I have an openvpn server running on my raspberry pi via udp. It works great when I'm on wifi, whether it's my own or public. However, over my phone's LTE connection my connection to a Amcrest video cam fails to connect. Is there a setting or a client configuration I'm missing here?
My router is not enabled for ipv6 but i'm wondering if it has anything to do with the path on LTE where it may be using ipv6 somewhere. Have you guys come across this issue? I'm thinking it may be common, but because it's hard to describe my searches for solutions are not good.
Any of you guys have the solutions or suggestions to point me in the right direction?
Thanks,
Paul
Re: Amcrest works on public wifi but not cellular LTE
Posted: Tue Nov 22, 2016 1:43 pm
by TinCanTech
casperpaul wrote:I have an openvpn server running on my raspberry pi via udp. It works great when I'm on wifi, whether it's my own or public. However, over my phone's LTE connection my connection to a Amcrest video cam fails to connect
Do you mean that:
you can connect to your Video cam. over a WiFi VPN
but using the same profile you cannot connect to your Video cam. over a LTE VPN
Re: Amcrest works on public wifi but not cellular LTE
Posted: Tue Nov 22, 2016 3:25 pm
by casperpaul
Yes you got what I meant.
I can connect to the video cam when I'm connecting to openvpn over wifi but not when using the openvpn via mobile LTE. Note for both I'm able to authenticate and connect to openvpn just fine.
Note sure if this helps either but when connecting openvpn over LTE I'm able to surf the web but not connect to the video cam.
Re: Amcrest works on public wifi but not cellular LTE
The more information you post the easier this is to resolve.
(Please remove any publicly identifiable info, like your Public IP address)
Re: Amcrest works on public wifi but not cellular LTE
Posted: Tue Nov 22, 2016 6:58 pm
by casperpaul
Thank you for your help TCT. I have referred to your link: HOWTO: Request Help ! and submit the below ...
Summary
-Using iPhone 6 as client
-Using Raspberry pi as server
-Able to establish connection to OpenVPN server via WiFi and LTE, where WiFi is any public wireless access point (i.e. library, Starbucks) and LTE is the mobile carrier's high speed service
-Able to browse fine via the vpn whether it be WiFi or LTE; however, not able to connect to Amcrest video cam which is sitting on the private network. Amcrest connection works fine when connected to WiFi vpn but not LTE vpn
-This has always worked until about a month ago. Please note during this period, no changes were made to the server or client config. That is why I suspect there is something going on with the LTE connection in-between where it's using ipv6 or something and openvpn can't resolve? when I run a "my ip" on google it returns me a ipv6 looking ip address. I tried reading up on documentation etc but couldn't find/implement a solution.
-it looks like when coming from an ipv6 system, openvpn loses some functionality even though I'm able to connect and authenticate etc
-while i was gathering this information, i did some semi-troubleshooting. when using my phone as tether from my computer it works but not when using the phone itself. when tethering, when i got to my computers browser and type "my ip" it returns an ipv4 and I'm able to connect and authenticate and access the video. so this looks like there's some issue where the source is ipv6 and the server is running ipv4 or something like.
Notes
For the configs and logs below, please note the following:
-server destination was replaced with 'url'
-server ip was replaced with: xxx.xxx.xxx.xxx
-private addresses left as is
-source ip was replaced with: yyy.yyy.yyy.yyy
-certs were removed
SERVER
dev tun
proto udp6
port 443
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/url.crt
key /etc/openvpn/easy-rsa/keys/url.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.237.0 255.255.255.0
ifconfig 10.8.237.1 10.8.237.2
push "route 10.8.237.1 255.255.255.255"
push "route 10.8.237.0 255.255.255.0"
push "route 192.168.237.190 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"
client-to-client
duplicate-cn
server-ipv6 2001:db8:cada::/64
route-ipv6 2001:db8:daca::/64
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 4
Re: Amcrest works on public wifi but not cellular LTE
Posted: Wed Nov 23, 2016 4:18 am
by casperpaul
Just tried your suggestions and still no good. Server and client log below. That ipv6 stuff was added in the other day when I was trying to troubleshoot. Have you guys come across an issue where a computer coming from an ipv6 client to and ipv4 openvpn server had issues with certain protocols even after the authentication and connect? Can't see why it would. Maybe this is a timeout thing of sorts? Just thinking aloud.
