Page 1 of 1
VPN & Intranet okay / no regular Internet over VPN
Posted: Sat May 04, 2013 8:57 am
by Maverick
After 4 hours working on this problem I decided to give up.
I want to connect with my iPAD from my network into the network of my university. I got this working and I can access the Intranet just fine but not the regular www.
The university forces everybody in their network to use their own proxy like
http://proxy.zzz.com ....
I tried all possible settings in my iPAD WiFi settings but I simply don't get it working.
The regular www works fine on my Macs and my Windows Computer but not on my iPAD.
Is there anything I could do?
In the OS X settings I can see that the "Search Domain" changes to zzz.com and the two DNS Server from my ISP are replaced with two IPs from the University. On my iPAD nothing changes. I tried entering the numbers by hand but no luck.
I got so far but now I have no idea what else I could do!
Code: Select all
client
dev tun
proto udp
remote vpn-gw.charite.de 1194
remote 193.175.73.100 1194
resolv-retry infinite
nobind
persist-key
persist-tun
pkcs12 client.p12
comp-lzo
verb 3
reneg-sec 3600
auth-user-pass
script-security 2
explicit-exit-notify
mute-replay-warnings
ns-cert-type server
<ca>
XXX
</ca>
so intranet.charite.de works, accessing my local router (192.168.1.1) works but no google.com ...
Thank You!
Re: VPN & Intranet okay / no regular Internet over VPN
Posted: Sat May 04, 2013 11:52 am
by Crisxs
Hello!
I also have the same problem, I can connect from my iphone client to server using vpn and access the router 192.168.1.1, but I cannot use the router's internet on vpn client. I don't know what to do next.
This is my server config:
Code: Select all
local 192.168.1.1
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/Server.crt
key /etc/openvpn/keys/Server.key # This file should be kept secret
dh /etc/openvpn/keys/dh.pem
server 10.8.1.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1"
topology subnet
keepalive 10 120
tls-auth /etc/openvpn/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
max-clients 5
persist-key
persist-tun
verb 6
--script-security 2
--mute-replay-warnings
Code: Select all
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
prerouting_rule all -- anywhere anywhere
zone_lan_prerouting all -- anywhere anywhere
zone_wan_prerouting all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
postrouting_rule all -- anywhere anywhere
zone_lan_nat all -- anywhere anywhere
zone_wan_nat all -- anywhere anywhere
Chain nat_reflection_in (1 references)
target prot opt source destination
DNAT tcp -- 192.168.1.0/24 x.x.x.x tcp dpt:openvpn /* wan */ to:192.168.1.1:1194
DNAT udp -- 192.168.1.0/24 x.x.x.x udp dpt:openvpn /* wan */ to:192.168.1.1:1194
Chain nat_reflection_out (1 references)
target prot opt source destination
SNAT tcp -- 192.168.1.0/24 lan tcp dpt:openvpn /* wan */ to:192.168.1.1
SNAT udp -- 192.168.1.0/24 lan udp dpt:openvpn /* wan */ to:192.168.1.1
Chain postrouting_rule (1 references)
target prot opt source destination
nat_reflection_out all -- anywhere anywhere
Chain prerouting_rule (1 references)
target prot opt source destination
nat_reflection_in all -- anywhere anywhere
Chain zone_lan_nat (1 references)
target prot opt source destination
Chain zone_lan_prerouting (1 references)
target prot opt source destination
Chain zone_wan_nat (1 references)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain zone_wan_prerouting (1 references)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:openvpn to:192.168.1.1:1194
DNAT udp -- anywhere anywhere udp dpt:openvpn to:192.168.1.1:1194
Code: Select all
br-lan Link encap:Ethernet HWaddr ?
