Always connect except on "home" network

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
jeff3820
OpenVpn Newbie
Posts: 7
Joined: Thu Aug 29, 2019 1:55 am

Always connect except on "home" network

Post by jeff3820 » Thu Aug 29, 2019 8:30 pm

brianjmurrell posted this message in the Openvpn Connect (android) forum. I am also interested in exactly the same solution...how can I pause openvpn connect when the WiFi is connected to the "home" network(s)? The 1.1.1.1 app which is a "VPN" for DNS only does this exactly...it allows specific SSIDs to be entered and if connected to those SSIDs then the VPN connection is paused. When moving to cellular or other WiFi SSIDs then the VPN resumes. Seems this would be a very valuable addition to OpenVPN Connect for iOS.

Here is the post from the android forum: <<How can I make OpenVPN automatically connect when I am on any network (mobile or WiFi) that is not the network that the OpenVPN server is gatewaying to (i.e. the network that is "behind" the OpenVPN gateway)?

So to be clear, I want to automatically always connect to my OpenVPN server except when I am on the network that is behind the OpenVPN server since that doesn't work and seems pointless anyway. I trust my local network.>>

Any solutions or workarounds would be great.

User avatar
TinCanTech
Forum Team
Posts: 9978
Joined: Fri Jun 03, 2016 1:17 pm

Re: Always connect except on "home" network

Post by TinCanTech » Thu Aug 29, 2019 9:49 pm

You can either, try to convince the developer of the software you are using that this is a good idea to implement in their software or you can invest in better network equipment and configure your network to do what you want.

jeff3820
OpenVpn Newbie
Posts: 7
Joined: Thu Aug 29, 2019 1:55 am

Re: Always connect except on "home" network

Post by jeff3820 » Thu Aug 29, 2019 10:02 pm

The router software on the "home" internal network is Pfsense and sure, I can configure a hairpin but that is just absurd...no need for a VPN when you are already on the network the VPN connects to. It is OpenVPN Connect that needs to implement the change to disable the VPN when it senses a WiFi connection to the "home" internal network. Only seems logical...

User avatar
TinCanTech
Forum Team
Posts: 9978
Joined: Fri Jun 03, 2016 1:17 pm

Re: Always connect except on "home" network

Post by TinCanTech » Thu Aug 29, 2019 10:43 pm

jeff3820 wrote:
Thu Aug 29, 2019 10:02 pm
I can configure a hairpin but that is just absurd
the exact opposite of the truth ..

SaturnusDJ
OpenVPN User
Posts: 30
Joined: Thu Nov 24, 2011 11:17 pm
Location: Netherlands

Re: Always connect except on "home" network

Post by SaturnusDJ » Wed Nov 13, 2019 11:58 pm

Kicking this topic.

@TinCanTech
What do you mean with your reply? Are you suggesting to deliberately *not* use a hairpin so that OpenVPN will fail to connect when being home? That would be a solution I guess, but not something that should work for the external IP always. Better would be to filter out only the VPN connection attempt, maybe by port. Hope this is possible on OpenWRT (iptables).

User avatar
TinCanTech
Forum Team
Posts: 9978
Joined: Fri Jun 03, 2016 1:17 pm

Re: Always connect except on "home" network

Post by TinCanTech » Thu Nov 14, 2019 1:04 am

You answered your own question ..

jeff3820
OpenVpn Newbie
Posts: 7
Joined: Thu Aug 29, 2019 1:55 am

Re: Always connect except on "home" network

Post by jeff3820 » Sun Nov 17, 2019 12:57 am

The way Cloudflare does this on their 1.1.1.1 client app is the correct solution. If the 1.1.1.1 app sees connection on a specific SSID/WiFi network (they call this a trusted connection) then 1.1.1.1 client disables itself so the connection doesn't happen. They allow multiple SSIDs to be entered. When internet connection is via a different SSID/WiFi that is not identified as a trusted WiFi connection or a cellular connection then the 1.1.1.1 client establishes a connection.

I can make a clumsy solution on the server side but it shouldn't be necessary. OpenVPN connect should implement this feature in a future release. It would simplify my network connections and I'm sure others as well. Simple is better and more reliable.

