7] Peer Connection Initiated with [AF_INET]172.abc.def.ghi:56557
oneplus7/172.abc.def.ghi:56557 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=fddd:1194:1194:1194::1000
oneplus7/172.abc.def.ghi:56557 MULTI: Learn: 10.8.0.2 -> oneplus7/172.abc.def.ghi:56557
oneplus7/172.abc.def.ghi:56557 MULTI: primary virtual IP for oneplus7/172.abc.def.ghi:56557: 10.8.0.2
oneplus7/172.abc.def.ghi:56557 MULTI: Learn: fddd:1194:1194:1194::1000 -> oneplus7/172.abc.def.ghi:56557
oneplus7/172.abc.def.ghi:56557 MULTI: primary virtual IPv6 for oneplus7/172.abc.def.ghi:56557: fddd:1194:1194:1194::1000
oneplus7/172.abc.def.ghi:56557 Data Channel: using negotiated cipher 'AES-256-GCM'
oneplus7/172.abc.def.ghi:56557 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
oneplus7/172.abc.def.ghi:56557 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
oneplus7/172.abc.def.ghi:56557 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
oneplus7/172.abc.def.ghi:56557 PUSH: Received control message: 'PUSH_REQUEST'
oneplus7/172.abc.def.ghi:56557 SENT CONTROL [oneplus7]: 'PUSH_REPLY,redirect-gateway def1 ipv6 bypass-dhcp,dhcp-option DNS 10.8.0.1,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fddd:1194:1194:1194::1000/64 fddd:1194:1194:1194::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
oneplus7/172.abc.def.ghi:56557 MULTI: bad source address from client [::], packet dropped
oneplus7/172.abc.def.ghi:56557 MULTI: bad source address from client [::], packet dropped
oneplus7/172.abc.def.ghi:56557 MULTI: bad source address from client [::], packet dropped
MULTI: multi_create_instance called
24.rst.uvw.xyz:40626 Re-using SSL/TLS context
24.rst.uvw.xyz:40626 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
24.rst.uvw.xyz:40626 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
24.rst.uvw.xyz:40626 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
24.rst.uvw.xyz:40626 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
24.rst.uvw.xyz:40626 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
24.rst.uvw.xyz:40626 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
24.rst.uvw.xyz:40626 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
24.rst.uvw.xyz:40626 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
24.rst.uvw.xyz:40626 TLS: Initial packet from [AF_INET]24.rst.uvw.xyz:40626, sid=2182942b 2930e8bf
24.rst.uvw.xyz:40626 VERIFY OK: depth=1, CN=ChangeMe
24.rst.uvw.xyz:40626 VERIFY OK: depth=0, CN=oneplus7
24.rst.uvw.xyz:40626 peer info: IV_VER=3.git::662eae9a:Release
24.rst.uvw.xyz:40626 peer info: IV_PLAT=android
24.rst.uvw.xyz:40626 peer info: IV_NCP=2
24.rst.uvw.xyz:40626 peer info: IV_TCPNL=1
24.rst.uvw.xyz:40626 peer info: IV_PROTO=2
24.rst.uvw.xyz:40626 peer info: IV_IPv6=0
24.rst.uvw.xyz:40626 peer info: IV_AUTO_SESS=1
24.rst.uvw.xyz:40626 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.5-7182
24.rst.uvw.xyz:40626 peer info: IV_SSO=openurl
24.rst.uvw.xyz:40626 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
24.rst.uvw.xyz:40626 [oneplus7] Peer Connection Initiated with [AF_INET]24.rst.uvw.xyz:40626
MULTI: new connection by client 'oneplus7' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=fddd:1194:1194:1194::1000
MULTI: Learn: 10.8.0.2 -> oneplus7/24.rst.uvw.xyz:40626
MULTI: primary virtual IP for oneplus7/24.rst.uvw.xyz:40626: 10.8.0.2
MULTI: Learn: fddd:1194:1194:1194::1000 -> oneplus7/24.rst.uvw.xyz:40626
MULTI: primary virtual IPv6 for oneplus7/24.rst.uvw.xyz:40626: fddd:1194:1194:1194::1000
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
oneplus7/24.rst.uvw.xyz:40626 PUSH: Received control message: 'PUSH_REQUEST'
oneplus7/24.rst.uvw.xyz:40626 SENT CONTROL [oneplus7]: 'PUSH_REPLY,redirect-gateway def1 ipv6 bypass-dhcp,dhcp-option DNS 10.8.0.1,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fddd:1194:1194:1194::1000/64 fddd:1194:1194:1194::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
Client configuration...

