Always connect except on "home" network

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
brianjmurrell
OpenVpn Newbie
Posts: 4
Joined: Sun Jan 07, 2018 8:03 pm

Always connect except on "home" network

Post by brianjmurrell » Sun Jan 07, 2018 8:06 pm

How can I make OpenVPN automatically connect when I am on any network (mobile or WiFi) that is not the network that the OpenVPN server is gatewaying to (i.e. the network that is "behind" the OpenVPN gateway)?

So to be clear, I want to automatically always connect to my OpenVPN server except when I am on the network that is behind the OpenVPN server since that doesn't work and seems pointless anyway. I trust my local network.

brianjmurrell
OpenVpn Newbie
Posts: 4
Joined: Sun Jan 07, 2018 8:03 pm

Re: Always connect except on "home" network

Post by brianjmurrell » Mon Jan 15, 2018 3:19 pm

Is this just not possible?

It seems like an obvious use-case.

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: Always connect except on "home" network

Post by ordex » Mon Jan 15, 2018 3:46 pm

brianjmurrell wrote:
Mon Jan 15, 2018 3:19 pm
Is this just not possible?

It seems like an obvious use-case.
How can the phone understand to be in the right network first?
What's the mechanism you use to auto connect?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Always connect except on "home" network

Post by TinCanTech » Mon Jan 15, 2018 5:35 pm

This is normally done by the server administrator.

brianjmurrell
OpenVpn Newbie
Posts: 4
Joined: Sun Jan 07, 2018 8:03 pm

Re: Always connect except on "home" network

Post by brianjmurrell » Sat Jan 20, 2018 7:03 pm

ordex wrote:
Mon Jan 15, 2018 3:46 pm
How can the phone understand to be in the right network first?
If the remote subnet is the same as the local subnet? I.e. I am the VPN client. I connect to the server. The server pushes me the subnet 192.168.1.0/24. I compare that against the (i.e. wireless) interface that I connected to the VPN on and see that it's also in 192.168.1.0/24.

Even if those were not really even the same subnets but just two separate instances of 192.168.1.0/24, things would be broken anyway since it would be ambiguous which network a connection to 192.168.1.33 should go to, so OpenVPN probably ought not to connect to ambiguous networks anyway, yes?
ordex wrote:
Mon Jan 15, 2018 3:46 pm
What's the mechanism you use to auto connect?
Nothing yet since this problem makes autoconnecting impractical. I thought I had noticed a setting in OpenVPN Connect to reconnect if it was previously connected. Maybe I am mistaken and this is all moot.
TinCanTech wrote:
Mon Jan 15, 2018 5:35 pm
This is normally done by the server administrator.
That's me. :-) How is this done then?

Interestingly I just found this similar question.

jeff3820
OpenVpn Newbie
Posts: 7
Joined: Thu Aug 29, 2019 1:55 am

Re: Always connect except on "home" network

Post by jeff3820 » Thu Aug 29, 2019 8:19 pm

I'm also very interested in finding a solution to this issue. There are apps which do this...for example the 1.1.1.1 app allow their "VPN" (will tunnel only VPN requests for now) to pause if connected to specific WiFi networks. Seems this would be a very desirable feature to add to OpenVPN Connect for iOS.

rutukate
OpenVpn Newbie
Posts: 2
Joined: Sat Aug 31, 2019 6:23 am

Re: Always connect except on "home" network

Post by rutukate » Mon Sep 02, 2019 9:10 am

brianjmurrell wrote:
Sun Jan 07, 2018 8:06 pm
How can I make OpenVPN automatically connect when I am on any network (mobile or WiFi) that is not the network that the OpenVPN server is gatewaying to (i.e. the network that is "behind" the OpenVPN gateway)?

So to be clear, I want to automatically always connect to my OpenVPN server except when I am on the network that is behind the OpenVPN server since that doesn't work and seems pointless anyway. I trust my local network.
why i am understanding..

aardvarksagus
OpenVpn Newbie
Posts: 1
Joined: Sat Sep 21, 2019 10:36 am

Re: Always connect except on "home" network

Post by aardvarksagus » Sat Sep 21, 2019 10:46 am

This is exactly the use case I’m trying to accomplish as well. Seems like the easiest way to detect which network you’re on is the same method that 1.1.1.1’s vpn app uses, by selecting the ssid of your home network (probably harder to actually do than I’m giving credit for).

Either way, this would be the one major feature that I wish OpenVPN Connect would include.

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: Always connect except on "home" network

Post by 300000 » Tue Sep 24, 2019 9:54 pm

why do you need disconnect from home wifi network ? I just let my phone connect all the time from inside my house or outside and connect is ok .my phone not root so i need connect openvpn to my owe openvpn server to block all google ad display on my phone and it workes very well .

it is only trouble from server config so you need correct server config and you can let it connect all the time .on my server config it look like that\

push "redirect-gateway autolocal def1 bypass-dhcp"

autolocal will let your openvpn client go to internet if connect with the same openvpn server network.

madnem
OpenVpn Newbie
Posts: 2
Joined: Tue Jun 23, 2020 1:41 pm

Re: Always connect except on "home" network

Post by madnem » Tue Jun 23, 2020 1:44 pm

I solve this by using the DNS-Server in the Office. The Clients connect to vpn.company.com. If the Client is in a foreign network they get the public IP of our internet conection of the office and could connect to the VPN. If the device is in our domainnetwork it gets the IP 127.0.0.1 from the DNS-Server so they do not connect to anywhere.

I'm not sure this is the best way to do it, but it solves your problem I think.

howudodat
OpenVpn Newbie
Posts: 2
Joined: Sun Sep 26, 2021 7:46 pm

Re: Always connect except on "home" network

Post by howudodat » Sat Oct 02, 2021 2:07 pm

madnem wrote:
Tue Jun 23, 2020 1:44 pm
I solve this by using the DNS-Server in the Office. The Clients connect to vpn.company.com. If the Client is in a foreign network they get the public IP of our internet conection of the office and could connect to the VPN. If the device is in our domainnetwork it gets the IP 127.0.0.1 from the DNS-Server so they do not connect to anywhere.
I thought of this method as well (I have also tried keeping the dns the same, but using the firewall to block the traffic, which doesn't seem to work either)

Can I get more details about how well the DNS method has worked for you? I am finding very intermittent results. The VPN thinks it is still active and keeps certain parameters. ie: the DNS server stays configured on the ethernet port so vpn.foo.bar doesn't get resolved. I have also seen the vpn server stay configured on the tap interface even though the vpn is no longer connected. The devices (surface pro) are configured to dhcp, dns is not hard coded.

I will be building more specific test scenarios and gathering more information next week, to hopefully get a better handle on what is happening

Post Reply