Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configuration questions

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    22 Posts 3 Posters 3.0k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S Offline
      stephenw10 Netgate Administrator
      last edited by

      Ok but what sort or RTT are you seeing to whatever site caused that when you;re connected to tunnel? It would have to be huge....

      Seems more likely you're seeing the result of some traffic going directly and other traffic going through the tunnel.

      Steve

      1 Reply Last reply Reply Quote 0
      • Z Offline
        zkab
        last edited by

        When I make a ping RTT varies from time=1.62 ms to time=124 ms for the sites.
        The amount information I get from accessing the websites are not huge ... just plain website data.
        I can't see any pattern ... it is more random.
        You mentioned 'Seems more likely you're seeing the result of some traffic going directly and other traffic going through the tunnel' ... but
        I don't understand why 'pfsense/openvpn' navigate the result differently ... I have in 'Tunnel Settings' checked 'Redirect Gateway' (Force all client
        generated traffic through the tunnel).

        Is it a 'pfsense/OpenVPN' or 'OpenVPN for Android' problem?
        Is there some kind of log where I can see what is going on?

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          1.62ms seems very low, too low for any logical connection especially if that's over cellular.

          124ms seems high but could be correct for cellular+VPN.

          I'm not aware of any issue with the Android OpenVPN client, it does seem like a client issue though. Can you test from a different client?

          You might be seeing blocked TCP traffic in the pfSense firewall log is packets are not being sent both ways.

          Steve

          1 Reply Last reply Reply Quote 0
          • Z Offline
            zkab
            last edited by

            OK ... I tested with Windows client & Chrome.
            When I access websites there is the usual Chrome message in the left bottom corner (for a short second) ... waiting for xxx ... before I get the website.
            I guess that is the same problem I had in Android so as I understand the problem is on the serverside and not on the client side ...
            How do I proceed to get openvpn working?

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              It is working as I understand it, you said you were able to connect to internal resources and external sites no?

              I assume of you go to a 'whatismyIP' type site it reports the public IP of the server as your traffic is going through that?

              Steve

              1 Reply Last reply Reply Quote 0
              • Z Offline
                zkab
                last edited by

                It is working more or less ... still the ANNOYING network error message.
                If my mobile is at 4G mobile network then I can't reach my resources on my internal network.
                With my limited knowledge I had the feeling that I it didn't matter if my mobile is on a public open network or a GSM 4G network I could always reach my OpenVPN server.

                1 Reply Last reply Reply Quote 0
                • stephenw10S Offline
                  stephenw10 Netgate Administrator
                  last edited by

                  It shouldn't make any difference how you're connected unless your provider is filtering OpenVPN traffic maybe. Unlikely.

                  As long as there is no subnet conflict between the server side LAN you're trying to reach and the subnet you're connecting from.

                  But check the public IP you are routing from to see how that traffic is flowing. It really looked like you were routing only some traffic over the tunnel which will cause all sorts of issues.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • Z Offline
                    zkab
                    last edited by

                    I rebooted pfsense and my mobile and all of a sudden I can reach my internal devices when I am on 4G network.
                    I use an app call 'PingTools Network Utilities' and it shows following (beeing on 4G & vpn):

                    Mobile: 100.98.184.83
                    4G Gateway: 100.98.184.83
                    Internat: my dyn-dns ip-address (which is correct)

                    My internal network is 192.168.1.0/24 and I can ping (beeing on 4G & vpn) 192.168.1.7 which is good.
                    And I can reach all external websites also ... but still the network error message.

                    When my mobile is on a public open network vpn works OK ... except the network error message.

                    WhatsMyIp gives me as I understand correct values ...

                    1. 4G & vpn - my dyn-dns ip-address
                    2. public open network & vpn - my dyn-dns ip-address
                    3. 4G without vpn - another ip that is not my dyn-dns ip-address (guess that is from my mobile operator) ... which is correct

                    As I understand openvpn is working OK and all traffic is routed over the tunnel.
                    Can the latency error message be solved ... is it a openvpn server or openvpn android client issue?

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by

                      Seems like an Android issue if you are not seeing it in Windows.

                      1 Reply Last reply Reply Quote 0
                      • Z Offline
                        zkab
                        last edited by

                        OK ... I will check their forum
                        Thanks for your patience and support

                        1 Reply Last reply Reply Quote 0
                        • Z Offline
                          zkab
                          last edited by

                          I understand that network change is not a call of openvpn ... it should be handle by OS (Android).
                          But ERR_NETWORK_CHANGED occurs only when I run openvpn ... so where do I see what kind of network change has occurred?
                          Log file for opnvpn client on Android or openvpn server?
                          I don't see in which end I should start.
                          The error message drives me crazy ...

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S Offline
                            stephenw10 Netgate Administrator
                            last edited by

                            The network change is almost certainly between the direct connection and the VPN connection. Though it seems it can also be cause by intermittent IPv6.
                            What do you actually need the Android client to do here? Route all traffic? Just access the internal LAN?
                            You could put in a client specific override so it doesn't redirect all traffic which would likely solve it as most traffic would then use the local connection.

                            This is an Android/Chrome problem though, there's little we can do about it in pfSense.

                            Steve

                            1 Reply Last reply Reply Quote 0
                            • Z Offline
                              zkab
                              last edited by

                              Thanks again ... I understand this is an Android/Chrome problem and I really appreciate that you take your time to help me.
                              Getting support from Google is dead end ... they don't care about their customers at all.
                              What I want to do with Android client is to access my LAN and Internet in a safe mode when I am on 4G or public wifi.
                              You mentioned ... it seems it can also be cause by intermittent IPv6 ... how can I test that?
                              The OpenVPN server is running in pfSense connected to my LAN.

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S Offline
                                stephenw10 Netgate Administrator
                                last edited by

                                Well that seemed to be what people were suggesting in Google's forum. Nothing definitive.
                                You can disable it behind pfSense but otherwise I'm not sure how you might disable it in Android globally. I imagine you can find a wifi location without IPv6 though.

                                Try setting up the VPN for just you local subnet rather than all traffic and see if you still see issues.
                                I can imagine both local connections and the VPN are trying to be the default route. Usually OpenVPN just set's itself and there's no problem though.

                                Steve

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.