OpenVPN on Android lacks this.. I guess I tell you the different settings?

client

Battery Saver = Off
Reconnect on Reboot = Off
Seamless Tunnel = On
VPN Protocol = UDP
IPv6 = IPV4-Only Tunnel (I've tried also "No Preference" and "Combined IPV4/IPV6 Tunnel with no change in functionality)
Connection Timeout = Continuously Retry
Allow Compression (insecure) = No
AES-CBC Cipher Algorithm = Off
Minimum TLS Version = TLS 1.1 (was at profile default, no change in functionality when I modified that)
DNS Fallback = Off
Shortcut Minimize = Yes
Notifications = Off (don't show them as toast messages)
Theme = Default


Seems a weird way to ask for the ovpn file, but I'll put it in here because odds are I'm going to retract the certificate anyway after all is said and done

client

client
dev tun
proto udp
remote 24.rst.uvw.xyz 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
<ca>
<retracted the rest>

Code: Select all

10:38:04.444 -- ----- OpenVPN Start -----

10:38:04.444 -- EVENT: CORE_THREAD_ACTIVE

10:38:04.446 -- OpenVPN core 3.git::662eae9a:Release android arm64 64-bit PT_PROXY

10:38:04.446 -- Frame=512/2048/512 mssfix-ctrl=1250

10:38:04.447 -- UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
11 [ignore-unknown-option] [block-outside-dns]
12 [block-outside-dns]
13 [verb] [3]

10:38:04.447 -- EVENT: RESOLVE

10:38:04.451 -- Contacting 24.rst.uvw.xyz:1194 via UDP

10:38:04.451 -- EVENT: WAIT

10:38:04.453 -- Connecting to [24.rst.uvw.xyz]:1194 (24.rst.uvw.xyz) via UDPv4

10:38:04.548 -- EVENT: CONNECTING

10:38:04.551 -- Tunnel Options:V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client

10:38:04.551 -- Creds: UsernameEmpty/PasswordEmpty

10:38:04.551 -- Peer Info:
IV_VER=3.git::662eae9a:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_IPv6=0
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.android_3.2.5-7182
IV_SSO=openurl


10:38:04.725 -- VERIFY OK: depth=1, /CN=ChangeMe

10:38:04.725 -- VERIFY OK: depth=0, /CN=server

10:38:04.842 -- SSL Handshake: CN=server, TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA

10:38:04.842 -- Session is ACTIVE

10:38:04.843 -- EVENT: GET_CONFIG

10:38:04.845 -- Sending PUSH_REQUEST to server...

10:38:04.948 -- OPTIONS:
0 [redirect-gateway] [def1] [ipv6] [bypass-dhcp]
1 [dhcp-option] [DNS] [10.8.0.1]
2 [tun-ipv6]
3 [route-gateway] [10.8.0.1]
4 [topology] [subnet]
5 [ping] [10]
6 [ping-restart] [120]
7 [ifconfig-ipv6] [fddd:1194:1194:1194::1000/64] [fddd:1194:1194:1194::1]
8 [ifconfig] [10.8.0.2] [255.255.255.0]
9 [peer-id] [0]
10 [cipher] [AES-256-GCM]
11 [block-ipv6]


10:38:04.949 -- PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: NONE
  compress: NONE
  peer ID: 0

10:38:04.949 -- EVENT: ASSIGN_IP

10:38:04.970 -- TunPersist: saving tun context:
Session Name: 24.rst.uvw.xyz
Layer: OSI_LAYER_3
Remote Address: 24.rst.uvw.xyz
Tunnel Addresses:
  10.8.0.2/24 -> 10.8.0.1
  fddd:1194:1194:1194::1000/64 -> fddd:1194:1194:1194::1 [IPv6]
Reroute Gateway: IPv4=1 IPv6=1 flags=[ ENABLE REROUTE_GW DEF1 BYPASS_DHCP IPv4 IPv6 ]
Block IPv6: yes
Add Routes:
Exclude Routes:
DNS Servers:
  10.8.0.1
Search Domains:


