Debian VPS <->Iphone client - HTTP proxy VPN traffic problem

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
willy87
OpenVPN User
Posts: 32
Joined: Tue Apr 26, 2016 8:09 pm

Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem

Post by willy87 » Mon May 09, 2016 2:15 pm

eheh books..but for sure there is something wrong in the iptables.. because i can surf through vps without http proxy.
but i know also that i can surf normally with http proxy but not after VPN estabilished..

anyone know why?
thks!

willy87
OpenVPN User
Posts: 32
Joined: Tue Apr 26, 2016 8:09 pm

Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem

Post by willy87 » Fri May 20, 2016 2:02 pm

SOLVED!! :D :D :D
I just deleted all iptables rules and I set:

"iptables -t nat -A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 185.115.243.227 (vps)

and

"iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227 (vps)

Instead ...to source 172.27.X.X (proxy HTTP)!!

Thanks guysssss!!

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem

Post by Traffic » Fri May 20, 2016 2:49 pm

Thanks for letting us know your solution 8-)

willy87
OpenVPN User
Posts: 32
Joined: Tue Apr 26, 2016 8:09 pm

Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem

Post by willy87 » Sun May 29, 2016 10:24 pm

Hi guys! Thanks really for your help in This post!
I Just need to set perfectly my server.
I would like to delete timeout connection because i would avoid disconnetions from my vpn. I Just need VPN always connected when i am connected with wifi of course.

Thks

Server:

Code: Select all

port 443
proto tcp-server
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4

FalconTent
OpenVpn Newbie
Posts: 18
Joined: Fri Sep 12, 2014 3:29 pm

Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem

Post by FalconTent » Mon May 30, 2016 11:45 am

willy87 wrote:I would like to delete timeout connection because i would avoid disconnetions from my vpn
If your VPN is timing out then there is a problem with your network ..

willy87
OpenVPN User
Posts: 32
Joined: Tue Apr 26, 2016 8:09 pm

Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem

Post by willy87 » Mon May 30, 2016 11:48 am

Sure? Because I tried also from home wifi network and i checked that when the iPhone is lock or after 30 seconds.. Wifi is still on but no more VPN connection.. :-(

FalconTent
OpenVpn Newbie
Posts: 18
Joined: Fri Sep 12, 2014 3:29 pm

Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem

Post by FalconTent » Tue May 31, 2016 12:22 pm

I believe this is to do with aggressive battery saving setting which closes openvpn .. see your iPhone log file.

willy87
OpenVPN User
Posts: 32
Joined: Tue Apr 26, 2016 8:09 pm

Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem

Post by willy87 » Tue Oct 11, 2016 10:55 pm

Hi guys!
What I should do if i change my VPS IP? Because I need to change just the ip address!
Because I changed the client configuration modifying just the IP and then I type because of new IP (212.8.251.91)

Code: Select all

iptables -t nat -A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 212.8.251.91
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 212.8.251.91
Should I remove before all rules and add only these 2 or what?

In the openvpn software i see that i am connected but no surfing.. something with port forwarding or.. ?

thanks for helping me

willy87
OpenVPN User
Posts: 32
Joined: Tue Apr 26, 2016 8:09 pm

Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem

Post by willy87 » Fri Oct 14, 2016 8:15 am

ok solved by myself :)

just add these

Code: Select all

iptables -t nat -A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 212.8.251.91
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 212.8.251.91
on iptables rules and sudo reboot! :)

gugx87
OpenVpn Newbie
Posts: 1
Joined: Sat Jan 20, 2018 6:47 pm

Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem

Post by gugx87 » Sat Jan 20, 2018 7:20 pm

Hello, I have problem in the same server. I found my device often disconneted even with
keepalive 10 60 command setted

I would like that my VPN will be never disconnected and stay always on

I assume that my internet connection is OK

server:

Code: Select all

port 443
proto tcp-server
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.9.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 60
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4
client:

Code: Select all

client
dev tun
proto tcp-client
remote XXX 443
resolv-retry infinite
nobind
persist-key
persist-tun
http-proxy-retry # retry on connection failures
http-proxy XXX55555
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 3
set CLIENT_CERT 0
log:

Code: Select all

2018-01-20 13:51:20 EVENT: CONNECTED @212.8.251.91:443 (172.24.249.205) via /TCPv4-via-HTTP on NetworkExtensionTUN/10.9.0.6/ gw=[/]

2018-01-20 13:55:29 OS Event: SLEEP

2018-01-20 13:55:29 EVENT: PAUSE

2018-01-20 13:58:25 OS Event: WAKEUP

2018-01-20 13:58:28 RESUME TEST: Internet:ReachableViaWiFi/-R t------

2018-01-20 13:58:28 STANDARD RESUME

2018-01-20 13:58:28 EVENT: RESUME

2018-01-20 13:58:28 EVENT: RECONNECTING

2018-01-20 13:58:28 Contacting [172.24.249.205]:55555/TCP via HTTP Proxy

2018-01-20 13:58:28 EVENT: WAIT_PROXY

2018-01-20 13:58:28 EVENT: WAIT

2018-01-20 13:58:28 TO PROXY: CONNECT 212.8.251.91:443 HTTP/1.0

Host: 212.8.251.91


2018-01-20 13:58:30 FROM PROXY: HTTP/1.1 200 Connection established


2018-01-20 13:58:30 Connecting to [212.8.251.91]:443 (172.24.249.205) via TCPv4-via-HTTP

