Bridging a single client on iOS

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
Centrino
OpenVpn Newbie
Posts: 5
Joined: Mon May 17, 2021 6:51 pm

Bridging a single client on iOS

Post by Centrino » Mon May 17, 2021 7:07 pm

Hi,

I've been using OpenVPN iPhone client for a while, with SoftEther as the server but have decided that I want to use certificated authentication rather than password (which SoftEther OpenVPN emulation does not support).

I would like to connect a single iOS device to my (Windows Home edition) VPN server, with IP allocated from the same subnet as the the server (by DHCP or static). Effectively allowing full LAN access when connected via 4G as when on wifi and routing all iOS traffic (encrypted) via the LAN - making a hotel connection a much safer proposition. This worked perfectly on SoftEther using TUN on client side.

I've got both server and client setup and tested with TUN connection, but the VPN is on a different subnet (which isn't much use, as I have apps that want to connect to a specific IP on the LAN).

Using OpenVPN on server side everything I've read seems to be pointing to ethernet bridging which is only supported on TAP, which isn't supported on iOS client.

So... is there a way to solve this problem?
1) Will the wintun adapter help?
2) Can I effectively push a single static IP to the client (say 192.168.0.250) and expose that subnet via TUN?

If I can't get this working then I might have to go back to SoftEther with basic password authentication...

Thanks in advance

Steve

User avatar
TinCanTech
Forum Team
Posts: 9236
Joined: Fri Jun 03, 2016 1:17 pm

Re: Bridging a single client on iOS

Post by TinCanTech » Mon May 17, 2021 7:53 pm

Use --dev tun and routing (No bridge) .. it is all in the howto.

Centrino
OpenVpn Newbie
Posts: 5
Joined: Mon May 17, 2021 6:51 pm

Re: Bridging a single client on iOS

Post by Centrino » Tue May 18, 2021 6:56 am

Thanks TinCanTech - I'll re-read the howto, but it didn't leap out at me from first read, hence posting here.

Centrino
OpenVpn Newbie
Posts: 5
Joined: Mon May 17, 2021 6:51 pm

Re: Bridging a single client on iOS

Post by Centrino » Tue May 18, 2021 7:59 pm

No, maybe I'm missing something - can't find anything obvious in the HOWTO.

My server is on 192.168.0.10 static IP, with router on 192.168.0.1. I've setup server with:
dev tun
server 192.168.0.0 255.255.255.0
ifconfig 192.168.0.250 255.255.255.0
push "route 192.168.0.0 255.255.255.0"

And this seems to allocate the server as 192.168.0.1 and client as 192.168.0.2 and I can't ping 192.168.0.xxx

Sorry, I'm sure I'm being dumb but how do I tell the client that the server is 192.168.0.10 and then route other addresses on the 255.255.255.0 subnet?

Any help greatly appreciated.

Steve

User avatar
TinCanTech
Forum Team
Posts: 9236
Joined: Fri Jun 03, 2016 1:17 pm

Re: Bridging a single client on iOS

Post by TinCanTech » Tue May 18, 2021 8:04 pm

Openvpn cannot co-exist on your home LAN subnet, use --server 10.8.0.0 255.255.255.0

Centrino
OpenVpn Newbie
Posts: 5
Joined: Mon May 17, 2021 6:51 pm

Re: Bridging a single client on iOS

Post by Centrino » Tue May 18, 2021 8:32 pm

Thanks - OK, that's fine. I thought I could get them to coexist by briging the Ethernet adapter and the Openvpn adapter - but clearly not! So now I have connection with 10.8.0.1 as server and 10.8.0.2 as client (fine) - but I want the client to be able to access 192.168.0.70 (and other IPs) on the LAN.

push "route 192.168.0.0 255.255.255.0" looks like it should do that, but I can't ping any 192.168.0.xxx from the client.

User avatar
TinCanTech
Forum Team
Posts: 9236
Joined: Fri Jun 03, 2016 1:17 pm

Re: Bridging a single client on iOS

Post by TinCanTech » Tue May 18, 2021 8:38 pm

Centrino wrote:
Mon May 17, 2021 7:07 pm
I would like to connect a single iOS device to my (Windows Home edition) VPN server
Read the howto, again ..

Then Install Virtual Box and learn to use Linux.

Or, one of these may help.
viewforum.php?f=7
Read bebop's posts.

If all else fails then I am available for hire: tincantech at protonmail dot com
And I'm not even expensive ..

Centrino
OpenVpn Newbie
Posts: 5
Joined: Mon May 17, 2021 6:51 pm

Re: Bridging a single client on iOS

Post by Centrino » Tue May 18, 2021 9:24 pm

Thanks - that's really helpful. Bebop's example nearly works and it feels like a bit of tweaking and it'll be there. I can see other devices on the LAN subnet now, but not the actual IP of the VPN server (192.168.0.10)...

Appreciate that life would probably be a whole world easier on Linux - but with Linux comes a whole load of other stuff to learn!

User avatar
TinCanTech
Forum Team
Posts: 9236
Joined: Fri Jun 03, 2016 1:17 pm

Re: Bridging a single client on iOS

Post by TinCanTech » Tue May 18, 2021 10:06 pm

You really don't want 192.168.0.0/24 as your server LAN because you will eventually have a network conflict.
Use something more unique. eg. 10.91.43.0/24

Use Linux and let Windblows die the slow and painful death it deserves. 8-)

Post Reply