Amcrest works on public wifi but not cellular LTE

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
casperpaul
OpenVpn Newbie
Posts: 19
Joined: Sun Jan 31, 2016 8:46 pm

Amcrest works on public wifi but not cellular LTE

Post by casperpaul » Tue Nov 22, 2016 2:06 am

Hi guys, weird issue.

I have an openvpn server running on my raspberry pi via udp. It works great when I'm on wifi, whether it's my own or public. However, over my phone's LTE connection my connection to a Amcrest video cam fails to connect. Is there a setting or a client configuration I'm missing here?

My router is not enabled for ipv6 but i'm wondering if it has anything to do with the path on LTE where it may be using ipv6 somewhere. Have you guys come across this issue? I'm thinking it may be common, but because it's hard to describe my searches for solutions are not good.

Any of you guys have the solutions or suggestions to point me in the right direction?


Thanks,
Paul

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Amcrest works on public wifi but not cellular LTE

Post by TinCanTech » Tue Nov 22, 2016 1:43 pm

casperpaul wrote:I have an openvpn server running on my raspberry pi via udp. It works great when I'm on wifi, whether it's my own or public. However, over my phone's LTE connection my connection to a Amcrest video cam fails to connect
Do you mean that:
  • you can connect to your Video cam. over a WiFi VPN
  • but using the same profile you cannot connect to your Video cam. over a LTE VPN
:?:

casperpaul
OpenVpn Newbie
Posts: 19
Joined: Sun Jan 31, 2016 8:46 pm

Re: Amcrest works on public wifi but not cellular LTE

Post by casperpaul » Tue Nov 22, 2016 3:25 pm

Yes you got what I meant.

I can connect to the video cam when I'm connecting to openvpn over wifi but not when using the openvpn via mobile LTE. Note for both I'm able to authenticate and connect to openvpn just fine.

Note sure if this helps either but when connecting openvpn over LTE I'm able to surf the web but not connect to the video cam.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Amcrest works on public wifi but not cellular LTE

Post by TinCanTech » Tue Nov 22, 2016 3:55 pm

Please post your VPN Server config file.

Also, Please see:
HOWTO: Request Help !

The more information you post the easier this is to resolve.
(Please remove any publicly identifiable info, like your Public IP address)

casperpaul
OpenVpn Newbie
Posts: 19
Joined: Sun Jan 31, 2016 8:46 pm

Re: Amcrest works on public wifi but not cellular LTE

Post by casperpaul » Tue Nov 22, 2016 6:58 pm

Thank you for your help TCT. I have referred to your link: HOWTO: Request Help ! and submit the below ...

Summary
-Using iPhone 6 as client
-Using Raspberry pi as server
-Able to establish connection to OpenVPN server via WiFi and LTE, where WiFi is any public wireless access point (i.e. library, Starbucks) and LTE is the mobile carrier's high speed service
-Able to browse fine via the vpn whether it be WiFi or LTE; however, not able to connect to Amcrest video cam which is sitting on the private network. Amcrest connection works fine when connected to WiFi vpn but not LTE vpn
-This has always worked until about a month ago. Please note during this period, no changes were made to the server or client config. That is why I suspect there is something going on with the LTE connection in-between where it's using ipv6 or something and openvpn can't resolve? when I run a "my ip" on google it returns me a ipv6 looking ip address. I tried reading up on documentation etc but couldn't find/implement a solution.
-it looks like when coming from an ipv6 system, openvpn loses some functionality even though I'm able to connect and authenticate etc
-while i was gathering this information, i did some semi-troubleshooting. when using my phone as tether from my computer it works but not when using the phone itself. when tethering, when i got to my computers browser and type "my ip" it returns an ipv4 and I'm able to connect and authenticate and access the video. so this looks like there's some issue where the source is ipv6 and the server is running ipv4 or something like.


