Always connect except on "home" network
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sun Jan 07, 2018 8:03 pm
Always connect except on "home" network
How can I make OpenVPN automatically connect when I am on any network (mobile or WiFi) that is not the network that the OpenVPN server is gatewaying to (i.e. the network that is "behind" the OpenVPN gateway)?
So to be clear, I want to automatically always connect to my OpenVPN server except when I am on the network that is behind the OpenVPN server since that doesn't work and seems pointless anyway. I trust my local network.
So to be clear, I want to automatically always connect to my OpenVPN server except when I am on the network that is behind the OpenVPN server since that doesn't work and seems pointless anyway. I trust my local network.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sun Jan 07, 2018 8:03 pm
Re: Always connect except on "home" network
Is this just not possible?
It seems like an obvious use-case.
It seems like an obvious use-case.
- ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: Always connect except on "home" network
How can the phone understand to be in the right network first?brianjmurrell wrote: ↑Mon Jan 15, 2018 3:19 pmIs this just not possible?
It seems like an obvious use-case.
What's the mechanism you use to auto connect?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Always connect except on "home" network
This is normally done by the server administrator.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sun Jan 07, 2018 8:03 pm
Re: Always connect except on "home" network
If the remote subnet is the same as the local subnet? I.e. I am the VPN client. I connect to the server. The server pushes me the subnet 192.168.1.0/24. I compare that against the (i.e. wireless) interface that I connected to the VPN on and see that it's also in 192.168.1.0/24.
Even if those were not really even the same subnets but just two separate instances of 192.168.1.0/24, things would be broken anyway since it would be ambiguous which network a connection to 192.168.1.33 should go to, so OpenVPN probably ought not to connect to ambiguous networks anyway, yes?
Nothing yet since this problem makes autoconnecting impractical. I thought I had noticed a setting in OpenVPN Connect to reconnect if it was previously connected. Maybe I am mistaken and this is all moot.
That's me. How is this done then?
Interestingly I just found this similar question.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Aug 29, 2019 1:55 am
Re: Always connect except on "home" network
I'm also very interested in finding a solution to this issue. There are apps which do this...for example the 1.1.1.1 app allow their "VPN" (will tunnel only VPN requests for now) to pause if connected to specific WiFi networks. Seems this would be a very desirable feature to add to OpenVPN Connect for iOS.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Sat Aug 31, 2019 6:23 am
Re: Always connect except on "home" network
why i am understanding..brianjmurrell wrote: ↑Sun Jan 07, 2018 8:06 pmHow can I make OpenVPN automatically connect when I am on any network (mobile or WiFi) that is not the network that the OpenVPN server is gatewaying to (i.e. the network that is "behind" the OpenVPN gateway)?
So to be clear, I want to automatically always connect to my OpenVPN server except when I am on the network that is behind the OpenVPN server since that doesn't work and seems pointless anyway. I trust my local network.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sat Sep 21, 2019 10:36 am
Re: Always connect except on "home" network
This is exactly the use case I’m trying to accomplish as well. Seems like the easiest way to detect which network you’re on is the same method that 1.1.1.1’s vpn app uses, by selecting the ssid of your home network (probably harder to actually do than I’m giving credit for).
Either way, this would be the one major feature that I wish OpenVPN Connect would include.
Either way, this would be the one major feature that I wish OpenVPN Connect would include.
-
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Re: Always connect except on "home" network
why do you need disconnect from home wifi network ? I just let my phone connect all the time from inside my house or outside and connect is ok .my phone not root so i need connect openvpn to my owe openvpn server to block all google ad display on my phone and it workes very well .
it is only trouble from server config so you need correct server config and you can let it connect all the time .on my server config it look like that\
push "redirect-gateway autolocal def1 bypass-dhcp"
autolocal will let your openvpn client go to internet if connect with the same openvpn server network.
it is only trouble from server config so you need correct server config and you can let it connect all the time .on my server config it look like that\
push "redirect-gateway autolocal def1 bypass-dhcp"
autolocal will let your openvpn client go to internet if connect with the same openvpn server network.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Jun 23, 2020 1:41 pm
Re: Always connect except on "home" network
I solve this by using the DNS-Server in the Office. The Clients connect to vpn.company.com. If the Client is in a foreign network they get the public IP of our internet conection of the office and could connect to the VPN. If the device is in our domainnetwork it gets the IP 127.0.0.1 from the DNS-Server so they do not connect to anywhere.
I'm not sure this is the best way to do it, but it solves your problem I think.
I'm not sure this is the best way to do it, but it solves your problem I think.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Sun Sep 26, 2021 7:46 pm
Re: Always connect except on "home" network
I thought of this method as well (I have also tried keeping the dns the same, but using the firewall to block the traffic, which doesn't seem to work either)madnem wrote: ↑Tue Jun 23, 2020 1:44 pmI solve this by using the DNS-Server in the Office. The Clients connect to vpn.company.com. If the Client is in a foreign network they get the public IP of our internet conection of the office and could connect to the VPN. If the device is in our domainnetwork it gets the IP 127.0.0.1 from the DNS-Server so they do not connect to anywhere.
Can I get more details about how well the DNS method has worked for you? I am finding very intermittent results. The VPN thinks it is still active and keeps certain parameters. ie: the DNS server stays configured on the ethernet port so vpn.foo.bar doesn't get resolved. I have also seen the vpn server stay configured on the tap interface even though the vpn is no longer connected. The devices (surface pro) are configured to dhcp, dns is not hard coded.
I will be building more specific test scenarios and gathering more information next week, to hopefully get a better handle on what is happening