Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)OpenVPN, Windows works, Android doesn't, help?
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 


89 posts

Master Geek


  #2350212 8-Nov-2019 13:45
Send private message

muppet:

 

Well if that's the case and everything is routing via the router correctly, it doesn't sound like what I said applies.

 

Can you ping your pihole when your VPN is connected?

 

 

I cant seem to ping anything on my Home LAN (But I can ping the local router)

2237 posts

Uber Geek

Trusted

  #2350213 8-Nov-2019 13:48
Send private message

Are you sure your Android is being pushed a route?

 

It sounds like you might be getting a VPN connected, but not doing anything to route traffic over it.

 

With openVPN you can either "push" routes down the client, or configure routes on the client itself.

 

 

 

When the OpenVPN client is connected, can you browse to ipchicken.com to find your current public IP? Is is the IP of your home ISP, or still the IP of your Phone's wifi/mobile connection?

 

 

 

It still sounds like a simple routing problem :)

 

The router has a route back to the VPN range, yea??

 
 
 
 




89 posts

Master Geek


  #2350227 8-Nov-2019 13:56
Send private message

muppet:

 

Are you sure your Android is being pushed a route?

 

It sounds like you might be getting a VPN connected, but not doing anything to route traffic over it.

 

With openVPN you can either "push" routes down the client, or configure routes on the client itself.

 

 

 

When the OpenVPN client is connected, can you browse to ipchicken.com to find your current public IP? Is is the IP of your home ISP, or still the IP of your Phone's wifi/mobile connection?

 

 

 

It still sounds like a simple routing problem :)

 

The router has a route back to the VPN range, yea??

 

 

 

 

If I bypass my local dns and set it to google (8.8.8.8) Both android and windows get internet and show my home IP

 

However if I set DNS to my PiHole, it appears to be timing out on my andriod (Cant resolve IP is my guess) 
and using my local DNS Server (local to client) on my windows PC 
When I do a tracert it shows the hostname of the local router, not my home router
However when I do a dns lookup using a hostname from my home lan, it resolves it fine, so it appears DNS can be routed?



89 posts

Master Geek


  #2350229 8-Nov-2019 14:03
Send private message

muppet:

 

Are you sure your Android is being pushed a route?

 

It sounds like you might be getting a VPN connected, but not doing anything to route traffic over it.

 

With openVPN you can either "push" routes down the client, or configure routes on the client itself.

 

 

 

When the OpenVPN client is connected, can you browse to ipchicken.com to find your current public IP? Is is the IP of your home ISP, or still the IP of your Phone's wifi/mobile connection?

 

 

 

It still sounds like a simple routing problem :)

 

The router has a route back to the VPN range, yea??

 



Ok i think it is a routing issue for just my DNS?
I tried to do other queries and they fail, for some reason the one device i tried to query on my LAN happened to work? (caching?)

2494 posts

Uber Geek

Lifetime subscriber

  #2350231 8-Nov-2019 14:08
Send private message

How does /23 make the OpenVPN server and tunnel networks different??




Spark FibreMAX using Mikrotik CCR1009-8G-1S-1S+. UAP, UAP AC Pro, UAP AC Pro Mesh, Apple TV 4, Apple TV 4K, iPad Air 1, iPhone 6s, VodaTV Gen 2. If it doesn't move then it's data cabled.



89 posts

Master Geek


  #2350232 8-Nov-2019 14:10
Send private message

Spyware:

 

How does /23 make the OpenVPN server and tunnel networks different??

 



Sorry i dont understand what your asking?

2494 posts

Uber Geek

Lifetime subscriber

  #2350234 8-Nov-2019 14:12
Send private message

The two networks are meant to be different networks.




Spark FibreMAX using Mikrotik CCR1009-8G-1S-1S+. UAP, UAP AC Pro, UAP AC Pro Mesh, Apple TV 4, Apple TV 4K, iPad Air 1, iPhone 6s, VodaTV Gen 2. If it doesn't move then it's data cabled.

 
 
 
 




89 posts

Master Geek


  #2350238 8-Nov-2019 14:16
Send private message

Spyware:

 

The two networks are meant to be different networks.

 



I have a /23 to allow for IP forwarding from the TUN interface on the VPN server to my LAN
So the end user gets an IP that is passed though to my firewall where I can do IP management on it
Rather than using the NAT on the VPN server and showing all traffic as coming form the servers LAN interface

It works for everything else, just not DNS as far as I can tell

2494 posts

Uber Geek

Lifetime subscriber

  #2350240 8-Nov-2019 14:19
Send private message

Route would be invalid then.




Spark FibreMAX using Mikrotik CCR1009-8G-1S-1S+. UAP, UAP AC Pro, UAP AC Pro Mesh, Apple TV 4, Apple TV 4K, iPad Air 1, iPhone 6s, VodaTV Gen 2. If it doesn't move then it's data cabled.



