http to 10.8.* network does not work but ssh/samba works

[mdr]

Hello Forum,

I just configured a OPENVPN server in my home server and connected a few windows clients with no problems.

However my android client has an issue:

I am able to ping the VPN server at 10.8.0.1 as well as access it via SSH and samba but I am unable to access the http servers there.
The server is ubuntu and its configured to not force the client to redirect all traffic through it. But I can access the http servers with the windows VPN clients.

Can any one help me with this issue?
Are there any configuration I should look into?
Any logs that might help me understand what is happening?

Thank you,

Best Regards,

[Traffic]

How are you addressing the http server ? f.e http://10.8.0.1/ or http://dns.name/

[mdr]

How are you addressing the http server ? f.e http://10.8.0.1/ or http://dns.name/

Thanks for the reply,

I am using IP for everything.

One additional piece of information, if I enable the redirect of all traffic through the VPN, I am unable to open any web page.

Best Regards,

[Traffic]

**Post your configs from client and server, without comments. you can strip comments in linux/bsd with something like this:
grep -vE '^#|^;|^$' server.conf

**If you are having problems connecting, post your logfiles from server and client after using verb 4 in both configs

[mdr]

**Post your configs from client and server, without comments. you can strip comments in linux/bsd with something like this:
grep -vE '^#|^;|^$' server.conf

server.conf:

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
crl-verify crl.pem
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

client.ovpn

Code: Select all

client
dev tun
proto udp
remote mdr.dynip.com 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3

**If you are having problems connecting, post your logfiles from server and client after using verb 4 in both configs

You mean trouble connecting to the vpn, it connects with no problems, as far as I can tell only the browser doesn't work?

Thank you

Best Regards

[Traffic]

only the browser doesn't work

I presume the web server is not on the same machine as the vpn server so you probably need these:

• HOWTO: Expanding the scope of the VPN to include additional machines
• HOWTO: Routing all client traffic (including web-traffic) through the VPN

[mdr]

only the browser doesn't work

I presume the web server is not on the same machine as the vpn server so you probably need these:

• HOWTO: Expanding the scope of the VPN to include additional machines
• HOWTO: Routing all client traffic (including web-traffic) through the VPN

Thanks for the information.

The web server is in the same machine as the vpn server.

What is strange is that other services (ping, ssh, samba) work fine, just the webserver is not reachable and only with the android client.

With the windows clients everything works fine, also if the android phone is connected to the local network it works fine, even using the vpn ip.

Best Regards,

[Traffic]

The web server is in the same machine as the vpn server

So the URL you use is http://10.8.0.1/ ?

Try tcpdump on the server to see what the source IP is when you try to connect to the web server.

[mdr]

So the URL you use is http://10.8.0.1/ ?

Try tcpdump on the server to see what the source IP is when you try to connect to the web server.

Thanks for the information,

I tried tcpdump on the server, I monitored the eth0 interface and the tun0 interface. Also I set the open VPN logs to level 6.

While connected using 3G if I connect the ssh I see:
- traffic in eth0 between the 3G ip and vpn server local ip (192.168....)
- traffic in tun0 between the android vpn ip (10.8.0.6) and server vpn ip (10.8.0.1)
- traffic in the Open VPN logs.

While connected using 3G if I connect the browser to the 10.8.0.1 server I see:
- no traffic in eth0
- no traffic in tun0
- no traffic in OpenVPN

Note: when I say no traffic I am ignoring the 53 byte traffic that is happening all the time (connection keep alive, I guess)

When I connect via wifi both ssh and browser works, the difference is that the traffic in eth0 is between my wired ISP ip and the server local ip.

I did one additional test, using an android telnet client, I was able to connect to the webserver port via the vpn and see the traffic in eth0, tun0 and OpenVPN logs.

Just as a sanity check I also checked the routing tables and the ips 10.8.* are being send to the tun0 interface in android.

I tried increasing the OpenVPN logs in Android by changing the ovpn to verb 6 but it produced no additional logs, am I missing something here?

Best Regads

[mdr]

Hello,

Can this be an issue with the specific android version?
I am using Android 4.2.2.

I tryed other openvpn clients available on the play store and the issue reproduces with all clients and with all browsers.

Apart from the browser evetything is fine.

Best Regards