Notes

For the configs and logs below, please note the following:
-server destination was replaced with 'url'
-server ip was replaced with: xxx.xxx.xxx.xxx
-private addresses left as is
-source ip was replaced with: yyy.yyy.yyy.yyy
-certs were removed





SERVER
dev tun
proto udp6
port 443
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/url.crt
key /etc/openvpn/easy-rsa/keys/url.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.237.0 255.255.255.0
ifconfig 10.8.237.1 10.8.237.2
push "route 10.8.237.1 255.255.255.255"
push "route 10.8.237.0 255.255.255.0"
push "route 192.168.237.190 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"

client-to-client
duplicate-cn
server-ipv6 2001:db8:cada::/64
route-ipv6 2001:db8:daca::/64
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 4








Code: Select all

### Paste Your Server Log Below ###
==> openvpn.log <==
Tue Nov 22 12:54:42 2016 us=778697 MULTI: multi_create_instance called
Tue Nov 22 12:54:42 2016 us=779740 ::ffff:yyy.yyy.yyy.yyy Re-using SSL/TLS context
Tue Nov 22 12:54:42 2016 us=780419 ::ffff:yyy.yyy.yyy.yyy LZO compression initialized
Tue Nov 22 12:54:42 2016 us=781421 ::ffff:yyy.yyy.yyy.yyy Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Nov 22 12:54:42 2016 us=781997 ::ffff:yyy.yyy.yyy.yyy Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Nov 22 12:54:42 2016 us=782718 ::ffff:yyy.yyy.yyy.yyy Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Tue Nov 22 12:54:42 2016 us=783111 ::ffff:yyy.yyy.yyy.yyy Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Tue Nov 22 12:54:42 2016 us=783572 ::ffff:yyy.yyy.yyy.yyy Local Options hash (VER=V4): '162b04de'
Tue Nov 22 12:54:42 2016 us=783987 ::ffff:yyy.yyy.yyy.yyy Expected Remote Options hash (VER=V4): '9e7066d2'
Tue Nov 22 12:54:42 2016 us=784540 ::ffff:yyy.yyy.yyy.yyy TLS: Initial packet from [AF_INET6]::ffff:yyy.yyy.yyy.yyy:21188, sid=b290a24a 56f0e2e0
Tue Nov 22 12:54:44 2016 us=75369 ::ffff:yyy.yyy.yyy.yyy VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=EasyRSA, emailAddress=me@myhost.mydomain
Tue Nov 22 12:54:44 2016 us=78603 ::ffff:yyy.yyy.yyy.yyy VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=iphone6, name=EasyRSA, emailAddress=me@myhost.mydomain
Tue Nov 22 12:54:44 2016 us=623032 ::ffff:yyy.yyy.yyy.yyy Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Nov 22 12:54:44 2016 us=623662 ::ffff:yyy.yyy.yyy.yyy Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 22 12:54:44 2016 us=624030 ::ffff:yyy.yyy.yyy.yyy Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Nov 22 12:54:44 2016 us=624383 ::ffff:yyy.yyy.yyy.yyy Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 22 12:54:44 2016 us=675177 ::ffff:yyy.yyy.yyy.yyy Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 2048 bit RSA
Tue Nov 22 12:54:44 2016 us=675757 ::ffff:yyy.yyy.yyy.yyy [iphone6] Peer Connection Initiated with [AF_INET6]::ffff:yyy.yyy.yyy.yyy:21188
Tue Nov 22 12:54:44 2016 us=676284 iphone6/::ffff:yyy.yyy.yyy.yyy MULTI_sva: pool returned IPv4=10.8.237.10, IPv6=2001:db8:cada::1001
Tue Nov 22 12:54:44 2016 us=676865 iphone6/::ffff:yyy.yyy.yyy.yyy MULTI: Learn: 10.8.237.10 -> iphone6/::ffff:yyy.yyy.yyy.yyy
Tue Nov 22 12:54:44 2016 us=677147 iphone6/::ffff:yyy.yyy.yyy.yyy MULTI: primary virtual IP for iphone6/::ffff:yyy.yyy.yyy.yyy: 10.8.237.10
Tue Nov 22 12:54:44 2016 us=677418 iphone6/::ffff:yyy.yyy.yyy.yyy MULTI: Learn: 2001:db8:cada::1001 -> iphone6/::ffff:yyy.yyy.yyy.yyy
Tue Nov 22 12:54:44 2016 us=677669 iphone6/::ffff:yyy.yyy.yyy.yyy MULTI: primary virtual IPv6 for iphone6/::ffff:yyy.yyy.yyy.yyy: 2001:db8:cada::1001
Tue Nov 22 12:54:44 2016 us=678232 iphone6/::ffff:yyy.yyy.yyy.yyy PUSH: Received control message: 'PUSH_REQUEST'
Tue Nov 22 12:54:44 2016 us=678612 iphone6/::ffff:yyy.yyy.yyy.yyy send_push_reply(): safe_cap=940
Tue Nov 22 12:54:44 2016 us=679123 iphone6/::ffff:yyy.yyy.yyy.yyy SENT CONTROL [iphone6]: 'PUSH_REPLY,ifconfig-ipv6 2001:db8:cada::1001/64 2001:db8:cada::1,route 10.8.237.1 255.255.255.255,route 10.8.237.0 255.255.255.0,route 192.168.237.190 255.255.255.0,dhcp-option DNS 8.8.8.8,redirect-gateway def1,tun-ipv6,route 10.8.237.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.237.10 10.8.237.9' (status=1)
Tue Nov 22 12:54:44 2016 us=812149 iphone6/::ffff:yyy.yyy.yyy.yyy MULTI: bad source address from client [::], packet dropped
Tue Nov 22 12:54:45 2016 us=357251 iphone6/::ffff:yyy.yyy.yyy.yyy MULTI: bad source address from client [::], packet dropped










