OpenVPN client connection difficulty

[pmmsmn68]

Hello. I’m running OpenVPN 3.0.2 on a Raspberry with the client on iOS (my phone).
The connection is established and I can access and control some devices at my home, for example, my Denon sound amplifier. But, when I open the browser and try access my router web page at 192.168.1.1, it just doensn’t load the login page.
Does anyone have a clue on what is wrong? Please check below the client’s connection log and the server.conf

I would really appreciate any help.

LOG
2018-55-01 10:55:09 1

2018-55-01 10:55:09 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04

2018-55-01 10:55:09 Frame=512/2048/512 mssfix-ctrl=1250

2018-55-01 10:55:09 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
10 [verify-x509-name] [server_jogUXiBw7MjkwRKG] [name]
14 [verb] [3]

2018-55-01 10:55:09 EVENT: RESOLVE

2018-55-01 10:55:10 Contacting [80.81.25.4]:1050/UDP via UDP

2018-55-01 10:55:10 EVENT: WAIT

2018-55-01 10:55:10 Connecting to [xxxxx.bounceme.net]:1050 (80.81.25.4) via UDPv4

2018-55-01 10:55:10 EVENT: CONNECTING

2018-55-01 10:55:10 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client

2018-55-01 10:55:10 Creds: UsernameEmpty/PasswordEmpty

2018-55-01 10:55:10 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1


2018-55-01 10:55:10 VERIFY OK : depth=1
cert. version : 3
serial number : F1:F5:D5:DB:FA:2B:06:29
issuer name : CN=ChangeMe
subject name : CN=ChangeMe
issued on : 2018-10-17 06:35:05
expires on : 2028-10-14 06:35:05
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign


2018-55-01 10:55:10 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : CN=ChangeMe
subject name : CN=server_jogUXiBw7MjkwRKG
issued on : 2018-10-17 06:35:14
expires on : 2028-10-14 06:35:14
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication


2018-55-01 10:55:10 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

2018-55-01 10:55:10 Session is ACTIVE

2018-55-01 10:55:10 EVENT: GET_CONFIG

2018-55-01 10:55:10 Sending PUSH_REQUEST to server...

2018-55-01 10:55:10 OPTIONS:
0 [dhcp-option] [DNS] [8.8.8.8]
1 [dhcp-option] [DNS] [8.8.4.4]
2 [route] [192.168.1.0] [255.255.255.0]
3 [route-gateway] [10.8.0.1]
4 [topology] [subnet]
5 [ping] [1800]
6 [ping-restart] [3600]
7 [ifconfig] [10.8.0.2] [255.255.255.0]
8 [peer-id] [0]
9 [cipher] [AES-256-GCM]


2018-55-01 10:55:10 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA256
compress: COMP_STUB
peer ID: 0

2018-55-01 10:55:10 EVENT: ASSIGN_IP

2018-55-01 10:55:10 NIP: preparing TUN network settings

2018-55-01 10:55:10 NIP: init TUN network settings with endpoint: 80.81.25.4

2018-55-01 10:55:10 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0

2018-55-01 10:55:10 NIP: adding (included) IPv4 route 10.8.0.0/24

2018-55-01 10:55:10 NIP: adding (included) IPv4 route 192.168.1.0/24

2018-55-01 10:55:10 NIP: adding DNS 8.8.8.8

2018-55-01 10:55:10 NIP: adding DNS 8.8.4.4

2018-55-01 10:55:10 NIP: adding match domain ALL

2018-55-01 10:55:10 NIP: adding DNS specific routes:

2018-55-01 10:55:10 NIP: adding (included) IPv4 route 8.8.8.8/32

2018-55-01 10:55:10 NIP: adding (included) IPv4 route 8.8.4.4/32

2018-55-01 10:55:10 Connected via NetworkExtensionTUN

2018-55-01 10:55:10 LZO-ASYM init swap=0 asym=1

2018-55-01 10:55:10 Comp-stub init swap=1

2018-55-01 10:55:10 EVENT: CONNECTED xxxxx.bounceme.net:1050 (80.81.25.4) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]

Server.conf

dev tun
proto udp
port 1050
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_jogUXiBw7MjkwRKG.crt
key /etc/openvpn/easy-rsa/pki/private/server_jogUXiBw7MjkwRKG.key
dh none
ecdh-curve secp384r1
topology subnet
server 10.8.0.0 255.255.255.0

# ROUTE THE CLIENT'S INTERNET ACCESS THROUGH THIS SERVER:
# Set your primary domain name server address for clients
#push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

# Prevent DNS leaks on Windows
#push "block-outside-dns"
push "route 192.168.1.0 255.255.255.0"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.

client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
compress lz4
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io

[TinCanTech]

Never use 192.168.1.0/24 as your base network because you will probably suffer with network conflicts.

However, have you enabled Masquerade at your RPi ?

[pmmsmn68]

Masquerade? I don’t think so. Not intentionally at least.

I had OpenVPN working fine like a year ago but then I had to reinstall raspbian. I didn’t even had to touch server.conf at the time. Everything worked ok out of the box...

If there was a conflict I guess I couldn’t connect and control my sound amplifier on 192.168.1.38, right?

[TinCanTech]

If there was a conflict I guess I couldn’t connect and control my sound amplifier on 192.168.1.38, right?

Possibly .. but if you connect from another network using the same subnet, what then ?

I recommend you also read these:
https://openvpn.net/index.php/open-sour ... html#scope
https://openvpn.net/index.php/open-sour ... l#redirect

[pmmsmn68]

Possibly .. but if you connect from another network using the same subnet, what then ?

Sorry but didn’t quite understand what you meant here.

I read the information on those links but I could not find the solution...

[pmmsmn68]

Ok, I understand. If I connect from a private subnet which is the same as my private subnet at home there would be a conflict, sure. Well, but that’s not the case, because I checked which subnet my phone is using and it is completely different.

Any more ideias anyone?