2018-01-20 13:58:31 EVENT: CONNECTING

2018-01-20 13:58:31 Tunnel Options:V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client

2018-01-20 13:58:31 Creds: UsernameEmpty/PasswordEmpty

2018-01-20 13:58:31 Peer Info:

IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4

IV_VER=3.1.2

IV_PLAT=ios

IV_NCP=2

IV_TCPNL=1

IV_PROTO=2

IV_LZO=1

IV_IPv6=0

IV_AUTO_SESS=1

IV_BS64DL=1


2018-01-20 13:58:38 VERIFY OK : depth=1

cert. version     : 3

serial number     : 93:8D:1A:CD:64:84:97:C9

issuer name       : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain

subject name      : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain

issued  on        : 2016-04-26 17:43:50

expires on        : 2026-04-24 17:43:50

signed using      : RSA with SHA-256

RSA key size      : 2048 bits

basic constraints : CA=true


2018-01-20 13:58:38 VERIFY OK : depth=0

cert. version     : 3

serial number     : 01

issuer name       : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain

subject name      : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=server, ??=server, emailAddress=me@myhost.mydomain

issued  on        : 2016-04-26 17:44:12

expires on        : 2026-04-24 17:44:12

signed using      : RSA with SHA-256

RSA key size      : 2048 bits

basic constraints : CA=false

subject alt name  : server

cert. type        : SSL Server

key usage         : Digital Signature, Key Encipherment

ext key usage     : TLS Web Server Authentication


2018-01-20 13:58:43 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA

2018-01-20 13:58:43 Session is ACTIVE

2018-01-20 13:58:43 EVENT: GET_CONFIG

2018-01-20 13:58:43 Sending PUSH_REQUEST to server...

2018-01-20 13:58:44 Sending PUSH_REQUEST to server...

2018-01-20 13:58:46 OPTIONS:

0 [redirect-gateway] [def1] [bypass-dhcp] 

1 [dhcp-option] [DNS] [208.67.222.222] 

2 [dhcp-option] [DNS] [208.67.220.220] 

3 [route] [10.9.0.1] 

4 [topology] [net30] 

5 [ping] [10] 

6 [ping-restart] [60] 

7 [ifconfig] [10.9.0.6] [10.9.0.5] 

8 [block-ipv6] 


2018-01-20 13:58:46 PROTOCOL OPTIONS:

  cipher: BF-CBC

  digest: SHA1

  compress: LZO

  peer ID: -1

2018-01-20 13:58:46 EVENT: ASSIGN_IP

2018-01-20 13:58:46 NIP: preparing TUN network settings

2018-01-20 13:58:46 NIP: init TUN network settings with endpoint: 172.24.249.205

2018-01-20 13:58:46 NIP: adding IPv4 address to network settings 10.9.0.6/255.255.255.252

2018-01-20 13:58:46 NIP: adding (included) IPv4 route 10.9.0.1/32

2018-01-20 13:58:46 NIP: redirecting all IPv4 traffic to TUN interface

2018-01-20 13:58:46 NIP: adding DNS 208.67.222.222

2018-01-20 13:58:46 NIP: adding DNS 208.67.220.220

2018-01-20 13:58:46 NIP: blocking all IPv6 traffic - not supported

2018-01-20 13:58:46 Connected via NetworkExtensionTUN

2018-01-20 13:58:46 Per-Key Data Limit: 48000000/48000000

2018-01-20 13:58:46 LZO-ASYM init swap=0 asym=0

2018-01-20 13:58:46 EVENT: CONNECTED @212.8.251.91:443 (172.24.249.205) via /TCPv4-via-HTTP on NetworkExtensionTUN/10.9.0.6/ gw=[/]

2018-01-20 14:11:04 OS Event: SLEEP

2018-01-20 14:11:04 EVENT: PAUSE

2018-01-20 14:14:23 OS Event: WAKEUP

2018-01-20 14:14:26 RESUME TEST: Internet:ReachableViaWiFi/-R t------

2018-01-20 14:14:26 STANDARD RESUME

2018-01-20 14:14:26 EVENT: RESUME

2018-01-20 14:14:26 EVENT: RECONNECTING

2018-01-20 14:14:26 Contacting [172.24.249.205]:55555/TCP via HTTP Proxy

2018-01-20 14:14:26 EVENT: WAIT_PROXY

2018-01-20 14:14:26 EVENT: WAIT

2018-01-20 14:14:26 TO PROXY: CONNECT 212.8.251.91:443 HTTP/1.0
waiting for your kind feedback

thanks!!! :) ;)

Post Reply