Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
eheh books..but for sure there is something wrong in the iptables.. because i can surf through vps without http proxy.
but i know also that i can surf normally with http proxy but not after VPN estabilished..
anyone know why?
thks!
but i know also that i can surf normally with http proxy but not after VPN estabilished..
anyone know why?
thks!
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
SOLVED!!
I just deleted all iptables rules and I set:
"iptables -t nat -A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 185.115.243.227 (vps)
and
"iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227 (vps)
Instead ...to source 172.27.X.X (proxy HTTP)!!
Thanks guysssss!!
I just deleted all iptables rules and I set:
"iptables -t nat -A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 185.115.243.227 (vps)
and
"iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227 (vps)
Instead ...to source 172.27.X.X (proxy HTTP)!!
Thanks guysssss!!
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
Thanks for letting us know your solution
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
Hi guys! Thanks really for your help in This post!
I Just need to set perfectly my server.
I would like to delete timeout connection because i would avoid disconnetions from my vpn. I Just need VPN always connected when i am connected with wifi of course.
Thks
Server:
I Just need to set perfectly my server.
I would like to delete timeout connection because i would avoid disconnetions from my vpn. I Just need VPN always connected when i am connected with wifi of course.
Thks
Server:
Code: Select all
port 443
proto tcp-server
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4
-
- OpenVpn Newbie
- Posts: 18
- Joined: Fri Sep 12, 2014 3:29 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
If your VPN is timing out then there is a problem with your network ..willy87 wrote:I would like to delete timeout connection because i would avoid disconnetions from my vpn
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
Sure? Because I tried also from home wifi network and i checked that when the iPhone is lock or after 30 seconds.. Wifi is still on but no more VPN connection..
-
- OpenVpn Newbie
- Posts: 18
- Joined: Fri Sep 12, 2014 3:29 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
I believe this is to do with aggressive battery saving setting which closes openvpn .. see your iPhone log file.
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
Hi guys!
What I should do if i change my VPS IP? Because I need to change just the ip address!
Because I changed the client configuration modifying just the IP and then I type because of new IP (212.8.251.91)
Should I remove before all rules and add only these 2 or what?
In the openvpn software i see that i am connected but no surfing.. something with port forwarding or.. ?
thanks for helping me
What I should do if i change my VPS IP? Because I need to change just the ip address!
Because I changed the client configuration modifying just the IP and then I type because of new IP (212.8.251.91)
Code: Select all
iptables -t nat -A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 212.8.251.91
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 212.8.251.91
In the openvpn software i see that i am connected but no surfing.. something with port forwarding or.. ?
thanks for helping me
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
ok solved by myself
just add these
on iptables rules and sudo reboot!
just add these
Code: Select all
iptables -t nat -A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 212.8.251.91
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 212.8.251.91
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sat Jan 20, 2018 6:47 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
Hello, I have problem in the same server. I found my device often disconneted even with
keepalive 10 60 command setted
I would like that my VPN will be never disconnected and stay always on
I assume that my internet connection is OK
server:
client:
log:
waiting for your kind feedback
thanks!!!