CLIENT
### Paste Your Client Config Below ###
client
dev tun
proto udp
remote url.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-256-CBC
comp-lzo
verb 4
mute 20
<certs etc>








Code: Select all

### Paste Your Client Log Below ###
2016-11-22 12:53:55 ----- OpenVPN Start -----
OpenVPN core 3.0.11 ios arm64 64-bit built on Apr 15 2016 14:13:50
2016-11-22 12:53:55 Frame=512/2048/512 mssfix-ctrl=1250
2016-11-22 12:53:55 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
8 [mute-replay-warnings]
13 [verb] [4]
14 [mute] [20]

2016-11-22 12:53:55 EVENT: RESOLVE
2016-11-22 12:53:56 NET Internet:ReachableViaWiFi/-R t------
2016-11-22 12:53:56 NET WiFi:ReachableViaWiFi/-R t-----d
2016-11-22 12:54:00 Contacting xxx.xxx.xxx.xxx:443 via UDP
2016-11-22 12:54:00 EVENT: WAIT
2016-11-22 12:54:00 SetTunnelSocket returned 1
2016-11-22 12:54:00 Connecting to [url.com]:443 (xxx.xxx.xxx.xxx) via UDPv4
2016-11-22 12:54:00 EVENT: CONNECTING
2016-11-22 12:54:00 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
2016-11-22 12:54:00 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.7-199
IV_VER=3.0.11
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1

2016-11-22 12:54:04 EVENT: DISCONNECTED
2016-11-22 12:54:04 Raw stats on disconnect:
  BYTES_IN : 684
  BYTES_OUT : 498
  PACKETS_IN : 6
  PACKETS_OUT : 7
2016-11-22 12:54:04 Performance stats on disconnect:
  CPU usage (microseconds): 21091
  Network bytes per CPU second: 56042
  Tunnel bytes per CPU second: 0
2016-11-22 12:54:04 ----- OpenVPN Stop -----
2016-11-22 12:54:42 ----- OpenVPN Start -----
OpenVPN core 3.0.11 ios arm64 64-bit built on Apr 15 2016 14:13:50
2016-11-22 12:54:42 Frame=512/2048/512 mssfix-ctrl=1250
2016-11-22 12:54:42 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
8 [mute-replay-warnings]
13 [verb] [4]
14 [mute] [20]

2016-11-22 12:54:42 EVENT: RESOLVE
2016-11-22 12:54:42 Contacting xxx.xxx.xxx.xxx:443 via UDP
2016-11-22 12:54:42 EVENT: WAIT
2016-11-22 12:54:42 SetTunnelSocket returned 1
2016-11-22 12:54:42 Connecting to [url.com]:443 (xxx.xxx.xxx.xxx) via UDPv4
2016-11-22 12:54:42 EVENT: CONNECTING
2016-11-22 12:54:42 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
2016-11-22 12:54:42 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.7-199
IV_VER=3.0.11
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1

2016-11-22 12:54:43 NET Internet:ReachableViaWWAN/WR t------
2016-11-22 12:54:43 NET WiFi:NotReachable/WR t------
2016-11-22 12:54:43 VERIFY OK: depth=1
cert. version    : 3
serial number    : CE:EF:8A:A4:C8:58:29:33
issuer name      : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, ??=EasyRSA, emailAddress=me@myhost.mydomain
subject name      : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, ??=EasyRSA, emailAddress=me@myhost.mydomain
issued  on        : 2016-02-06 20:53:57
expires on        : 2026-02-03 20:53:57
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true

