Traffic to the same IP address - is it going through tunnel?

[lukaszg84]

Hi,

I have OpenVPN server on my home router (10.1.1.1). In my home network I have a Synology server (10.1.1.2), which has https interface, exposed through forwarded port (port 443 on router is forwarded to 10.1.1.2:5001). My VPN server uses 10.8.0.0 network.

Without using VPN I can connect from my iPhone to: https://mydomain.com to access the synology server, 10.1.1.2:5001 is of course not available outside LAN.

When I connect to the VPN on my iPhone everything seems to be working - when I open whatismyip.com webpage shows IP of my router (IP of my phone is hidden). I can also connect to synology using both addresses:
- https://10.1.1.2:5001
- https://mydomain.com

When I look at the logs of synology I can find relevant connections and their source IPs, which is:
- some IP from 10.8.0.0 network when user connected to 10.1.1.2:5001
- actual phone IP (i.e. not my router IP) when connected to https://mydomain.com

why are the logs showing real IP instead of router IP? The only explanation I can think about is that OpenVPN client knows that https://mydomain.com is the same address as the OpenVPN server address and this traffic is not going through the tunnel?

[Traffic]

Have you setup NAT on your home router ?

[lukaszg84]

Yes, but it does not matter. In the meantime I found the answer.

When OpenVN client is connected, the routing table on the phone is modified so that all traffic except traffic to VPN server is going through VPN tunnel (otherwise it simply would not be able to connect to anything).

My HTTPS server works on the same IP as the VPN server, so all the traffic to it is also routed outside VPN server.