Mozilla VPN adds a new wrinkle.

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
linear_z
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 19, 2018 8:44 pm

Mozilla VPN adds a new wrinkle.

Post by linear_z » Fri Apr 23, 2021 5:46 pm

Hello.

I have been using OpenVPN in a split-tunnel configuration for some time - connecting my home PC as a client to my work PC as the server. Recently, I've added Mozilla VPN to the home PC to route all traffic. (I understand that OpenVPN can achieve this as well, but I digress.)

From a technical perspective, I am still able to attach the home PC to the OpenVPN server - through the Mozilla VPN, and I can see the new public IP address from the server logs - and I assumed that since the connection was successfully completed, that it would function the same from the server side - but I cannot connect back to the home PC via RDP as I have before & I'm not quite sure where the break is. Will I need to add a route to the server config file?

---
port [port#]
proto udp
dev tap-server
dev-node tap-udp_[port#]
log-append tap-udp_[port#].log
ca "CA.crt"
cert "VPN.crt"
key "Server.key"
dh "dh.pem"
tls-auth "ta.key" 0
crl-verify "crl.pem"
topology subnet
server-bridge 192.168.77.101 255.255.255.0 192.168.77.150 192.168.77.150
push "route 192.168.77.0 255.255.255.0"
float
client-to-client
keepalive 1 20
cipher AES-256-GCM
max-clients 1
verb 2
mute 20
explicit-exit-notify 1
---

Thanks!

linear_z
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 19, 2018 8:44 pm

Re: Mozilla VPN adds a new wrinkle.

Post by linear_z » Sat Apr 24, 2021 3:20 pm

Solved.

I had been reading to add a route / metric, or specify the interface for the tap adapter in order to bypass the wireguard, etc, etc, etc..

There is a toggle switch in the Mozilla VPN settings interface for 'Local Network Access'. This allows OpenVPN to connect to my server through the existing tunnel, and the RDP connections function in both directions as before.

Interestingly, without this switch activated, the OpenVPN will complete the connection, but will ping the new subnet with a 'General Failure'. Turn it on, and voila. Still logging the connection from the new IP, so no bypass is occurring.

Another interesting phenomenon, the IPv4 routing table has 18 lines without the switch activated, (I also have a VM adapter, hence the elevated table), but lists a whopping 142 - yes one-hundred and forty-two - routes in the table. 🤷‍♂️

Post Reply