2016-11-22 12:54:43 VERIFY OK: depth=0
cert. version    : 3
serial number    : 01
issuer name      : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, ??=EasyRSA, emailAddress=me@myhost.mydomain
subject name      : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=url, ??=EasyRSA, emailAddress=me@myhost.mydomain
issued  on        : 2016-02-06 20:55:01
expires on        : 2026-02-03 20:55:01
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : url
cert. type        : SSL Server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2016-11-22 12:54:44 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
2016-11-22 12:54:44 Session is ACTIVE
2016-11-22 12:54:44 EVENT: GET_CONFIG
2016-11-22 12:54:44 Sending PUSH_REQUEST to server...
2016-11-22 12:54:44 OPTIONS:
0 [ifconfig-ipv6] [2001:db8:cada::1001/64] [2001:db8:cada::1]
1 [route] [10.8.237.1] [255.255.255.255]
2 [route] [10.8.237.0] [255.255.255.0]
3 [route] [192.168.237.190] [255.255.255.0]
4 [dhcp-option] [DNS] [8.8.8.8]
5 [redirect-gateway] [def1]
6 [tun-ipv6]
7 [route] [10.8.237.0] [255.255.255.0]
8 [topology] [net30]
9 [ping] [10]
10 [ping-restart] [120]
11 [ifconfig] [10.8.237.10] [10.8.237.9]

2016-11-22 12:54:44 PROTOCOL OPTIONS:
  cipher: AES-256-CBC
  digest: SHA1
  compress: LZO
  peer ID: -1
2016-11-22 12:54:44 EVENT: ASSIGN_IP
2016-11-22 12:54:44 Error parsing IPv4 route: [route] [192.168.237.190] [255.255.255.0]  : tun_prop_error: route is not canonical
2016-11-22 12:54:44 TunPersist: saving tun context:
Session Name: url.com
Layer: OSI_LAYER_3
Remote Address: xxx.xxx.xxx.xxx
Tunnel Addresses:
  10.8.237.10/30 -> 10.8.237.9 [net30]
  2001:db8:cada::1001/64 -> 2001:db8:cada::1 [IPv6]
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
DNS Servers:
  8.8.8.8
Search Domains:

2016-11-22 12:54:44 Connected via tun
2016-11-22 12:54:44 EVENT: CONNECTED @url.com:443 (xxx.xxx.xxx.xxx) via /UDPv4 on tun/10.8.237.10/2001:db8:cada::1001
2016-11-22 12:54:44 LZO-ASYM init swap=0 asym=0
2016-11-22 12:54:44 SetStatus Connected


User avatar
Pippin
Forum Team
Posts: 1200
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Amcrest works on public wifi but not cellular LTE

Post by Pippin » Tue Nov 22, 2016 7:11 pm

Remove:

Code: Select all

push "route 10.8.237.1 255.255.255.255"

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Amcrest works on public wifi but not cellular LTE

Post by TinCanTech » Tue Nov 22, 2016 7:34 pm

Please Pippin ..

Technically, that line is correct (although redundant)

What about the rest though ?

User avatar
Pippin
Forum Team
Posts: 1200
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Amcrest works on public wifi but not cellular LTE

Post by Pippin » Tue Nov 22, 2016 10:04 pm

Ok that was short attention span :mrgreen:

Log says:

Code: Select all

Error parsing IPv4 route: [route] [192.168.237.190] [255.255.255.0]
I would do this, change:

Code: Select all

proto udp6 > proto udp
push "route 192.168.237.190 255.255.255.0" > push "route 192.168.237.0 255.255.255.0"
Remove:

Code: Select all

push "route 10.8.237.1 255.255.255.255"
server-ipv6 2001:db8:cada::/64
route-ipv6 2001:db8:daca::/64
Need?

Code: Select all

client-to-client
duplicate-cn

casperpaul
OpenVpn Newbie
Posts: 19
Joined: Sun Jan 31, 2016 8:46 pm

Re: Amcrest works on public wifi but not cellular LTE

Post by casperpaul » Wed Nov 23, 2016 4:18 am

Just tried your suggestions and still no good. Server and client log below. That ipv6 stuff was added in the other day when I was trying to troubleshoot. Have you guys come across an issue where a computer coming from an ipv6 client to and ipv4 openvpn server had issues with certain protocols even after the authentication and connect? Can't see why it would. Maybe this is a timeout thing of sorts? Just thinking aloud.

