Hi,

On 04/03/19 23:20, Sebastian Wolfgarten wrote:
Hi,

I am trying to redirect all VPN traffic such that it goes through OpenVPN. Authentications works fine, client can connect to the VPN.

However my client IP remains unchanged (e.g. when checking it with www.ipinfo.info <http://www.ipinfo.info>), i.e. the web traffic is not routed through my OpenVPN tunnel. Here is my server config (on FreeBSD, OpenVPN 2.4.6):

as Jonathan said, perhaps it's an IPv6 issue, or an issue with your iPhone provider - they sometimes ALSO reroute traffic.

The easiest way to find out what is happening is to run something like wireshark/tcpdump on your VPN server, then connect an IOS client and go the www.ipinfo.info  - you should see traffic of the phone flowing by. If it does not, then you know that your phone's routing table is not right.

After that, it'd be down to installing some networking tools on the phone.

HTH,

JJK

--
port 1194
proto udp
mode server
tls-server
dev tun
topology subnet
duplicate-cn

push "redirect-gateway def1 bypass-dhcp"
client-to-client
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "route 10.8.0.0 255.255.255.0"
server 10.8.0.0 255.255.255.0

tun-mtu 1500
mssfix

auth sha256

client-to-client
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/phoenix.crt
key /usr/local/etc/openvpn/keys/phoenix.key

dh /usr/local/etc/openvpn/keys/dh4096.pem
keepalive 10 120

user nobody
group nogroup

persist-key
persist-tun

verb 1
log-append /var/log/openvpn.log

—

Then my corresponding client config on iOS (v3.0.2) looks as follows:

client
dev tun
proto udp
auth sha256
ns-cert-type server
# The remote name as defined in server config
remote A.B.C.D 1194
persist-key
persist-tun
cipher AES-256-CBC
# Allow server to use adaptive compression with push:
comp-lzo
verb 0
resolv-retry 20

<ca>
...

From my perspective this looks fine and I am sure it worked at some stage in the past. As mentioned before, when connecting authentication works fine but when the client is surfing the web, the data does not seem to go through the VPN anymore. The log file looks at from my perspective:

2019-03-04 22:48:39 Contacting [A.B.C.D]:1194/UDP via UDP

2019-03-04 22:48:39 EVENT: WAIT

2019-03-04 22:48:39 Connecting to [A.B.C.D]:1194 (A.B.C.D) via UDPv4

2019-03-04 22:48:39 EVENT: CONNECTING

2019-03-04 22:48:39 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client

2019-03-04 22:48:39 Creds: UsernameEmpty/PasswordEmpty

2019-03-04 22:48:39 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1

(…)

2019-03-04 22:48:39 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

2019-03-04 22:48:39 Session is ACTIVE

2019-03-04 22:48:39 EVENT: GET_CONFIG

2019-03-04 22:48:39 Sending PUSH_REQUEST to server...

2019-03-04 22:48:39 OPTIONS:
0 [redirect-gateway] [def1]
1 [redirect-gateway] [def1] [bypass-dhcp]
2 [dhcp-option] [DNS] [208.67.222.222]
3 [dhcp-option] [DNS] [208.67.220.220]
4 [compress] [lz4-v2]
5 [route] [10.8.0.0] [255.255.255.0]
6 [route-gateway] [10.8.0.1]
7 [topology] [subnet]
8 [ping] [10]
9 [ping-restart] [120]
10 [ifconfig] [10.8.0.2] [255.255.255.0]
11 [peer-id] [0]
12 [cipher] [AES-256-GCM]

2019-03-04 22:48:39 PROTOCOL OPTIONS:
 cipher: AES-256-GCM
 digest: SHA256
 compress: COMP_STUBv2
 peer ID: 0

2019-03-04 22:48:39 EVENT: ASSIGN_IP

2019-03-04 22:48:39 NIP: preparing TUN network settings

2019-03-04 22:48:39 NIP: init TUN network settings with endpoint: A.B.C.D

2019-03-04 22:48:39 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0

2019-03-04 22:48:39 NIP: adding (included) IPv4 route 10.8.0.0/24

2019-03-04 22:48:39 NIP: adding (included) IPv4 route 10.8.0.0/24

2019-03-04 22:48:39 NIP: redirecting all IPv4 traffic to TUN interface

2019-03-04 22:48:39 NIP: adding DNS 208.67.222.222

2019-03-04 22:48:39 NIP: adding DNS 208.67.220.220

2019-03-04 22:48:39 Connected via NetworkExtensionTUN

2019-03-04 22:48:39 Comp-stubV2 init

2019-03-04 22:48:39 EVENT: CONNECTED A.B.C.D:1194 (A.B.C.D) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]

Has anyone else seen this problem before? What am I missing in this configuration to send all traffic through the VPN?

Many thanks for your feedback.



_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to