Trusted Domain is not used, and so not reachable

Next-generation cloud-hosted OpenVPN business solution.
Post Reply
hawkblade
OpenVpn Newbie
Posts: 4
Joined: Sun Mar 27, 2022 10:58 am

Trusted Domain is not used, and so not reachable

Post by hawkblade » Sun Mar 27, 2022 11:24 am

Hello folks !
I'm new at OpenVPN and I, probably, do something wrong with my configuration.

My use case:
  • I want my GitHub Actions to use OpenVPN to be seen connected from Paris with a public IP address which is NOT GitHub ones.
I have already configured OpenVPN Cloud (once connection at a time is great enough) as following:
  • a user github-actions, belonging to a github-actions-group, whose default Region is Paris.
  • a Network with:
    • a domain on ipify.org (to use api.ipify.org and check if my public IP has changed before/after the use of OpenVPN)
    • a service allowing all Protocol to call ipify.org (https is used to call ipify.org)
Whatever I use user OR Network's connector profile to connect to OpenVPN, I have always the same behavior:
  • if I allow all Internet traffic on (Split Tunnel On) on Group, my public IP is the same before and after the use of OpenVPN
  • if I refuse all Internet traffic (Restricted Internet) on Group, my call to ipify.org AFTER the use of OpenVPN is refused:

    Code: Select all

    curl: (7) Failed to connect to api.ipify.org port 443: Connection refused
In my mind / understanding, it is as if the User & Group configurations are well taken into account, but the trusted domain is not linked to the group, or taken into account.

To complete what I did / did not:
  • I did NOT change VPN Subnets configurations, whatever on Group or Network.
  • I did NOT configure a Hosts.
  • I did use this GitHub Action to connect, and configure config.ovpn following this article.
I surely miss something really basic in configuration, or in OpenVPN concept.

Thanks for your help.
HawkBlade

hawkblade
OpenVpn Newbie
Posts: 4
Joined: Sun Mar 27, 2022 10:58 am

Re: Trusted Domain is not used, and so not reachable

Post by hawkblade » Sun Mar 27, 2022 10:30 pm

Hello again,
I've just made new tests, on my own computer using MacOS's OpenVPN Connect Client, and using my User Profile.
  • When configured in "Split Tunnel On", untrusted traffic is reachable, but trusted domains are not :

    Code: Select all

    ping ipify.org
    PING ipify.org (100.81.41.118): 56 data bytes
    Request timeout for icmp_seq 0
    Request timeout for icmp_seq 1
    Request timeout for icmp_seq 2
  • When configured as "Restricted Internet", untrustred traffic is not reachable (connection refused), and trusted domains are also timed out.
I do not understand why the behavior is a little bit different from my GitHub Actions Installation than for my local OpenVPN Connect Client but, whatever, there is still an issue even on a full OpenVPN installation...

Thx for your help.

hawkblade
OpenVpn Newbie
Posts: 4
Joined: Sun Mar 27, 2022 10:58 am

Re: Trusted Domain is not used, and so not reachable

Post by hawkblade » Tue Mar 29, 2022 7:59 pm

OK, so reading this documentation https://openvpn.net/cloud-docs/user-gui ... 1647380979, I understand that a connector installed on a server of mine is required. I thought that OpenVPN provided this server / feature. Please tell me if my last sentence is right or wrong.

hawkblade
OpenVpn Newbie
Posts: 4
Joined: Sun Mar 27, 2022 10:58 am

Re: Trusted Domain is not used, and so not reachable

Post by hawkblade » Thu Mar 31, 2022 7:59 am

I made a new test using OpenVPN client (closely the same configuration I used) to a ProtonVPN server (providing an Internet gateway), and all works as I expected. So it was my configuration of OpenVPN cloud which was missing an internet gateway (I thought it was included).
This thread is closed.

Post Reply