SaturnusDJ
OpenVPN User
Posts: 30
Joined: Thu Nov 24, 2011 11:17 pm
Location: Netherlands

Re: Always connect except on "home" network

Post by SaturnusDJ » Fri Nov 29, 2019 6:51 pm

I just made an OpenWRT firewall (iptables) rule to reject traffic on the OpenVPN port received from within the LAN towards the OpenVPN server LAN ip address. This last part sounds a bit weird, but specifying the external IP as destination did not result in a reject/block. I think the firewall rule is applied after OpenWRT translated the external IP to the internal IP.

jeff3820
OpenVpn Newbie
Posts: 7
Joined: Thu Aug 29, 2019 1:55 am

Re: Always connect except on "home" network

Post by jeff3820 » Sat Nov 30, 2019 8:37 pm

This isn't the issue I'm referring to. When using OpenVPN Connect on iOS I use the Seamless Tunnel setting to block internet while the VPN is reconnecting...this is just more secure. However, when inside the LAN, the external IP address is not reachable so OpenVPN Connect fails and prevents the mobile device from having any internet connectivity. I can't do anything on the router to fix this as the problem is on the mobile device. The best solution is to have OpenVPN Connect recognize that the connected WiFi is a secure/identified SSID and then disconnect the VPN. Cloudflare does this on their 1.1.1.1 app. Even if I turn off Seamless Tunnel, then after 30 seconds (default) the connection attempt to OpenVPN fails and will timeout. I will have internet connectivity but OpenVPN Connect will not automatically reconnect when leaving the trusted Wifi SSID. Again, Cloudflare's 1.1.1.1 app shows this is possible and would be a terrific addition to OpenVPN Connect

locuester
OpenVpn Newbie
Posts: 1
Joined: Sun Jan 19, 2020 4:21 pm

Re: Always connect except on "home" network

Post by locuester » Sun Jan 19, 2020 4:22 pm

I’m also looking for this feature. Most other VPN apps do this now.

JanW
OpenVpn Newbie
Posts: 1
Joined: Fri Feb 07, 2020 6:03 am

Re: Always connect except on "home" network

Post by JanW » Fri Feb 07, 2020 6:18 am

This is a must in my humble opinion.

Recently I did set up an OpenVPN server at home (PiVPN), which was very easy and performs flawlessly. The Pi uses another Pi with the Pi-Hole software for DNS resolving (it can be set up on one Pi though, there is a guide on the Pi-Hole website). With this setup I can enjoy a secure connection from my iPhone to my home, and blocking ads/trackers as a bonus which is great.

I expected the OpenVPN iOS app to behave just like is stated in this topic, but as you know, one has to manually disable WiFi when leaving home so the iPhone connects via cellular and then in the OpenVPN app toggle the switch to connect to the OpenVPN server. This is quite a hassle and prone to be forgotten when in a bit of a hurry. Also when there is a WiFi hotspot I'd like to use, it requires me to enable WiFi again

Long story short, would the dev's implement this feature in the iOS app, will make it an allround set-and-forget solution for the roadwarrior, which right now it is not.

jerseyweeds
OpenVpn Newbie
Posts: 2
Joined: Wed Oct 13, 2021 1:48 pm

Re: Always connect except on "home" network

Post by jerseyweeds » Wed Oct 13, 2021 1:50 pm

wow what a douchebag comment - not evenly remotely helpful. Some of us have lives and don’t spend countless hours down in our “homelab”. Get some sun bro

P.S. your response so irritated me I felt compelled to sign up just to respond. Congrats you’re my first post !
TinCanTech wrote:
Thu Aug 29, 2019 9:49 pm
You can either, try to convince the developer of the software you are using that this is a good idea to implement in their software or you can invest in better network equipment and configure your network to do what you want.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 375
Joined: Tue Feb 16, 2021 10:41 am

Re: Always connect except on "home" network

Post by openvpn_inc » Fri Oct 15, 2021 6:07 am

Hello,

This feature is on our roadmap - the ability to specify 'safe' networks where the VPN isn't needed.

However I am sorry to say I cannot give any information on when it will be implemented exactly. For now the only solution is as mentioned in this thread to block the traffic if you don't want it to be established in a particular network. Or just turn it off yourself.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

jerseyweeds
OpenVpn Newbie
Posts: 2
Joined: Wed Oct 13, 2021 1:48 pm

Re: Always connect except on "home" network

Post by jerseyweeds » Tue Oct 26, 2021 10:21 pm

How long has this been on the roadmap?
openvpn_inc wrote:
Fri Oct 15, 2021 6:07 am
Hello,

This feature is on our roadmap - the ability to specify 'safe' networks where the VPN isn't needed.

However I am sorry to say I cannot give any information on when it will be implemented exactly. For now the only solution is as mentioned in this thread to block the traffic if you don't want it to be established in a particular network. Or just turn it off yourself.

Kind regards,
Johan

SDeath
OpenVpn Newbie
Posts: 1
Joined: Wed Dec 01, 2021 10:54 am

Re: Always connect except on "home" network

Post by SDeath » Wed Dec 01, 2021 10:56 am

Or use the Passepartout app on iOS and it'll do all that for you already.
I switched about 6 months ago and never looked back.
Works great with PiVPN server.
I wished they also had a Windows Client.
Now I have to wait until the OpenVPN GUI client supports this.

Post Reply