![]() ![]() ![]() |
|
muppet:
Well if that's the case and everything is routing via the router correctly, it doesn't sound like what I said applies.
Can you ping your pihole when your VPN is connected?
I cant seem to ping anything on my Home LAN (But I can ping the local router)
Are you sure your Android is being pushed a route?
It sounds like you might be getting a VPN connected, but not doing anything to route traffic over it.
With openVPN you can either "push" routes down the client, or configure routes on the client itself.
When the OpenVPN client is connected, can you browse to ipchicken.com to find your current public IP? Is is the IP of your home ISP, or still the IP of your Phone's wifi/mobile connection?
It still sounds like a simple routing problem :)
The router has a route back to the VPN range, yea??
muppet:
Are you sure your Android is being pushed a route?
It sounds like you might be getting a VPN connected, but not doing anything to route traffic over it.
With openVPN you can either "push" routes down the client, or configure routes on the client itself.
When the OpenVPN client is connected, can you browse to ipchicken.com to find your current public IP? Is is the IP of your home ISP, or still the IP of your Phone's wifi/mobile connection?
It still sounds like a simple routing problem :)
The router has a route back to the VPN range, yea??
If I bypass my local dns and set it to google (8.8.8.8) Both android and windows get internet and show my home IP
However if I set DNS to my PiHole, it appears to be timing out on my andriod (Cant resolve IP is my guess)
and using my local DNS Server (local to client) on my windows PC
When I do a tracert it shows the hostname of the local router, not my home router
However when I do a dns lookup using a hostname from my home lan, it resolves it fine, so it appears DNS can be routed?
muppet:
Are you sure your Android is being pushed a route?
It sounds like you might be getting a VPN connected, but not doing anything to route traffic over it.
With openVPN you can either "push" routes down the client, or configure routes on the client itself.
When the OpenVPN client is connected, can you browse to ipchicken.com to find your current public IP? Is is the IP of your home ISP, or still the IP of your Phone's wifi/mobile connection?
It still sounds like a simple routing problem :)
The router has a route back to the VPN range, yea??
How does /23 make the OpenVPN server and tunnel networks different??
Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.
Spyware:
How does /23 make the OpenVPN server and tunnel networks different??
The two networks are meant to be different networks.
Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.
Spyware:
The two networks are meant to be different networks.
Route would be invalid then.
Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.
Spyware:
Route would be invalid then.
pomtom44:
Rather than using the NAT on the VPN server and showing all traffic as coming form the servers LAN interface
It works for everything else, just not DNS as far as I can tell
And why are you NATing traffic between private networks anyway?? It makes no sense.
Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.
No need to masquerade traffic on server at all. You have the route (10.10.101.0/24 gw 10.10.100.2) to the tunnel network on your router, routes to your private networks in client config.
# Allow traffic initiated from VPN tunnel to access everywhere
iptables -I FORWARD -i tun0 -o eth0 -s 10.10.101.0/24 -m conntrack --ctstate NEW -j ACCEPT
# Allow established traffic to pass back and forth
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
And it all works perfectly, routed end to end.
Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.
Spyware:
No need to masquerade traffic on server at all. You have the route (10.10.101.0/24 gw 10.10.100.2) to the tunnel network on your router, routes to your private networks in client config.
# Allow traffic initiated from VPN tunnel to access everywhere
iptables -I FORWARD -i tun0 -o eth0 -s 10.10.101.0/24 -m conntrack --ctstate NEW -j ACCEPT
# Allow established traffic to pass back and forth
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
And it all works perfectly, routed end to end.
that is what i have setup.....
my routing works fine for everything else. just not to my internal DNS
i can access a internal web server fine via its internal IP
and i can get internet if i set the VPN clients DNS to google 8.8.8.8
i just cant get my internal DNS to get queries from my VPN client.
|
![]() ![]() ![]() |