Another VPN question

O

Omaha

n3wb
Dec 14, 2014
24
1
Oklahoma
I really appreciate all the help I've gotten from you guys. This is an embarrassing question, but I'm a novice. I have my home router (Linksys WRT1900 ACS) set up as an OpenVPN server. I have the OpenVPN client and the Blue Iris mobile app on my iPhone. The BI client was setup using the wizard with port forwarding on 81. I launch the VPN client and establish a connection to my home server, then launch the Blue Iris mobile app. I am able to see my video feeds, just don't know how to verify that I'm going through the tunnel. If not, what must I do to enable this?
 
disable your port forwarding and uPNP on your router; try to open up your cameras without the VPN tunnel.. should fail, then connect VPN tunnel and try again.

You can try: Open Port Check Tool and verify ports are closed
 
Thanks for the reply. This is going to take some hand holding. Closing the port does block the connection. But, if it's not too much to ask, could someone advise me on how to configure the BI webserver and mobile app to work with the VPN.
 
they dont need any configuration, they have no idea if your on a VPN or on your local Wifi
 
So is the VPN actually connecting, i.e. you have a successful message in the App?
If so you should be able to connect to BI using the local IP address, as if you were sitting at home on your WiFi.
 
I just got openvpn working with an asus router and an android phone, but ran into a few problems along the way.
I had vpn connecting, but couldn't connect to BI.

It might help if you could look at the log files from the iphone vpn app, and from your router, and post them.

I ended up fixing my problem by looking at the phone log files, and then googling for that error, and found some phone setting changes I had to make.
 
When I launch the OpenVPN app on the iPhone it shows that it has connected. But when I try to use Safari on the phone to login to an iPaddress on the home network I just get a blank page.
 
I use the VPN server in my Synology NAS's own application and you have to specifically say 'Allow Clients to access Servers Lan' within the OpenVPN section. Does your VPN server have a similar setting?
 
Are you using openVPN connect? I have an iphone too. I just installed it on my iphone, imported the client.ovpn file, and I can log into blue iris from it with no changes.
 
make sure you enter only your local ip in the blue iris mobile app or try using the local ip for both the wan and lan connections...
 
I appreciate all the help. Sorry for the initial confusion. Doesn't appear that this is just a BI issue. Though the OpenVPN Connect app indicates that it is connected, I'm not actually able to get onto the LAN. Don't know a lot about this, but could it be a firewall issue? The Incoming log on the router is blank. Here is the log for Open VPN iOS:


2016-11-07 18:50:10 EVENT: RESOLVE
2016-11-07 18:50:11 Contacting xx.xxx.x.xx:1194 via TCP
2016-11-07 18:50:11 EVENT: WAIT
2016-11-07 18:50:11 SetTunnelSocket returned 1
2016-11-07 18:50:11 Connecting to [xxxx.gotdns.org]:1194 (xx.xxx.x.xx) via TCPv4
2016-11-07 18:50:11 EVENT: CONNECTING
2016-11-07 18:50:11 Tunnel Options:V4,dev-type tun,link-mtu 6043,tun-mtu 6000,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2016-11-07 18:50:11 Creds: Username/Password
2016-11-07 18:50:11 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.7-199
IV_VER=3.0.11
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2

2016-11-07 18:50:11 NET Internet:ReachableViaWWAN/WR t------
2016-11-07 18:50:11 NET WiFi:NotReachable/WR t------
2016-11-07 18:50:12 VERIFY OK: depth=1
cert. version : 3
serial number : B1:5D:95:C0:46:40:DB:05
issuer name : C=US, ST=CA, L=Irvine, O=Linksys, OU=Linksys, CN=linksys, ??=changeme, emailAddress=mail@host.domain
subject name : C=US, ST=CA, L=Irvine, O=Linksys, OU=Linksys, CN=linksys, ??=changeme, emailAddress=mail@host.domain
issued on : 2013-12-03 19:06:03
expires on : 2023-12-01 19:06:03
signed using : RSA with SHA1
RSA key size : 1024 bits
basic constraints : CA=true