10:38:04.970 -- Connected via tun

10:38:04.970 -- EVENT: CONNECTED info='24.rst.uvw.xyz:1194 (24.rst.uvw.xyz) via /UDPv4 on tun/10.8.0.2/fddd:1194:1194:1194::1000 gw=[10.8.0.1/fddd:1194:1194:1194::1]'

10:39:12.660 -- EVENT: PAUSE

10:39:15.333 -- EVENT: RESUME

10:39:15.340 -- EVENT: RECONNECTING

10:39:15.341 -- Contacting 24.rst.uvw.xyz:1194 via UDP

10:39:15.341 -- EVENT: WAIT

10:39:15.345 -- Connecting to [24.rst.uvw.xyz]:1194 (24.rst.uvw.xyz) via UDPv4

10:39:15.594 -- EVENT: CONNECTING

10:39:15.598 -- Tunnel Options:V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client

10:39:15.598 -- Creds: UsernameEmpty/PasswordEmpty

10:39:15.600 -- Peer Info:
IV_VER=3.git::662eae9a:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_IPv6=0
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.android_3.2.5-7182
IV_SSO=openurl


10:39:15.671 -- VERIFY OK: depth=1, /CN=ChangeMe

10:39:15.672 -- VERIFY OK: depth=0, /CN=server

10:39:15.698 -- SSL Handshake: CN=server, TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA

10:39:15.699 -- Session is ACTIVE

10:39:15.699 -- EVENT: GET_CONFIG

10:39:15.701 -- Sending PUSH_REQUEST to server...

10:39:15.711 -- OPTIONS:
0 [redirect-gateway] [def1] [ipv6] [bypass-dhcp]
1 [dhcp-option] [DNS] [10.8.0.1]
2 [tun-ipv6]
3 [route-gateway] [10.8.0.1]
4 [topology] [subnet]
5 [ping] [10]
6 [ping-restart] [120]
7 [ifconfig-ipv6] [fddd:1194:1194:1194::1000/64] [fddd:1194:1194:1194::1]
8 [ifconfig] [10.8.0.2] [255.255.255.0]
9 [peer-id] [1]
10 [cipher] [AES-256-GCM]
11 [block-ipv6]


10:39:15.711 -- PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: NONE
  compress: NONE
  peer ID: 1

10:39:15.711 -- TunPersist: reused tun context

10:39:15.712 -- Connected via tun

10:39:15.712 -- EVENT: CONNECTED info='24.rst.uvw.xyz:1194 (24.rst.uvw.xyz) via /UDPv4 on tun/10.8.0.2/fddd:1194:1194:1194::1000 gw=[10.8.0.1/fddd:1194:1194:1194::1]'
I realize the .opvn file had verb 3 in there, so this may not get you all the details you need for a good diagnosis. I couldn't see a way to edit that in the android client itself.

If anyone sees why a 5G/LTE connection via T-Mobile can't access Yahoo via VPN but it can access YouTube App via VPN, and can do both via VPN on Wifi, I'd love to know. There seems to be no rhyme or reason. It's the same client, same server, just a different requesting IP address.
Last edited by Exaskryz on Sun Nov 28, 2021 4:11 pm, edited 1 time in total.

User avatar
TinCanTech
Forum Team
Posts: 10242
Joined: Fri Jun 03, 2016 1:17 pm

Re: Help - Over Wifi, looks functional. Over mobile data (5G/4G), only partially works

Post by TinCanTech » Sun Nov 28, 2021 3:48 pm

You can backup what you have done so far and try pivpn.

https://docs.pi-hole.net/guides/vpn/ope ... pn-server/
pivpn would basically do that bit for you.

Exaskryz
OpenVpn Newbie
Posts: 5
Joined: Sun Nov 28, 2021 12:29 am

Re: Help - Over Wifi, looks functional. Over mobile data (5G/4G), only partially works

Post by Exaskryz » Sun Nov 28, 2021 4:19 pm

I've followed that step of the page. I did edit in logs to the previous reply. That's the very page that tells me to use verb 3 but your other thread asks for verb 4. Anyway, if pivpn would do that same thing for me automatically, what difference are you expecting to result from it?

