OpenVPN not getting around filter

[zzedly]

The quick story:
My work used to be fairly lax with their internet controls. I used to be able to use OpenVPN on my Android phone (via wifi) to my Qnap NAS at home (with OpenVPN built-in) with no problems. I mainly used that to allow Pandora streaming without using mobile data once in a while, nothing much. Since being acquired by "the mothership", they've tightened it down. They've locked down most ports and now have a web filter of some kind that disallows some sites (e.g. gmail, imgur, etc) as well as most streaming music apps.

I was able to get OpenVPN working again via port 443 to a home computer, but it looks like it isn't sending all of my phone traffic through it. My phone is still blocked from streaming apps and those blocked sites still get filtered. When I set my phone OpenVPN setting to "use default route" under the IPV4 settings, suddenly nothing is blocked, but nothing can connect either. I've also tried using OpenVPN via an SSH tunnel, but with no difference in results.

Am I going about this the wrong way? All I want is to use Pandora once in a while via wifi, is that so wrong!!

Thanks in advance,

-=Zzed=-

[zzedly]

Because I know it will be asked, here are my config files (with security info removed):

server.ovpn:

Code: Select all

port 443
proto tcp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\xxxxx.crt"
cert "C:\\Program Files\\OpenVPN\\config\\xxxxx.crt"
key "C:\\Program Files\\OpenVPN\\config\\xxxxx.key"
dh "C:\\Program Files\\OpenVPN\\config\\xxxxx.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

client.ovpn

Code: Select all

management /data/data/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold

setenv IV_GUI_VER "de.blinkt.openvpn 0.6.17" 
machine-readable-output
client
verb 4
connect-retry-max 5
connect-retry 5
resolv-retry 60
dev tun
remote xxxxx.xxxxx.com 443 tcp-client
<ca>
-----BEGIN CERTIFICATE-----
(removed)
-----END CERTIFICATE-----

</ca>
<key>
-----BEGIN PRIVATE KEY-----
(removed)
-----END PRIVATE KEY-----

</key>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: md5WithRSAEncryption
        Issuer: (removed)
        Validity
            Not Before: Aug 19 20:08:19 2014 GMT
            Not After : Aug 16 20:08:19 2024 GMT
        Subject: (removed)
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
(removed)
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier: 
(removed)
            X509v3 Authority Key Identifier: 
(removed)
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
    Signature Algorithm: md5WithRSAEncryption
(removed)
-----BEGIN CERTIFICATE-----
(removed)
-----END CERTIFICATE-----

</cert>
comp-lzo
redirect-private unblock-local
nobind
persist-tun
preresolve
management-query-proxy
ns-cert-type server 
resolv-retry infinite 

Thanks,

-=Zzedly=-