89 posts

Master Geek


  #2350242 8-Nov-2019 14:22
Send private message

Spyware:

 

Route would be invalid then.

 



Not to come across as rude, but have you read the rest of the thread?

I can get internet when on the VPN showing my homes public IP (using google dns)
I can access internal services on other vlans though my VLAN routing I have on my router

The only thing that doesn't appear to be working is routing DNS queries over the VPN
So either my DNS isnt being sent down the VPN
or theres a routing issue somewhere in my setup (Which I can't find as I have open routing for DNS traffic)

I dont see how using a /23 will break "Only" DNS requests

2494 posts

Uber Geek

Lifetime subscriber

  #2350313 8-Nov-2019 17:49
Send private message

pomtom44:

 

Rather than using the NAT on the VPN server and showing all traffic as coming form the servers LAN interface

It works for everything else, just not DNS as far as I can tell

 

 

And why are you NATing traffic between private networks anyway?? It makes no sense.




Spark FibreMAX using Mikrotik CCR1009-8G-1S-1S+. UAP, UAP AC Pro, UAP AC Pro Mesh, Apple TV 4, Apple TV 4K, iPad Air 1, iPhone 6s, VodaTV Gen 2. If it doesn't move then it's data cabled.

2494 posts

Uber Geek

Lifetime subscriber

  #2350435 8-Nov-2019 19:19
Send private message

No need to masquerade traffic on server at all. You have the route (10.10.101.0/24 gw 10.10.100.2) to the tunnel network on your router, routes to your private networks in client config.

 

# Allow traffic initiated from VPN tunnel to access everywhere

 

iptables -I FORWARD -i tun0 -o eth0 -s 10.10.101.0/24 -m conntrack --ctstate NEW -j ACCEPT

 

# Allow established traffic to pass back and forth

 

iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

 

 

 

And it all works perfectly, routed end to end.




Spark FibreMAX using Mikrotik CCR1009-8G-1S-1S+. UAP, UAP AC Pro, UAP AC Pro Mesh, Apple TV 4, Apple TV 4K, iPad Air 1, iPhone 6s, VodaTV Gen 2. If it doesn't move then it's data cabled.



89 posts

Master Geek


  #2350483 8-Nov-2019 22:07
Send private message

Spyware:

 

No need to masquerade traffic on server at all. You have the route (10.10.101.0/24 gw 10.10.100.2) to the tunnel network on your router, routes to your private networks in client config.

 

# Allow traffic initiated from VPN tunnel to access everywhere

 

iptables -I FORWARD -i tun0 -o eth0 -s 10.10.101.0/24 -m conntrack --ctstate NEW -j ACCEPT

 

# Allow established traffic to pass back and forth

 

iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

 

 

 

And it all works perfectly, routed end to end.

 

 

that is what i have setup.....

 

my routing works fine for everything else. just not to my internal DNS

 

i can access a internal web server fine via its internal IP

 

and i can get internet if i set the VPN clients DNS to google 8.8.8.8

 

i just cant get my internal DNS to get queries from my VPN client.

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

OPPO Find X2 Lite brings flagship features to mid-range 5G smartphone
Posted 29-May-2020 12:52

Sony introduces the digital camera ZV-1 for content creators
Posted 27-May-2020 12:47

Samsung Announces 2020 QLED TV Range
Posted 20-May-2020 16:29

D-Link A/NZ launches AI-Powered body temperature measuring system
Posted 20-May-2020 16:22

NortonLifeLock Online Banking Protection now available for New Zealand banks
Posted 20-May-2020 16:14

SD Express delivers new gigabyte speeds for SD memory cards
Posted 20-May-2020 15:00

D-Link A/NZ launches Nuclias cloud managed network solution hosted in Australia
Posted 11-May-2020 17:53

Logitech introduces new video streaming solution for home studios
Posted 11-May-2020 17:48

Next generation Volvo cars to be powered by Luminar LiDAR technology
Posted 7-May-2020 13:56

D-Link A/NZ launches Wi-Fi Certified EasyMesh system
Posted 7-May-2020 13:51

Spark teams up with Microsoft to bring Xbox All Access to New Zealand
Posted 7-May-2020 13:01

Microsoft plans to establish its first datacenter region in New Zealand
Posted 6-May-2020 11:35

Genesis School-gen has joined forces with Mind Lab Kids
Posted 1-May-2020 12:53

Malwarebytes expands into privacy with fast, frictionless VPN
Posted 30-Apr-2020 16:06

Kordia to donate TV airtime on Channel 200 to community groups
Posted 30-Apr-2020 16:00


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.