Page 1 of 1
Always connect except on "home" network
Posted: Sun Jan 07, 2018 8:06 pm
by brianjmurrell
How can I make OpenVPN automatically connect when I am on any network (mobile or WiFi) that is not the network that the OpenVPN server is gatewaying to (i.e. the network that is "behind" the OpenVPN gateway)?
So to be clear, I want to automatically always connect to my OpenVPN server except when I am on the network that is behind the OpenVPN server since that doesn't work and seems pointless anyway. I trust my local network.
Re: Always connect except on "home" network
Posted: Mon Jan 15, 2018 3:19 pm
by brianjmurrell
Is this just not possible?
It seems like an obvious use-case.
Re: Always connect except on "home" network
Posted: Mon Jan 15, 2018 3:46 pm
by ordex
brianjmurrell wrote: ↑Mon Jan 15, 2018 3:19 pm
Is this just not possible?
It seems like an obvious use-case.
How can the phone understand to be in the right network first?
What's the mechanism you use to auto connect?
Re: Always connect except on "home" network
Posted: Mon Jan 15, 2018 5:35 pm
by TinCanTech
This is normally done by the server administrator.
Re: Always connect except on "home" network
Posted: Sat Jan 20, 2018 7:03 pm
by brianjmurrell
ordex wrote: ↑Mon Jan 15, 2018 3:46 pm
How can the phone understand to be in the right network first?
If the remote subnet is the same as the local subnet? I.e. I am the VPN client. I connect to the server. The server pushes me the subnet 192.168.1.0/24. I compare that against the (i.e. wireless) interface that I connected to the VPN on and see that it's also in 192.168.1.0/24.
Even if those were not really even the same subnets but just two separate instances of 192.168.1.0/24, things would be broken anyway since it would be ambiguous which network a connection to 192.168.1.33 should go to, so OpenVPN probably ought not to connect to ambiguous networks anyway, yes?
ordex wrote: ↑Mon Jan 15, 2018 3:46 pm
What's the mechanism you use to auto connect?
Nothing yet since this problem makes autoconnecting impractical. I thought I had noticed a setting in OpenVPN Connect to reconnect if it was previously connected. Maybe I am mistaken and this is all moot.
TinCanTech wrote: ↑Mon Jan 15, 2018 5:35 pm
This is normally done by the server administrator.
That's me.
How is this done then?
Interestingly I just found
this similar question.
Re: Always connect except on "home" network
Posted: Thu Aug 29, 2019 8:19 pm
by jeff3820
I'm also very interested in finding a solution to this issue. There are apps which do this...for example the 1.1.1.1 app allow their "VPN" (will tunnel only VPN requests for now) to pause if connected to specific WiFi networks. Seems this would be a very desirable feature to add to OpenVPN Connect for iOS.
Re: Always connect except on "home" network
Posted: Mon Sep 02, 2019 9:10 am
by rutukate
brianjmurrell wrote: ↑Sun Jan 07, 2018 8:06 pm
How can I make OpenVPN automatically connect when I am on any network (mobile or WiFi) that is not the network that the OpenVPN server is gatewaying to (i.e. the network that is "behind" the OpenVPN gateway)?
So to be clear, I want to automatically always connect to my OpenVPN server except when I am on the network that is behind the OpenVPN server since that doesn't work and seems pointless anyway. I trust my local network.
why i am understanding..
Re: Always connect except on "home" network
Posted: Sat Sep 21, 2019 10:46 am
by aardvarksagus
This is exactly the use case I’m trying to accomplish as well. Seems like the easiest way to detect which network you’re on is the same method that 1.1.1.1’s vpn app uses, by selecting the ssid of your home network (probably harder to actually do than I’m giving credit for).
Either way, this would be the one major feature that I wish OpenVPN Connect would include.
Re: Always connect except on "home" network
Posted: Tue Sep 24, 2019 9:54 pm
by 300000
why do you need disconnect from home wifi network ? I just let my phone connect all the time from inside my house or outside and connect is ok .my phone not root so i need connect openvpn to my owe openvpn server to block all google ad display on my phone and it workes very well .
it is only trouble from server config so you need correct server config and you can let it connect all the time .on my server config it look like that\
push "redirect-gateway autolocal def1 bypass-dhcp"
autolocal will let your openvpn client go to internet if connect with the same openvpn server network.
Re: Always connect except on "home" network
Posted: Tue Jun 23, 2020 1:44 pm
by madnem
I solve this by using the DNS-Server in the Office. The Clients connect to vpn.company.com. If the Client is in a foreign network they get the public IP of our internet conection of the office and could connect to the VPN. If the device is in our domainnetwork it gets the IP 127.0.0.1 from the DNS-Server so they do not connect to anywhere.
I'm not sure this is the best way to do it, but it solves your problem I think.
Re: Always connect except on "home" network
Posted: Sat Oct 02, 2021 2:07 pm
by howudodat
madnem wrote: ↑Tue Jun 23, 2020 1:44 pm
I solve this by using the DNS-Server in the Office. The Clients connect to vpn.company.com. If the Client is in a foreign network they get the public IP of our internet conection of the office and could connect to the VPN. If the device is in our domainnetwork it gets the IP 127.0.0.1 from the DNS-Server so they do not connect to anywhere.
I thought of this method as well (I have also tried keeping the dns the same, but using the firewall to block the traffic, which doesn't seem to work either)
Can I get more details about how well the DNS method has worked for you? I am finding very intermittent results. The VPN thinks it is still active and keeps certain parameters. ie: the DNS server stays configured on the ethernet port so vpn.foo.bar doesn't get resolved. I have also seen the vpn server stay configured on the tap interface even though the vpn is no longer connected. The devices (surface pro) are configured to dhcp, dns is not hard coded.
I will be building more specific test scenarios and gathering more information next week, to hopefully get a better handle on what is happening