Thanks again for the help.

Code: Select all

### Paste Your Server Log Below ###
Tue Nov 22 22:57:25 2016 us=173983 MULTI: multi_create_instance called
Tue Nov 22 22:57:25 2016 us=174518 yyy.yyy.yyy.yyy:48331 Re-using SSL/TLS context
Tue Nov 22 22:57:25 2016 us=174780 yyy.yyy.yyy.yyy:48331 LZO compression initialized
Tue Nov 22 22:57:25 2016 us=176101 yyy.yyy.yyy.yyy:48331 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Nov 22 22:57:25 2016 us=176331 yyy.yyy.yyy.yyy:48331 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Nov 22 22:57:25 2016 us=176809 yyy.yyy.yyy.yyy:48331 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Tue Nov 22 22:57:25 2016 us=176914 yyy.yyy.yyy.yyy:48331 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Tue Nov 22 22:57:25 2016 us=177178 yyy.yyy.yyy.yyy:48331 Local Options hash (VER=V4): '162b04de'
Tue Nov 22 22:57:25 2016 us=177369 yyy.yyy.yyy.yyy:48331 Expected Remote Options hash (VER=V4): '9e7066d2'
Tue Nov 22 22:57:25 2016 us=177593 yyy.yyy.yyy.yyy:48331 TLS: Initial packet from [AF_INET]yyy.yyy.yyy.yyy:48331, sid=09921de1 081a20dd
Tue Nov 22 22:57:26 2016 us=448821 yyy.yyy.yyy.yyy:48331 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=EasyRSA, emailAddress=me@myhost.mydomain
Tue Nov 22 22:57:26 2016 us=451414 yyy.yyy.yyy.yyy:48331 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=iphone6, name=EasyRSA, emailAddress=me@myhost.mydomain
Tue Nov 22 22:57:26 2016 us=688442 yyy.yyy.yyy.yyy:48331 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Nov 22 22:57:26 2016 us=688832 yyy.yyy.yyy.yyy:48331 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 22 22:57:26 2016 us=689073 yyy.yyy.yyy.yyy:48331 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Nov 22 22:57:26 2016 us=689443 yyy.yyy.yyy.yyy:48331 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 22 22:57:26 2016 us=740807 yyy.yyy.yyy.yyy:48331 Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 2048 bit RSA
Tue Nov 22 22:57:26 2016 us=741208 yyy.yyy.yyy.yyy:48331 [iphone6] Peer Connection Initiated with [AF_INET]yyy.yyy.yyy.yyy:48331
Tue Nov 22 22:57:26 2016 us=741696 iphone6/yyy.yyy.yyy.yyy:48331 MULTI_sva: pool returned IPv4=10.8.237.6, IPv6=(Not enabled)
Tue Nov 22 22:57:26 2016 us=742320 iphone6/yyy.yyy.yyy.yyy:48331 MULTI: Learn: 10.8.237.6 -> iphone6/yyy.yyy.yyy.yyy:48331
Tue Nov 22 22:57:26 2016 us=742571 iphone6/yyy.yyy.yyy.yyy:48331 MULTI: primary virtual IP for iphone6/yyy.yyy.yyy.yyy:48331: 10.8.237.6
Tue Nov 22 22:57:26 2016 us=743305 iphone6/yyy.yyy.yyy.yyy:48331 PUSH: Received control message: 'PUSH_REQUEST'
Tue Nov 22 22:57:26 2016 us=743595 iphone6/yyy.yyy.yyy.yyy:48331 send_push_reply(): safe_cap=940
Tue Nov 22 22:57:26 2016 us=744339 iphone6/yyy.yyy.yyy.yyy:48331 SENT CONTROL [iphone6]: 'PUSH_REPLY,route 10.8.237.0 255.255.255.0,route 192.168.237.0 255.255.255.0,dhcp-option DNS 8.8.8.8,redirect-gateway def1,route 10.8.237.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.237.6 10.8.237.5' (status=1)
Tue Nov 22 22:57:32 2016 us=344376 iphone6/yyy.yyy.yyy.yyy:48331 SIGTERM[soft,remote-exit] received, client-instance exiting


























