@gertjan said in Access my home server through my phone hotpot.: @viragomann said in Access my home server through my phone hotpot.: I started an OpenVPN connection on the iPhone and connected my laptop with the its hotspot. But I was not able to connect to a remote resource with this. So obviously that's not possible with a recent iOS as well. I tried just that several days ago. I use the OpenVPN OpenConnect app on my iPhone When you use it, and check log files on both sides, you'll see that your iPhone gets one IPv4 - and one IPv6 if you asked for it / set up IPv6. That"s one IP for one device, the iPhone. If the hotspot would use the OpenVPN connection, would it use the same attributed IP for the hotspot connected device ? No, of course not, that would be an error. If the phone behaves as a NAT home router and successfully masquerades hotspot connected devices over the WAN based VPN tunnel, then I believe you would still only see one VPN client on the pfsense side. Is this not what many higher end home routers (pfsense included) do? They masquerade LAN connected devices via an VPN client connection. The limitation seems imposed by android's design rather than the underlying Linux kernel/network stack. It appears neither Android or IOS permit NAT of hotspot network over the vpn client 'interface'. The project I linked to above appears to offer a UI to manipulate iptables to achieve this but requires root. This means that the iPhone VPN App should behave as a router ? Can't be, as the app (my words) has been created to connect 'a device' to a OpenVPN server, not multiple devices. I'm pretty sure that what you want, exist. It will be a dedicated small box, a router, with an AP build in, a 3/4/5G connections, thus a SIM card, and it should have a special case of OpenVPN Client usage so every device connected to the AP will get tunneled to the OpenVPN server. Yes, and I bet it's quite expensive.

@viragomann perfect now with your directions it works great I THANK YOU

@viragomann To be honest, you lost me at BTW. I will try to understand your invaluable advice. Thank you so much.

@netblues Thank you.

@hamidsattarrana Double-check that the CA assigned to the OpenVPN server and the CA the user cert is from are the same and that you selected to correct server in the client export utility. You can verify the certs in System > Certificate Manager > Certificates, which gives you a good overview of the issuer and the usage.

Thanks for all the help. The OpenVPN server was trying to push DNS to the client and it was the cause of all my troubles.

Anyone else looking for something like this, Wireguard has it and it works great!

@richardeb No, if you only did the recommended setup you're safe. However, be careful when you add an OpenVPN server on your pfSense additionally. The wizard if you run it, will add an allow any rule to the OpenVPN tab. You must consider that the OpenVPN tab is in fact an interface group which includes all the OpenVPN instances, either servers and clients, you're running on pfSense. And rules on an interface group have priority over rules on member interface tabs. So to stay save when running additional OpenVPN instances, where you must permit inbound access from, either assign an interfaces to each of the instances and define your rules there, while you leave the OpenVPN tab blank, or set the source in the rule so that it is only applied to the concerned VPN clients.

@viragomann Thanks again for you always clear and relevant answers! Have a good day!

@jarhead You have to establish an layer 2 connection between server and clients. L2 between different network interfaces can be achieved with a bridge. So you have to create a bridge at both sites. I didn't get where your clients and the server are connected to. The concerned interface have to be bridged with the VPN interface. So at both sites you have to use tap mode OpenVPN and assign an interface to the VPN instance. Then you can bridge these interfaces with the respective server or client interface.

@viragomann Ey, sorry for no reply, i was trying and trying... i can't do more... The log on the server says "P_CONTROL_HARD_RESET_SERVER_V2" and "P_CONTROL_HARD_RESET_CLIENT_V2". In the client the first message is "Preserving recently used remote addres: [AF_INET]xxx.xxx.xxx.xxx:xxxx" "UDPv4 link local:(not bound)" I don't know what can i do

@viragomann Got it working. Thanks,

Any one has any clue ?

@greywolf could this be mtu/mss issue when tje connection is over TCP?

Seems like an ISP issue, but it has resolved itself. Thank you for the assistance.

@mmercier can you please give me the step by step to get openvpn on the 22.01 release, been trying to configure it and it won’t start. Went by all documentation twice every time and nothing, is there another documentation on configuration for 22.01 release, please and thank you.