Issues with OpenVPN Configuration
-
Do you want to tunnel everything? Or just connections to 192.168.1.0/24?
I'm sorry, but I don't know what it means to "tunnel everything". When I'm connected to the VPN, I want to be able to access all the devices on the local LAN. I want all "internet" or "IP" traffic from the phone to through the VPN. From within the web browser or otherwise (IE: My Control4 app needs to connect to the Control4 controller on the LAN/VPN).
Does that answer your question? Sorry I'm such a novice at this. I truly appreciate your help.
-
Tunnel everything means that the client gets a default route that sends all traffic through the tunnel and nothing should egress the client's WAN natively while connected to the OpenVPN server.
Alternately, the client can get routes for just the remote networks, usually private networks (Remote LAN, etc). Only traffic for those networks will be sent to OpenVPN. All other traffic will be given to the client host's routing table and be routed accordingly.
-
OK - Baby steps…
I want you to change a few things if thats ok?
Force all client generated traffic through the tunnel.
Also, provide DNS Servers.
192.168.1.1
8.8.8.8 -
So, this is my cell phone we're talking about. While the cell phone is connected to the VPN, I think I want all internet/IP based traffic to go through the VPN.
What do I need to do for that to happen, because it doesn't appear to be happening now.
-
OK - Baby steps…
I want you to change a few things if thats ok?
Force all client generated traffic through the tunnel.
Also, provide DNS Servers.
192.168.1.1
8.8.8.8I'm down with the baby steps, but let me make sure I understand. You want me to recheck the DNS servers box in the VPN config, and add those 2 DNS servers?
-
Please make the initial changes to the openvpn server that I suggested. Then test it.
BTW - How are you seeing your server config if you are away and your VPN isn't working?
"You want me to recheck the DNS servers box in the VPN config, and add those 2 DNS servers?" - Yes
I want you to use your pfsense LAN as DNS server (192,168.1.1) and if something on your local network interferes with that, like the subnet in use, 8.8.8.8, just in case.
Just temporary to ensure you have DNS.
BTW - What kind of phone? What is the openvpn client software being used?
-
Please make the initial changes to the openvpn server that I suggested. Then test it.
BTW - How are you seeing your server config if you are away and your VPN isn't working?
I'm not away. I'm at home. I've got computers that are hard wired on the LAN here. I'm testing it from mobile phones and hotspots.
I think I made those changes correctly. I'm going to test it now.
-
I made those changes. The VPN from my phone still works the same. Do I need to redownload the client export after making those changes?
-
Just saw the edits to your last post. It's an Android phone. Google Nexus 6. I'm using the "OpenVPN Connect" client.
-
Not yet. Now I'd like to see the:
Firewall: Rules
The LAN tab and the OpenVPN tab.
-
Not yet. Now I'd like to see the:
Firewall: Rules
The LAN tab and the OpenVPN tab.
As requested. Thanks again for your help.
 -
I should reiterate that when connecting from my Windows8 laptop it works swimmingly. The problem just seems to exist when I connect with this Android phone.
It can see some devices/IP's, but can't see 192.168.1.1. AND the apps on my phone won't connect to the local LAN. It's as if they're still using the cellular connection.
-
Have you tried rebooting the phone?
-
Not in the last few hours. Will do that now.
-
Have you tried rebooting the phone?
Rebooting the phone made no difference. Still functions the same.
-
How are you testing the connection?
-
-
Can you connect your phone then go to:
Status: OpenVPN
Post what is on that page.
-
Can you connect your phone then go to:
Status: OpenVPN
Post what is on that page.
As requested.
 -
And while its connected, in the phone browser, if you type
https://192.168.1.1 - What does this get?
https://www.google.com - What does this get?
https://192.168.79.1 - What does this get?