2016-11-07 18:50:12 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=US, ST=CA, L=Irvine, O=Linksys, OU=Linksys, CN=linksys, ??=changeme, emailAddress=mail@host.domain
subject name : C=US, ST=CA, L=Irvine, O=Belkin, OU=Linksys, CN=localhost, ??=changeme, emailAddress=mail@host.domain
issued on : 2013-12-03 19:08:25
expires on : 2023-12-01 19:08:25
signed using : RSA with SHA1
RSA key size : 1024 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication

2016-11-07 18:50:13 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
2016-11-07 18:50:13 Session is ACTIVE
2016-11-07 18:50:13 EVENT: GET_CONFIG
2016-11-07 18:50:13 Sending PUSH_REQUEST to server...
2016-11-07 18:50:13 OPTIONS:
0 [topology] [subnet]
1 [route-gateway] [xxx.xx.13.1]
2 [route] [192.168.1.0] [255.255.255.0]
3 [ping] [10]
4 [ping-restart] [120]
5 [ifconfig] [xxx.xx.13.2] [255.255.255.0]

2016-11-07 18:50:13 PROTOCOL OPTIONS:
cipher: BF-CBC
digest: SHA1
compress: NONE
peer ID: -1
2016-11-07 18:50:13 EVENT: ASSIGN_IP
2016-11-07 18:50:13 Connected via tun
2016-11-07 18:50:13 EVENT: CONNECTED xxxx@hotmail.com@xxxxxx.gotdns.org:1194 (xx.xxx.5.xx) via /TCPv4 on tun/xxx.xx.13.2/
2016-11-07 18:50:13 SetStatus Connected

-------------------------------------------------------------------------------------------------------------------------
 
Last edited:
In the future, you may want to "sanitize" your logs, ie delete your ip address and ddns name. Change to xxxx or somethink like that.

I'm not smart enough to figure out what's wrong by looking at your log.
I did notice I set up for UDP, and you have TCP. But I think either should work.

It should not be a firewall issue since you are setting up VPN on the router. The router should be smart enough to let the traffic VPN traffic through.

I would guess some setup issue with openVPN on your router.
FWIW, some of my settings:
Username / Password Auth. Only Yes
Push LAN to clients Yes
Direct clients to redirect Internet traffic No
Respond to DNS Yes
Advertise DNS to clients Yes
 
nayr, mrralphman, randytsuch, fenderman. Thanks for the assistance. The only options for VPN settings are IPSec Passthrough, PPTP Passthrough and L2TP Passthrough. These are all enabled. Don't see an option for TCP/UDP. Have to work on this more when I get back in tonight. Perhaps this problem might be better addressed on a networking/VPN forum. Any other ideas are welcome.
 
I took a quick look at your router. It doesn't have as many options as Asus, but I did see UDP, so I think you could try UDP also.
Doesn't seem to have other options unless you want to install DD WRT
 
passthrough options are not a VPN Server, those are just settings to allow/block VPN Use..
 
Found the setting for UDP/TCP and enabled both. Nayr, I just read that about the passthrough options being irrelevant to this. There is some good information on the OpenVPN site. They do talk about firewalls being a problem either on the server or client side. But, disabling the firewalls and windows defender made no difference. Still doing some testing.
 
Success! Been retracing my steps over the past couple of days. Reconfigured more than once. I was just about ready to switch to dd-wrt. Not sure exactly which step made made the difference, but it works now. Was able to confirm I'm going through the vpn as iphones ipaddress is now in the vpn's range.
 
  • Like
Reactions: MrRalphMan
Don't you love when it just starts to work, and you don't know why :D
Congrats, its nice to have a secure vpn connection to home.
 
You must log in or register to reply here.
Top Bottom