When I do the steps on the page, the thing that jumps out to me is the command as in the tutorial does not work. I assume grep is some kind of matching/filtering word, being new to linux, and nothing in there has 'inet addr' but instead I can get these under 'inet'

Code: Select all

root@raspberrypi:/home/pi# ifconfig tun0 | grep 'inet addr'
root@raspberrypi:/home/pi# ifconfig tun0 | grep 'inet'
        inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1
        inet6 fdee:1194:1194:1194::1  prefixlen 64  scopeid 0x0<global>
        inet6 fe60::6369:24d4:d619:dcda  prefixlen 64  scopeid 0x20<link>
These look like local addresses to me, but I did modify a few parts of them just in case somehow those ipv6 addresses are public.

The pi-hole page you linked there makes no mention of the inet6 addresses, but the inet matches the tutorial given example, so that made it seem like the correct thing.

User avatar
TinCanTech
Forum Team
Posts: 10242
Joined: Fri Jun 03, 2016 1:17 pm

Re: Help - Over Wifi, looks functional. Over mobile data (5G/4G), only partially works

Post by TinCanTech » Sun Nov 28, 2021 4:49 pm

The only way for you to test if openvpn is working correctly is to disable pi-hole temporarily.

Exaskryz
OpenVpn Newbie
Posts: 5
Joined: Sun Nov 28, 2021 12:29 am

Re: Help - Over Wifi, looks functional. Over mobile data (5G/4G), only partially works

Post by Exaskryz » Sun Nov 28, 2021 5:06 pm

Okay, I just did that. Disabled pihole for 5 minutes via the admin panel, more than enough time to trial.

I was on my wifi + VPN as that has been working. That continued to work without pihole; I got to load imgur.com, reddit.com, and youtube app.

I then disconnected from wifi, going onto LTE. Took about 30 seconds and I was reconnected to the VPN. I go to the youtube app, and that works. I try to go to yahoo.com, and that times out. Any web browsing via a browser does not work.

Nothing seems to have changed whether pihole is enabled or disabled.

Edit: With nothing seeming to work and no one having an explanation, I did just trash the openvpn setup I had. I also set my router back to "factory" settings manually with what I remembered - changed my DNS and IP address to dynamic from ISP. Made it so that if I couldn't fix things at least no one else in household would be stranded with dysfunctional internet.

Then I did run the pivpn suggested. I almost intended to just use the pivpn shell to set up openvpn again, but I figured, if openvpn is the problem itself, then let's use the recommended WireGuard. That seems to work, having installed that on Android. And it is convenient that it could display a QR code for me instead of my hassle of USB drive between my Pi and Windows PC and then bluetoothing to my Android from my Windows PC. (Could not figure out file transfer from Pi to Android despite them being paired.) It got me my one goal of streaming license-restricted content on LTE. It lets me browse websites as expected on LTE. It lets me browse websites as expected on home Wifi. I'm yet to test it on public WiFi, but I expect it to work.

The weird thing is the shell script warned me I am on an unsupported OS. I wonder if the OS I'm on is newer than it expects? Honestly can't figure out how to identify which OS it is. I used my Windows PC to write the image to microSD via the .exe found at raspberrypi.org or whatever the main site for a pi.

Going through the prompts, I customized the port because I was having some weird logs on my router. Might have an old trojan or something on something on the network (some Ugandan IP is source, and a Brazil IP is the target..). A lot of DOS attacks, but nothing relevant to this topic that I can tell. Just mixed up the port to try to avoid them. Anyway, I ended up setting up port forwarding for that port on my router.

I accepted the prompt for asking to use my PiHole as the DNS server.

I did the recommended restart of the Pi, and I can't remember what else I selected in the prompts. I tried to stay to the defaults as much as possible except that customized port.

--

So while my immediate issues are technically resolved by just sidestepping them by scrapping OpenVPN, I am still super curious why an OpenVPN works fully on home and public WiFi, but only partially on LTE or 5G. I can only think of some protocol breakdown when using mobile data (tmobile) vs wifi (comcast and whatever the public was). Like the YouTube connection uses a protocol that works fine once tunneled. But the http/s protocol of going to yahoo.com in firefox/focus (tried both) does not. And again, the OpenVPN client on Android said that a connection was established, and it looks like the logs shared above from the OpenVPN server/host also show that a connection was established. Just that the tunnel wasn't working in that particular situation of using LTE/5G to access yahoo.com.


Post Reply