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr:? Scope:Link
inet6 addr: ? Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2500 errors:0 dropped:0 overruns:0 frame:0
TX packets:2556 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:323731 (316.1 KiB) TX bytes:1317957 (1.2 MiB)
eth0 Link encap:Ethernet HWaddr ?
inet6 addr: ? Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6465 errors:0 dropped:2 overruns:59550 frame:0
TX packets:7000 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1436401 (1.3 MiB) TX bytes:2000491 (1.9 MiB)
Interrupt:4
eth0.1 Link encap:Ethernet HWaddr ?
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2440 errors:0 dropped:0 overruns:0 frame:0
TX packets:2533 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:318963 (311.4 KiB) TX bytes:1311282 (1.2 MiB)
eth0.2 Link encap:Ethernet HWaddr ?
inet6 addr: ? Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4020 errors:0 dropped:0 overruns:0 frame:0
TX packets:4060 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:999199 (975.7 KiB) TX bytes:449066 (438.5 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:68 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5970 (5.8 KiB) TX bytes:5970 (5.8 KiB)
pppoe-wan Link encap:Point-to-Point Protocol
inet addr:? P-t-P:10.0.0.1 Mask:255.255.255.255
inet6 addr: ? Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:2301 errors:0 dropped:0 overruns:0 frame:0
TX packets:2502 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:891322 (870.4 KiB) TX bytes:346922 (338.7 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.1.1 P-t-P:10.8.1.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:83 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:8088 (7.8 KiB) TX bytes:9228 (9.0 KiB)
wlan0 Link encap:Ethernet HWaddr ?
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:58 errors:0 dropped:0 overruns:0 frame:0
TX packets:639 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5568 (5.4 KiB) TX bytes:256458 (250.4 KiB)
Thanks!
Re: VPN & Intranet okay / no regular Internet over VPN
Posted: Mon May 06, 2013 8:33 am
by Crisxs
I finally managed to solve the problem and now everything works. I have created a new network interface, vpn, which is connected to tun0 and I have assigned the firewall-zone of the lan. The protocol for this new interface is unmanaged. Btw for my router I am using OpenWrt.
This is the server configuration:
Code: Select all
local 192.168.1.1
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh.pem
server 10.8.1.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
tls-auth /etc/openvpn/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
max-clients 5
persist-key
persist-tun
verb 3
--script-security 2
--mute-replay-warnings
Re: VPN & Intranet okay / no regular Internet over VPN
Posted: Thu May 09, 2013 2:25 am
by Maverick
My problem is: I can't change the server config ...
It is all managed by my University.
Re: VPN & Intranet okay / no regular Internet over VPN
Posted: Wed May 22, 2013 5:31 pm
by jamesyonan
Maverick,
Make sure to import client.p12 as a separate step into the iOS keychain.
Have you tried this with the new 1.0.1 iOS client?
If it still doesn't work, can you post the iOS log file?
James
Re: VPN & Intranet okay / no regular Internet over VPN
Posted: Tue Jun 04, 2013 9:09 pm
by Ablaze
I think I've got the exact same problem as Maverick as I'm trying to connect to the same university.
I have converted the P12 file to three PEM files and added them to the OVPN file.
The connection itself works OK, but I can't open any webpages in Safari, not even if I manually add the proxy.
Pages don't load at all (I haven't tried with intranet servers yet), not even for a second and there is no error message either.
Therefore my guess would be that there is something wrong with some certificate which iOS doesn't trust.
To me that looks like a good explanation why Safari refuses to open ANY webpage while connected to the VPN...
I have tried to import the P12 file (by opening it as an email attachment) - but then I am prompted for a password which I don't have.
Btw, extracting the PEM files didn't require a password (well, an empty one to be exact, but that didn't work for importing the certificate into the keychain).
Any suggestion?
Thanks.
Re: VPN & Intranet okay / no regular Internet over VPN
Posted: Wed Nov 12, 2014 5:33 pm
by Ablaze
Any ideas, anyone? I haven't tried anything since my last post, have their been improvements in the iOS client?
Thanks.