OpenVPN setup does not offer what i need for my vpn server....

gpatel-fr

@Vlad-Nirky said in OpenVPN setup does not offer what i need for my vpn server....:

I must have expressed myself poorly.

fact is, these VPN network configurations are a bit intricate and difficult to explain, remotely there is only one way to make them really clear: a diagram.

@Vlad-Nirky said in OpenVPN setup does not offer what i need for my vpn server....:

adds the route

if you have to add a route manually, there is something cheesy. Normally in simple cases OpenVpn handles all the routing automatically.

@Vlad-Nirky said in OpenVPN setup does not offer what i need for my vpn server....:

if I do the same thing by launching the VPN via OpenVPN using the .ovpn and adding the same route as before, the tun0 tunnel is created and I can ping the machines on my network

I take it that you confirmed that the tunnel is opened and working by taking a look at the openvpn interface statistics on the server (your PI if I understand correctly is in all case the test server right ?)
Something like
ip stats show dev tun0
to ensure that your packets are really passing by the Vpn.

My favourite test in case of Openvpn problems is pinging from each side the opposite Openvpn address, it could be 10.238.198.1 from one side and 10.238.198.2 from the other side (to be checked with ip a on both sides, the inet and the peer should be the same but reversed of course)

On a standard Linux, Openvpn logs to syslog and it can be really interesting to take a look at it, I don't have yet a phone to check what happens on UT. Routing can get really tricky with Openvpn, even by looking at syslog, sometimes it may be necessary to set

sudo sysctl net.ipv4.conf.all.log_martians=1

because by default this kind of problem is not sent to syslog. That's typically the case where it's necessary to add a route manually (I had this problem when running Openvpn in a lxd container)..

zakafx

I am glad that I found this thread. I also wanted to have remote access to my network while on the go so I enabled open VPN on my network. I actually use wireguard, but since there is no wireguard support in settings, I decided to use openvpn just for Ubuntu touch.

I followed the guide that's on the Ubuntu touch website, extracting all of the keys and information required to set this up. However, while I am able to establish a connection, I cannot ping anything at all, my route out to the internet as well as to internal network devices is dead.

I thought perhaps my configuration was wrong, so to verify everything was fine, I downloaded the OpenVPN app on my regular phone (android) and imported the profile that was created from my router (I used this exact profile to extract keys from above). Once it connected, everything just worked.

I'll follow this thread in case there are additional instructions I need to implement.

gpatel-fr

@zakafx said in OpenVPN setup does not offer what i need for my vpn server....:

I followed the guide that's on the Ubuntu touch website, extracting all of the keys and information required to set this up. However, while I am able to establish a connection, I cannot ping anything at all, my route out to the internet as well as to internal network devices is dead.

sorry I can't help you more but my phone under UT is still in the near future :-). I'd advise you to run the commands I gave in my previous message and post the result, with possibly a schema of your network to make things more clear.

zakafx

@gpatel-fr I just arrived back from a work trip so perhaps this weekend ill play around and report back. ill add a route manually and see what happens!

Vlad Nirky

@gpatel-en
Thank you for these explanations. Interesting...
I will look into it further.
I will keep you informed.

OtaDr

Dobrý den, používám internetový proxy s OVPN (projekt IPFire) a telefon s UT 24.04 (Pixel 3Axl).VPN funguje jak pro přístup k lokální síti, tak jako proxy pro přístup například k webu z mobilního telefonu. (Byly problémy s typem šifrování na straně serveru ovpn.)

I will add:
On the server side, I changed the encryption type from AES-GCM 256-bit to CBC 256-bit, and
then added the PKCS12 certificate to the phone...

MrT10001

In the Xenial days I used VPN Editor which worked great for NordVPN. I don't know if it will work on Focal or Noble, may need an upgrade, but it had more tweaks to get things going.