Hi,
On 04/03/19 23:20, Sebastian Wolfgarten wrote:
Hi,
I am trying to redirect all VPN traffic such that it goes through
OpenVPN. Authentications works fine, client can connect to the VPN.
However my client IP remains unchanged (e.g. when checking it with
www.ipinfo.info <http://www.ipinfo.info>), i.e. the web traffic is not
routed through my OpenVPN tunnel. Here is my server config (on
FreeBSD, OpenVPN 2.4.6):
as Jonathan said, perhaps it's an IPv6 issue, or an issue with your
iPhone provider - they sometimes ALSO reroute traffic.
The easiest way to find out what is happening is to run something like
wireshark/tcpdump on your VPN server, then connect an IOS client and go
the www.ipinfo.info - you should see traffic of the phone flowing by.
If it does not, then you know that your phone's routing table is not right.
After that, it'd be down to installing some networking tools on the phone.
HTH,
JJK
--
port 1194
proto udp
mode server
tls-server
dev tun
topology subnet
duplicate-cn
push "redirect-gateway def1 bypass-dhcp"
client-to-client
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "route 10.8.0.0 255.255.255.0"
server 10.8.0.0 255.255.255.0
tun-mtu 1500
mssfix
auth sha256
client-to-client
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/phoenix.crt
key /usr/local/etc/openvpn/keys/phoenix.key
dh /usr/local/etc/openvpn/keys/dh4096.pem
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
verb 1
log-append /var/log/openvpn.log
—
Then my corresponding client config on iOS (v3.0.2) looks as follows:
client
dev tun
proto udp
auth sha256
ns-cert-type server
# The remote name as defined in server config
remote A.B.C.D 1194
persist-key
persist-tun
cipher AES-256-CBC
# Allow server to use adaptive compression with push:
comp-lzo
verb 0
resolv-retry 20
<ca>
...
From my perspective this looks fine and I am sure it worked at some
stage in the past. As mentioned before, when connecting authentication
works fine but when the client is surfing the web, the data does not
seem to go through the VPN anymore. The log file looks at from my
perspective:
2019-03-04 22:48:39 Contacting [A.B.C.D]:1194/UDP via UDP
2019-03-04 22:48:39 EVENT: WAIT
2019-03-04 22:48:39 Connecting to [A.B.C.D]:1194 (A.B.C.D) via UDPv4
2019-03-04 22:48:39 EVENT: CONNECTING
2019-03-04 22:48:39 Tunnel Options:V4,dev-type tun,link-mtu
1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth
SHA256,keysize 256,key-method 2,tls-client
2019-03-04 22:48:39 Creds: UsernameEmpty/PasswordEmpty
2019-03-04 22:48:39 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
(…)
2019-03-04 22:48:39 SSL Handshake:
TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2019-03-04 22:48:39 Session is ACTIVE
2019-03-04 22:48:39 EVENT: GET_CONFIG
2019-03-04 22:48:39 Sending PUSH_REQUEST to server...
2019-03-04 22:48:39 OPTIONS:
0 [redirect-gateway] [def1]
1 [redirect-gateway] [def1] [bypass-dhcp]
2 [dhcp-option] [DNS] [208.67.222.222]
3 [dhcp-option] [DNS] [208.67.220.220]
4 [compress] [lz4-v2]
5 [route] [10.8.0.0] [255.255.255.0]
6 [route-gateway] [10.8.0.1]
7 [topology] [subnet]
8 [ping] [10]
9 [ping-restart] [120]
10 [ifconfig] [10.8.0.2] [255.255.255.0]
11 [peer-id] [0]
12 [cipher] [AES-256-GCM]
2019-03-04 22:48:39 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA256
compress: COMP_STUBv2
peer ID: 0
2019-03-04 22:48:39 EVENT: ASSIGN_IP
2019-03-04 22:48:39 NIP: preparing TUN network settings
2019-03-04 22:48:39 NIP: init TUN network settings with endpoint: A.B.C.D
2019-03-04 22:48:39 NIP: adding IPv4 address to network settings
10.8.0.2/255.255.255.0
2019-03-04 22:48:39 NIP: adding (included) IPv4 route 10.8.0.0/24
2019-03-04 22:48:39 NIP: adding (included) IPv4 route 10.8.0.0/24
2019-03-04 22:48:39 NIP: redirecting all IPv4 traffic to TUN interface
2019-03-04 22:48:39 NIP: adding DNS 208.67.222.222
2019-03-04 22:48:39 NIP: adding DNS 208.67.220.220
2019-03-04 22:48:39 Connected via NetworkExtensionTUN
2019-03-04 22:48:39 Comp-stubV2 init
2019-03-04 22:48:39 EVENT: CONNECTED A.B.C.D:1194 (A.B.C.D) via /UDPv4
on NetworkExtensionTUN/10.8.0.2/ gw=[/]
Has anyone else seen this problem before? What am I missing in this
configuration to send all traffic through the VPN?
Many thanks for your feedback.
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users