Code: Select all

### Paste Your Client Log Below ###
2016-11-22 22:57:24 ----- OpenVPN Start -----
OpenVPN core 3.0.11 ios arm64 64-bit built on Apr 15 2016 14:13:50
2016-11-22 22:57:24 Frame=512/2048/512 mssfix-ctrl=1250
2016-11-22 22:57:24 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
8 [mute-replay-warnings]
13 [verb] [1]
14 [mute] [20]

2016-11-22 22:57:24 EVENT: RESOLVE
2016-11-22 22:57:25 Contacting xxx.xxx.xxx.xxx:443 via UDP
2016-11-22 22:57:25 EVENT: WAIT
2016-11-22 22:57:25 SetTunnelSocket returned 1
2016-11-22 22:57:25 Connecting to [url.com]:443 (xxx.xxx.xxx.xxx) via UDPv4
2016-11-22 22:57:25 EVENT: CONNECTING
2016-11-22 22:57:25 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
2016-11-22 22:57:25 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.7-199
IV_VER=3.0.11
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1

2016-11-22 22:57:25 NET Internet:ReachableViaWWAN/WR t------
2016-11-22 22:57:25 NET WiFi:NotReachable/WR t------
2016-11-22 22:57:26 VERIFY OK: depth=1
cert. version    : 3
serial number    : CE:EF:8A:A4:C8:58:29:33
issuer name      : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, ??=EasyRSA, emailAddress=me@myhost.mydomain
subject name      : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, ??=EasyRSA, emailAddress=me@myhost.mydomain
issued  on        : 2016-02-06 20:53:57
expires on        : 2026-02-03 20:53:57
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true

2016-11-22 22:57:26 VERIFY OK: depth=0
cert. version    : 3
serial number    : 01
issuer name      : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, ??=EasyRSA, emailAddress=me@myhost.mydomain
subject name      : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=url, ??=EasyRSA, emailAddress=me@myhost.mydomain
issued  on        : 2016-02-06 20:55:01
expires on        : 2026-02-03 20:55:01
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : url
cert. type        : SSL Server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2016-11-22 22:57:26 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
2016-11-22 22:57:26 Session is ACTIVE
2016-11-22 22:57:26 EVENT: GET_CONFIG
2016-11-22 22:57:26 Sending PUSH_REQUEST to server...
2016-11-22 22:57:26 OPTIONS:
0 [route] [10.8.237.0] [255.255.255.0]
1 [route] [192.168.237.0] [255.255.255.0]
2 [dhcp-option] [DNS] [8.8.8.8]
3 [redirect-gateway] [def1]
4 [route] [10.8.237.1]
5 [topology] [net30]
6 [ping] [10]
7 [ping-restart] [120]
8 [ifconfig] [10.8.237.6] [10.8.237.5]

2016-11-22 22:57:26 PROTOCOL OPTIONS:
  cipher: AES-256-CBC
  digest: SHA1
  compress: LZO
  peer ID: -1
2016-11-22 22:57:26 EVENT: ASSIGN_IP
2016-11-22 22:57:26 TunPersist: saving tun context:
Session Name: url.com
Layer: OSI_LAYER_3
Remote Address: xxx.xxx.xxx.xxx
Tunnel Addresses:
  10.8.237.6/30 -> 10.8.237.5 [net30]
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
DNS Servers:
  8.8.8.8
Search Domains:

2016-11-22 22:57:26 Connected via tun
2016-11-22 22:57:26 EVENT: CONNECTED @url.com:443 (xxx.xxx.xxx.xxx) via /UDPv4 on tun/10.8.237.6/
2016-11-22 22:57:26 LZO-ASYM init swap=0 asym=0
2016-11-22 22:57:26 SetStatus Connected
2016-11-22 22:57:32 TUN reset routes
2016-11-22 22:57:32 EVENT: DISCONNECTED
2016-11-22 22:57:32 Raw stats on disconnect:
  BYTES_IN : 7315
  BYTES_OUT : 5603
  PACKETS_IN : 53
  PACKETS_OUT : 55
  TUN_BYTES_IN : 253
  TUN_BYTES_OUT : 670
  TUN_PACKETS_IN : 4
  TUN_PACKETS_OUT : 4
2016-11-22 22:57:32 Performance stats on disconnect:
  CPU usage (microseconds): 217612
  Tunnel compression ratio (uplink): 22.1462
  Tunnel compression ratio (downlink): 10.9179
  Network bytes per CPU second: 59362
  Tunnel bytes per CPU second: 4241
2016-11-22 22:57:32 ----- OpenVPN Stop -----

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Amcrest works on public wifi but not cellular LTE

Post by TinCanTech » Wed Nov 23, 2016 3:46 pm

TinCanTech wrote:
casperpaul wrote:I have an openvpn server running on my raspberry pi via udp. It works great when I'm on wifi, whether it's my own or public. However, over my phone's LTE connection my connection to a Amcrest video cam fails to connect
Do you mean that:
  • you can connect to your Video cam. over a WiFi VPN
  • but using the same profile you cannot connect to your Video cam. over a LTE VPN
:?:
Here is what I have trouble with ..