keepalive 10 60 command setted
I would like that my VPN will be never disconnected and stay always on
I assume that my internet connection is OK
server:
Code: Select all
port 443
proto tcp-server
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.9.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 60
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4
Code: Select all
client
dev tun
proto tcp-client
remote XXX 443
resolv-retry infinite
nobind
persist-key
persist-tun
http-proxy-retry # retry on connection failures
http-proxy XXX55555
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 3
set CLIENT_CERT 0
Code: Select all
2018-01-20 13:51:20 EVENT: CONNECTED @212.8.251.91:443 (172.24.249.205) via /TCPv4-via-HTTP on NetworkExtensionTUN/10.9.0.6/ gw=[/]
2018-01-20 13:55:29 OS Event: SLEEP
2018-01-20 13:55:29 EVENT: PAUSE
2018-01-20 13:58:25 OS Event: WAKEUP
2018-01-20 13:58:28 RESUME TEST: Internet:ReachableViaWiFi/-R t------
2018-01-20 13:58:28 STANDARD RESUME
2018-01-20 13:58:28 EVENT: RESUME
2018-01-20 13:58:28 EVENT: RECONNECTING
2018-01-20 13:58:28 Contacting [172.24.249.205]:55555/TCP via HTTP Proxy
2018-01-20 13:58:28 EVENT: WAIT_PROXY
2018-01-20 13:58:28 EVENT: WAIT
2018-01-20 13:58:28 TO PROXY: CONNECT 212.8.251.91:443 HTTP/1.0
Host: 212.8.251.91
2018-01-20 13:58:30 FROM PROXY: HTTP/1.1 200 Connection established
2018-01-20 13:58:30 Connecting to [212.8.251.91]:443 (172.24.249.205) via TCPv4-via-HTTP
2018-01-20 13:58:31 EVENT: CONNECTING
2018-01-20 13:58:31 Tunnel Options:V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2018-01-20 13:58:31 Creds: UsernameEmpty/PasswordEmpty
2018-01-20 13:58:31 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_IPv6=0
IV_AUTO_SESS=1
IV_BS64DL=1
2018-01-20 13:58:38 VERIFY OK : depth=1
cert. version : 3
serial number : 93:8D:1A:CD:64:84:97:C9
issuer name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
subject name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
issued on : 2016-04-26 17:43:50
expires on : 2026-04-24 17:43:50
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
2018-01-20 13:58:38 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
subject name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=server, ??=server, emailAddress=me@myhost.mydomain
issued on : 2016-04-26 17:44:12
expires on : 2026-04-24 17:44:12
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : server
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2018-01-20 13:58:43 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
2018-01-20 13:58:43 Session is ACTIVE
2018-01-20 13:58:43 EVENT: GET_CONFIG
2018-01-20 13:58:43 Sending PUSH_REQUEST to server...
2018-01-20 13:58:44 Sending PUSH_REQUEST to server...
2018-01-20 13:58:46 OPTIONS:
0 [redirect-gateway] [def1] [bypass-dhcp]
1 [dhcp-option] [DNS] [208.67.222.222]
2 [dhcp-option] [DNS] [208.67.220.220]
3 [route] [10.9.0.1]
4 [topology] [net30]
5 [ping] [10]
6 [ping-restart] [60]
7 [ifconfig] [10.9.0.6] [10.9.0.5]
8 [block-ipv6]
2018-01-20 13:58:46 PROTOCOL OPTIONS:
cipher: BF-CBC
digest: SHA1
compress: LZO
peer ID: -1
2018-01-20 13:58:46 EVENT: ASSIGN_IP
2018-01-20 13:58:46 NIP: preparing TUN network settings
2018-01-20 13:58:46 NIP: init TUN network settings with endpoint: 172.24.249.205
2018-01-20 13:58:46 NIP: adding IPv4 address to network settings 10.9.0.6/255.255.255.252
2018-01-20 13:58:46 NIP: adding (included) IPv4 route 10.9.0.1/32
2018-01-20 13:58:46 NIP: redirecting all IPv4 traffic to TUN interface
2018-01-20 13:58:46 NIP: adding DNS 208.67.222.222
2018-01-20 13:58:46 NIP: adding DNS 208.67.220.220
2018-01-20 13:58:46 NIP: blocking all IPv6 traffic - not supported
2018-01-20 13:58:46 Connected via NetworkExtensionTUN
2018-01-20 13:58:46 Per-Key Data Limit: 48000000/48000000
2018-01-20 13:58:46 LZO-ASYM init swap=0 asym=0
2018-01-20 13:58:46 EVENT: CONNECTED @212.8.251.91:443 (172.24.249.205) via /TCPv4-via-HTTP on NetworkExtensionTUN/10.9.0.6/ gw=[/]
2018-01-20 14:11:04 OS Event: SLEEP
2018-01-20 14:11:04 EVENT: PAUSE
2018-01-20 14:14:23 OS Event: WAKEUP
2018-01-20 14:14:26 RESUME TEST: Internet:ReachableViaWiFi/-R t------
2018-01-20 14:14:26 STANDARD RESUME
2018-01-20 14:14:26 EVENT: RESUME
2018-01-20 14:14:26 EVENT: RECONNECTING
2018-01-20 14:14:26 Contacting [172.24.249.205]:55555/TCP via HTTP Proxy
2018-01-20 14:14:26 EVENT: WAIT_PROXY
2018-01-20 14:14:26 EVENT: WAIT
2018-01-20 14:14:26 TO PROXY: CONNECT 212.8.251.91:443 HTTP/1.0
thanks!!!