### Paste Your Client Log Below ###
2016-11-22 22:57:24 ----- OpenVPN Start -----
OpenVPN core 3.0.11 ios arm64 64-bit built on Apr 15 2016 14:13:50
2016-11-22 22:57:24 Frame=512/2048/512 mssfix-ctrl=1250
2016-11-22 22:57:24 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
8 [mute-replay-warnings]
13 [verb] [1]
14 [mute] [20]
2016-11-22 22:57:24 EVENT: RESOLVE
2016-11-22 22:57:25 Contacting xxx.xxx.xxx.xxx:443 via UDP
2016-11-22 22:57:25 EVENT: WAIT
2016-11-22 22:57:25 SetTunnelSocket returned 1
2016-11-22 22:57:25 Connecting to [url.com]:443 (xxx.xxx.xxx.xxx) via UDPv4
2016-11-22 22:57:25 EVENT: CONNECTING
2016-11-22 22:57:25 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
2016-11-22 22:57:25 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.7-199
IV_VER=3.0.11
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
2016-11-22 22:57:25 NET Internet:ReachableViaWWAN/WR t------
2016-11-22 22:57:25 NET WiFi:NotReachable/WR t------
2016-11-22 22:57:26 VERIFY OK: depth=1
cert. version : 3
serial number : CE:EF:8A:A4:C8:58:29:33
issuer name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, ??=EasyRSA, emailAddress=me@myhost.mydomain
subject name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, ??=EasyRSA, emailAddress=me@myhost.mydomain
issued on : 2016-02-06 20:53:57
expires on : 2026-02-03 20:53:57
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
2016-11-22 22:57:26 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, ??=EasyRSA, emailAddress=me@myhost.mydomain
subject name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=url, ??=EasyRSA, emailAddress=me@myhost.mydomain
issued on : 2016-02-06 20:55:01
expires on : 2026-02-03 20:55:01
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : url
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2016-11-22 22:57:26 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
2016-11-22 22:57:26 Session is ACTIVE
2016-11-22 22:57:26 EVENT: GET_CONFIG
2016-11-22 22:57:26 Sending PUSH_REQUEST to server...
2016-11-22 22:57:26 OPTIONS:
0 [route] [10.8.237.0] [255.255.255.0]
1 [route] [192.168.237.0] [255.255.255.0]
2 [dhcp-option] [DNS] [8.8.8.8]
3 [redirect-gateway] [def1]
4 [route] [10.8.237.1]
5 [topology] [net30]
6 [ping] [10]
7 [ping-restart] [120]
8 [ifconfig] [10.8.237.6] [10.8.237.5]
2016-11-22 22:57:26 PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA1
compress: LZO
peer ID: -1
2016-11-22 22:57:26 EVENT: ASSIGN_IP
2016-11-22 22:57:26 TunPersist: saving tun context:
Session Name: url.com
Layer: OSI_LAYER_3
Remote Address: xxx.xxx.xxx.xxx
Tunnel Addresses:
10.8.237.6/30 -> 10.8.237.5 [net30]
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
DNS Servers:
8.8.8.8
Search Domains:
2016-11-22 22:57:26 Connected via tun
2016-11-22 22:57:26 EVENT: CONNECTED @url.com:443 (xxx.xxx.xxx.xxx) via /UDPv4 on tun/10.8.237.6/
2016-11-22 22:57:26 LZO-ASYM init swap=0 asym=0
2016-11-22 22:57:26 SetStatus Connected
2016-11-22 22:57:32 TUN reset routes
2016-11-22 22:57:32 EVENT: DISCONNECTED
2016-11-22 22:57:32 Raw stats on disconnect:
BYTES_IN : 7315
BYTES_OUT : 5603
PACKETS_IN : 53
PACKETS_OUT : 55
TUN_BYTES_IN : 253
TUN_BYTES_OUT : 670
TUN_PACKETS_IN : 4
TUN_PACKETS_OUT : 4
2016-11-22 22:57:32 Performance stats on disconnect:
CPU usage (microseconds): 217612
Tunnel compression ratio (uplink): 22.1462
Tunnel compression ratio (downlink): 10.9179
Network bytes per CPU second: 59362
Tunnel bytes per CPU second: 4241
2016-11-22 22:57:32 ----- OpenVPN Stop -----
Re: Amcrest works on public wifi but not cellular LTE
Posted: Wed Nov 23, 2016 3:46 pm
by TinCanTech
TinCanTech wrote:
casperpaul wrote:I have an openvpn server running on my raspberry pi via udp. It works great when I'm on wifi, whether it's my own or public. However, over my phone's LTE connection my connection to a Amcrest video cam fails to connect
Do you mean that:
you can connect to your Video cam. over a WiFi VPN
but using the same profile you cannot connect to your Video cam. over a LTE VPN
Here is what I have trouble with ..
