OpenVPN on android problem

sifti85 · Feb 28, 2025, 11:07 AM

Hello,
I have successfully configured the OpenVPN server on pfsense. OpenVPN is running smoothly on my laptop, but I ran into a problem with my android phone. Both OpenVPN Connect app and OpenVPN for Android app can connect to the VPN server. But nothing loads on the subnet (synology NAS for example) by IP address from the browser. I suspected an application problem, so I tried the VPN Client PRO application, it works, I can reach the NAS and subnet devices remotely. What can cause this, that I can only access the subnet devices in this application?

Gertjan · Feb 28, 2025, 11:22 AM

@sifti85

Compare the config file used by both OpenVPN apps.

For what it is worth, the OpenVPN Connect app I use on my iPhone works, I can connect to my Syno NAS and every other device on the pfSense LAN just fine.
But for iPhone, its easy, as their are no "900+ OS versions" out there. Just one. So their is just one app, the latest. Whats your version ?
The server and client app are there to create the connection itself, the client app isn't doing any firewall or so. What you can 'use' is decided on the pfSense firewall - the openvpn interface you've created.

Also : always check if your NAS allows the connection, as it has a firewall itself also.

sifti85 · Feb 28, 2025, 12:59 PM

@Gertjan said in OpenVPN on android problem:

The server and client app are there to create the connection itself, the client app isn't doing any firewall or so. What you can 'use' is decided on the pfSense firewall - the openvpn interface you've created.

I used the same configuration files in all three applications.
I have a Xiaomi Redmi Note 9 with android 11. I could download all three apps from play store, so they are compatible with my phone.
I used the OpenVPN Wizard to create the firewall rules, it opened the 1194 port on the wan interface and opened the IPV4 in the OpenVPN tab.
I also configured the OpenVPN server to redirect IPV4 Gateway( full tunnel). in all three applications I get the public ip address. I can use the internet in the problematic applications too, but I cannot access any of the devices in the web browser via ip (tried synology, tp link router, pfsense firewall ip).

sifti85 · Feb 28, 2025, 1:11 PM

@Gertjan Tried with a different device a samsung tab, same happens. Only VPN Client PRO working.

Gertjan · Feb 28, 2025, 1:40 PM

@sifti85

I'm not aware of phone app issues - couldn't even test it as I've no droid stuff here.

You can packet capture on the VPN interface - and your LAN interface, so see how far the goes.

Your rules are ok, right :

login-to-view

?

sifti85 · Feb 28, 2025, 3:10 PM

@Gertjan here is the rule:
login-to-view

sifti85 · Feb 28, 2025, 3:13 PM

@sifti85 wan rules:
login-to-view

Gertjan · Feb 28, 2025, 4:20 PM

@sifti85

Your rules are fine.

Btw : probably not related, but - look again - my OpenVPN rules list is empty.
I've created an OpenVPN Server interface, called VPNS.

Under Interfaces > Interface Assignments :

login-to-view

Can't recall what the exact reason was, but it was 'better'.

JonathanLee · Mar 2, 2025, 3:38 PM

@sifti85 do you have an app like “file browser” when you are connected to the vpn?

sifti85 · Mar 3, 2025, 6:04 PM

@JonathanLee what do you mean? Yes i have basic android file browser

JonathanLee · Mar 3, 2025, 8:03 PM

@sifti85 I use an app it works better with smb

login-to-view

sifti85 · Mar 4, 2025, 8:40 AM

@JonathanLee Not only smb needs to be accessed, but also a proxmox server, for example