Problems with iOS client - only partially working

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
chkk1963
OpenVpn Newbie
Posts: 1
Joined: Wed Mar 03, 2021 8:23 am

Problems with iOS client - only partially working

Post by chkk1963 » Wed Mar 10, 2021 11:27 am

Hi,

I have setup an OpenVPN server in my home LAN on a Ubuntu VM. OpenVPN version is "2.4.7-1ubuntu2", Ubuntu version is is "20.04.2 LTS".

My router's (Unifi USG) WAN is connected to a fiber provider ("Deutsche Glasfaser") where only the IPv6 is directly accessible (there is a public IPv4, but this from a carrier grade NAT range not reachable from the internet) and OpenVPN is set up with IPv6 support. So I opened port 1194 for UDP in the router's firewall to the public IPv6 address of my OpenVPN server and registered the IPv6 address with a DynDNS provider.

OpenVPN client (iPhone not connected to LAN but to 4G with IPv6 address) connects immediately and some things work as expected:
  • I can ping all the servers on my internal network from the iPhone using their IPv4 addresses
  • I can SSH into the hosts where SSH is available
  • I can also ping the IP of the connected iOS client from my servers
So it looks like routes are pushed from the iOS client's 10.8 address to my 192.168.0.0 local network. But there are a lot of things not working as expected:
  • I cannot open a web site hosted on one of my local servers
  • I cannot RDP into one of my Windows servers (telnet to port 3389 on the same server works, so I can reach the server/port, just no response)
  • And what is really strange: I have an iPerf3 server running on one of my VMs which I use for intranet performance measurements. The OpenVPN client can upload to the iPerf3 server with no problems with the expected line speed but cannot download (no error, just a rate of 0 bytes). And I can ping the iOS client from the server running iPerf3
All above works fine when the iPhone is directly connected to my local network.

This is my OpenVPN server.conf file:

Server Config

port 1194
proto udp6
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 192.168.0.1"
push "redirect-gateway def1"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_DMmF4CvEG4i12glA.crt
key server_DMmF4CvEG4i12glA.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
#push "route 192.168.0.0 255.255.255.0"
client-to-client


Also had a 'push "route 192.168.0.0 255.255.255.0"' originally in the conf - makes no difference, all above still working / not working as before.

IP forwarding is enabled on the server running OpenVPN and routing between tun0 / eth0 enabled:

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
I have also checked my LAN firewall rules to check if anything was logged as blocked for 10.8.0.* - all fine.

Any suggestions / ideas?

Chris

User avatar
Pippin
Forum Team
Posts: 980
Joined: Wed Jul 01, 2015 8:03 am

Re: Problems with iOS client - only partially working

Post by Pippin » Wed Mar 10, 2021 11:36 am

Please do not triple post !

I have deleted the other two.
Thanks.

Post Reply