Bridging a single client on iOS

[Centrino]

Hi,

I've been using OpenVPN iPhone client for a while, with SoftEther as the server but have decided that I want to use certificated authentication rather than password (which SoftEther OpenVPN emulation does not support).

I would like to connect a single iOS device to my (Windows Home edition) VPN server, with IP allocated from the same subnet as the the server (by DHCP or static). Effectively allowing full LAN access when connected via 4G as when on wifi and routing all iOS traffic (encrypted) via the LAN - making a hotel connection a much safer proposition. This worked perfectly on SoftEther using TUN on client side.

I've got both server and client setup and tested with TUN connection, but the VPN is on a different subnet (which isn't much use, as I have apps that want to connect to a specific IP on the LAN).

Using OpenVPN on server side everything I've read seems to be pointing to ethernet bridging which is only supported on TAP, which isn't supported on iOS client.

So... is there a way to solve this problem?
1) Will the wintun adapter help?
2) Can I effectively push a single static IP to the client (say 192.168.0.250) and expose that subnet via TUN?

If I can't get this working then I might have to go back to SoftEther with basic password authentication...

Thanks in advance

Steve

[TinCanTech]

Use --dev tun and routing (No bridge) .. it is all in the howto.

[Centrino]

Thanks TinCanTech - I'll re-read the howto, but it didn't leap out at me from first read, hence posting here.

[Centrino]

No, maybe I'm missing something - can't find anything obvious in the HOWTO.

My server is on 192.168.0.10 static IP, with router on 192.168.0.1. I've setup server with:
dev tun
server 192.168.0.0 255.255.255.0
ifconfig 192.168.0.250 255.255.255.0
push "route 192.168.0.0 255.255.255.0"

And this seems to allocate the server as 192.168.0.1 and client as 192.168.0.2 and I can't ping 192.168.0.xxx

Sorry, I'm sure I'm being dumb but how do I tell the client that the server is 192.168.0.10 and then route other addresses on the 255.255.255.0 subnet?

Any help greatly appreciated.

Steve

[TinCanTech]

Openvpn cannot co-exist on your home LAN subnet, use --server 10.8.0.0 255.255.255.0

[Centrino]

Thanks - OK, that's fine. I thought I could get them to coexist by briging the Ethernet adapter and the Openvpn adapter - but clearly not! So now I have connection with 10.8.0.1 as server and 10.8.0.2 as client (fine) - but I want the client to be able to access 192.168.0.70 (and other IPs) on the LAN.

push "route 192.168.0.0 255.255.255.0" looks like it should do that, but I can't ping any 192.168.0.xxx from the client.

[TinCanTech]

I would like to connect a single iOS device to my (Windows Home edition) VPN server

Read the howto, again ..

Then Install Virtual Box and learn to use Linux.

Or, one of these may help.
viewforum.php?f=7
Read bebop's posts.

If all else fails then I am available for hire: tincantech at protonmail dot com
And I'm not even expensive ..

[Centrino]

Thanks - that's really helpful. Bebop's example nearly works and it feels like a bit of tweaking and it'll be there. I can see other devices on the LAN subnet now, but not the actual IP of the VPN server (192.168.0.10)...

Appreciate that life would probably be a whole world easier on Linux - but with Linux comes a whole load of other stuff to learn!

[TinCanTech]

You really don't want 192.168.0.0/24 as your server LAN because you will eventually have a network conflict.
Use something more unique. eg. 10.91.43.0/24

Use Linux and let Windblows die the slow and painful death it deserves.