I think you can only connect to your Camera when you are on your local LAN ..
Have you tested from a coffee shop etc ?
Re: Amcrest works on public wifi but not cellular LTE
Posted: Wed Nov 23, 2016 3:50 pm
by casperpaul
Yes. When I'm on outside wifi and I vpn in I can access the cam. Just not via IPv6 LTE. But when I'm on IPv4 LTE (tested this with tether) it works. Maybe it's a bug with the iOS openvpn client? I'm out of ideas tbh
Re: Amcrest works on public wifi but not cellular LTE
Posted: Wed Nov 23, 2016 4:00 pm
by TinCanTech
casperpaul wrote:When I'm on outside wifi and I vpn in I can access the cam. Just not via IPv6 LTE
Ahh .. now we can see.
You need to have a VPN which uses IPv6 transport ..
But your home server also needs a public IPv6 address.
There may also be other ways ..
Re: Amcrest works on public wifi but not cellular LTE
Posted: Wed Nov 23, 2016 4:05 pm
by casperpaul
Ugh. I didn't want to do that but if that's the only I understand. Will need to read up on IPv6 etc. not all my devices at home are IPv6 ready (i.e printer)
Ok thanks for the help
Re: Amcrest works on public wifi but not cellular LTE
Posted: Wed Nov 23, 2016 4:08 pm
by TinCanTech
You only need IPv6 "outside the tunnel" in order to connect to the VPN when using an IPv6 Network.
eg. IPv6 LTE
And even that may not be necessary, it depends on what your Provider provides .. Look it up !
Re: Amcrest works on public wifi but not cellular LTE
Posted: Tue Nov 29, 2016 11:24 pm
by casperpaul
Actually, I was thinking about this issue some more. Holding all things the same, where I'm coming from an IPv6 source, would there be an explanation as to why I would be able to browse the web just fine but not view video/udp? Just wondering why it would only be the video cam not working but everything else works just fine. Wondering if udp data is handled differently maybe?
Re: Amcrest works on public wifi but not cellular LTE
Posted: Wed Nov 30, 2016 12:20 am
by TinCanTech
casperpaul wrote:would there be an explanation as to why I would be able to browse the web just fine but not view video/udp? Just wondering why it would only be the video cam not working but everything else works just fine
I would ask the Video Camera Guys why their video camera does not work over a VPN when everything else does. They may even start to listen if enough customers complain about it ..
Re: Amcrest works on public wifi but not cellular LTE
Posted: Tue Jun 20, 2017 2:09 am
by sidechem
Hey,
I'm struggling with exactly the same problem. I can get my camera feeds through my openVPN when on my wifi or external wifi but I cannot connect to my camera feeds when on my cellular LTE network. I was wondering if you've succeeded in resolving your issue.
Thanks
Re: Amcrest works on public wifi but not cellular LTE
Posted: Wed Nov 24, 2021 8:50 pm
by cby016
I was having this same issue. I was trying all sorts of things to fix it but then I remembered hearing that T-Mobile doesn't allow streaming high resolution HD video or they try and scale it down or something stupid like that. So I tried the low resolution stream and it works fine. For now I've resorted to using the low resolution stream for remote viewing but I will continue to save the high resolution stream on my NAS.