Page 1 of 1

Problems with iOS client - only partially working

Posted: Wed Mar 10, 2021 11:27 am
by chkk1963

I have setup an OpenVPN server in my home LAN on a Ubuntu VM. OpenVPN version is "2.4.7-1ubuntu2", Ubuntu version is is "20.04.2 LTS".

My router's (Unifi USG) WAN is connected to a fiber provider ("Deutsche Glasfaser") where only the IPv6 is directly accessible (there is a public IPv4, but this from a carrier grade NAT range not reachable from the internet) and OpenVPN is set up with IPv6 support. So I opened port 1194 for UDP in the router's firewall to the public IPv6 address of my OpenVPN server and registered the IPv6 address with a DynDNS provider.

OpenVPN client (iPhone not connected to LAN but to 4G with IPv6 address) connects immediately and some things work as expected:
  • I can ping all the servers on my internal network from the iPhone using their IPv4 addresses
  • I can SSH into the hosts where SSH is available
  • I can also ping the IP of the connected iOS client from my servers
So it looks like routes are pushed from the iOS client's 10.8 address to my local network. But there are a lot of things not working as expected:
  • I cannot open a web site hosted on one of my local servers
  • I cannot RDP into one of my Windows servers (telnet to port 3389 on the same server works, so I can reach the server/port, just no response)
  • And what is really strange: I have an iPerf3 server running on one of my VMs which I use for intranet performance measurements. The OpenVPN client can upload to the iPerf3 server with no problems with the expected line speed but cannot download (no error, just a rate of 0 bytes). And I can ping the iOS client from the server running iPerf3
All above works fine when the iPhone is directly connected to my local network.

This is my OpenVPN server.conf file:

Server Config

port 1194
proto udp6
dev tun
user nobody
group nogroup
keepalive 10 120
topology subnet
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS"
push "redirect-gateway def1"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_DMmF4CvEG4i12glA.crt
key server_DMmF4CvEG4i12glA.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-version-min 1.2
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
#push "route"

Also had a 'push "route"' originally in the conf - makes no difference, all above still working / not working as before.

IP forwarding is enabled on the server running OpenVPN and routing between tun0 / eth0 enabled:

Code: Select all

iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
I have also checked my LAN firewall rules to check if anything was logged as blocked for 10.8.0.* - all fine.

Any suggestions / ideas?


Re: Problems with iOS client - only partially working

Posted: Wed Mar 10, 2021 11:36 am
by Pippin
Please do not triple post !

I have deleted the other two.