I think you can only connect to your Camera when you are on your local LAN ..

Have you tested from a coffee shop etc ?

casperpaul
OpenVpn Newbie
Posts: 19
Joined: Sun Jan 31, 2016 8:46 pm

Re: Amcrest works on public wifi but not cellular LTE

Post by casperpaul » Wed Nov 23, 2016 3:50 pm

Yes. When I'm on outside wifi and I vpn in I can access the cam. Just not via IPv6 LTE. But when I'm on IPv4 LTE (tested this with tether) it works. Maybe it's a bug with the iOS openvpn client? I'm out of ideas tbh

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Amcrest works on public wifi but not cellular LTE

Post by TinCanTech » Wed Nov 23, 2016 4:00 pm

casperpaul wrote:When I'm on outside wifi and I vpn in I can access the cam. Just not via IPv6 LTE
Ahh .. now we can see.

You need to have a VPN which uses IPv6 transport ..

https://community.openvpn.net/openvpn/w ... ethetunnel

But your home server also needs a public IPv6 address.

There may also be other ways ..

casperpaul
OpenVpn Newbie
Posts: 19
Joined: Sun Jan 31, 2016 8:46 pm

Re: Amcrest works on public wifi but not cellular LTE

Post by casperpaul » Wed Nov 23, 2016 4:05 pm

Ugh. I didn't want to do that but if that's the only I understand. Will need to read up on IPv6 etc. not all my devices at home are IPv6 ready (i.e printer)

Ok thanks for the help

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Amcrest works on public wifi but not cellular LTE

Post by TinCanTech » Wed Nov 23, 2016 4:08 pm

You only need IPv6 "outside the tunnel" in order to connect to the VPN when using an IPv6 Network.
eg. IPv6 LTE

And even that may not be necessary, it depends on what your Provider provides .. Look it up !

casperpaul
OpenVpn Newbie
Posts: 19
Joined: Sun Jan 31, 2016 8:46 pm

Re: Amcrest works on public wifi but not cellular LTE

Post by casperpaul » Tue Nov 29, 2016 11:24 pm

Actually, I was thinking about this issue some more. Holding all things the same, where I'm coming from an IPv6 source, would there be an explanation as to why I would be able to browse the web just fine but not view video/udp? Just wondering why it would only be the video cam not working but everything else works just fine. Wondering if udp data is handled differently maybe?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Amcrest works on public wifi but not cellular LTE

Post by TinCanTech » Wed Nov 30, 2016 12:20 am

casperpaul wrote:would there be an explanation as to why I would be able to browse the web just fine but not view video/udp? Just wondering why it would only be the video cam not working but everything else works just fine
I would ask the Video Camera Guys why their video camera does not work over a VPN when everything else does. They may even start to listen if enough customers complain about it ..

sidechem
OpenVpn Newbie
Posts: 1
Joined: Tue Jun 20, 2017 2:03 am

Re: Amcrest works on public wifi but not cellular LTE

Post by sidechem » Tue Jun 20, 2017 2:09 am

Hey,
I'm struggling with exactly the same problem. I can get my camera feeds through my openVPN when on my wifi or external wifi but I cannot connect to my camera feeds when on my cellular LTE network. I was wondering if you've succeeded in resolving your issue.
Thanks

cby016
OpenVpn Newbie
Posts: 1
Joined: Wed Nov 24, 2021 8:43 pm

Re: Amcrest works on public wifi but not cellular LTE

Post by cby016 » Wed Nov 24, 2021 8:50 pm

I was having this same issue. I was trying all sorts of things to fix it but then I remembered hearing that T-Mobile doesn't allow streaming high resolution HD video or they try and scale it down or something stupid like that. So I tried the low resolution stream and it works fine. For now I've resorted to using the low resolution stream for remote viewing but I will continue to save the high resolution stream on my NAS.

Post Reply