Resend my activation email : Register : Log in 
BCF: Bike Chat Forums


BTOpenzone + VPN

Reply to topic
Bike Chat Forums Index -> The Geek Zone Goto page 1, 2, 3  Next
View previous topic : View next topic  
Author Message

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 16:59 - 08 Oct 2018    Post subject: BTOpenzone + VPN Reply with quote

At home I have my raspberry pi running OpenVPN and have been able to successfully connect and browse for the last year or so.

I have recently encountered a new issue in that there is an BT openzone hotspot that I can connect to near work. I can still connect to my VPN from this hotspot, but am unable to browse any internet pages.

I can successfully connect to the VPN and can access the web server and RDP into the computer on my home network. I can also ping/nslookup webpages from the terminal/command prompt.

If I use my phone as a hotspot, I can connect to the VPN and everything is fine. Any ideas?
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts
- This post is not being displayed because the poster has bad karma. Unhide this post / all posts.

colink98
Could Be A Chat Bot



Joined: 27 Jun 2016
Karma :

PostPosted: 10:38 - 09 Oct 2018    Post subject: Reply with quote

everything except http/https is going via your VPN.
Hence RDP/Ping and so forth work as intended.

http/https is getting jacked on the BT AP to want to send you via some sigh up page type thing as opposed to going out via your VPN's soft nic.

you should be able to tunnel all traffic via your VPN.
or try running a proxy ont he PC at home and use that when connecting via VPN.
____________________
PCX125 (stolen) - CBF600 (current)
Ride it like you stole it.
ride sensible and not like an idiot and you wont get 6 points in one week.
 Back to top
View user's profile Send private message You must be logged in to rate posts
- This post is not being displayed because the poster has bad karma. Unhide this post / all posts.

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 16:58 - 09 Oct 2018    Post subject: Reply with quote

The VPN client is on various devices, android phone, linux mint or windows 10.

How do I ensure that all traffic is routed through the VPN? VPN Server is on raspberry pi running openVPN.

When I connect to the VPN using my phone as a hotspot for my laptop, my public ip address changes to the ip address of my home network. If I wasn't routing all traffic I would expect my ip address to be the same as the address from my phone.
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts
- This post is not being displayed because the poster has bad karma. Unhide this post / all posts.

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 11:06 - 10 Oct 2018    Post subject: Reply with quote

How can I check open ports when connected to the VPN?

The pi, as well as hosting the vpn server, also hosts a small webpage that is only accessible to users inside the network. It'a a very basic static page that allows me to execute some ssh commands such as turn on the my fileserver, restart plex. This page is accessible when connected to the VPN. As is my plex/Emby server webpages. Therefore I don't think that port 80 is being blocked.
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts
- This post is not being displayed because the poster has bad karma. Unhide this post / all posts.

colink98
Could Be A Chat Bot



Joined: 27 Jun 2016
Karma :

PostPosted: 20:29 - 10 Oct 2018    Post subject: Reply with quote

mpd72 CPT wrote:
It's pretty likely to be the BT Openreach connection blocking certain traffic over VPN then.


how ?

if the VPN connection is successfully made.
then any traffic over it should be masked from the provider.
that's the whole point of a VPN.
____________________
PCX125 (stolen) - CBF600 (current)
Ride it like you stole it.
ride sensible and not like an idiot and you wont get 6 points in one week.
 Back to top
View user's profile Send private message You must be logged in to rate posts

colink98
Could Be A Chat Bot



Joined: 27 Jun 2016
Karma :

PostPosted: 20:31 - 10 Oct 2018    Post subject: Reply with quote

el_oso wrote:

How do I ensure that all traffic is routed through the VPN? VPN Server is on raspberry pi running openVPN.


there should be an option somewhere which allows you to select "tunnel all" this would mean all traffic from the client device gets routed via the VPN.

the opposite is a split tunnel.
where as traffic for the VPN network is routed via the VPN.
but other traffic is routed via the local gateway.

a plit tunnel would explain what you are seeing.
Where you can see all the devices on your VPN network.
Where as HTTP is going via the local gateway (BT)
____________________
PCX125 (stolen) - CBF600 (current)
Ride it like you stole it.
ride sensible and not like an idiot and you wont get 6 points in one week.
 Back to top
View user's profile Send private message You must be logged in to rate posts

colink98
Could Be A Chat Bot



Joined: 27 Jun 2016
Karma :

PostPosted: 20:33 - 10 Oct 2018    Post subject: Reply with quote

el_oso wrote:
How can I check open ports when connected to the VPN?

The pi, as well as hosting the vpn server, also hosts a small webpage that is only accessible to users inside the network. It'a a very basic static page that allows me to execute some ssh commands such as turn on the my fileserver, restart plex. This page is accessible when connected to the VPN. As is my plex/Emby server webpages. Therefore I don't think that port 80 is being blocked.


See my note about split tunnel.
your webpages hosted on your VPN network are being directed over the VPN and hence they are loading.

any http traffic not on your vpn network is getting routed via the local BT gateway and that's causing you issues.
____________________
PCX125 (stolen) - CBF600 (current)
Ride it like you stole it.
ride sensible and not like an idiot and you wont get 6 points in one week.
 Back to top
View user's profile Send private message You must be logged in to rate posts

owl
World Chat Champion



Joined: 21 Oct 2016
Karma :

PostPosted: 10:05 - 11 Oct 2018    Post subject: Reply with quote

It sounds like it works as expected elsewhere, which like mpd says means it not the config, it's something on the Openzone side. iirc those bt hotspots have those captive portal pages, have you fully connected and completed that first?

If you can ping home network internal IPs and external website IP's but not reach the sites, it sounds like a DNS issue.

Additionally the easiest way to tell if you are tunnelled or split, is go to a website like www.whatismyip.com, if it comes up with your home WAN IP then you are tunnelled.
____________________
Observation is the greatest source of wisdom.
 Back to top
View user's profile Send private message You must be logged in to rate posts

NeverAgain
Nova Slayer



Joined: 29 Oct 2016
Karma :

PostPosted: 09:44 - 12 Oct 2018    Post subject: Reply with quote

owl wrote:
It sounds like it works as expected elsewhere, which like mpd says means it not the config, it's something on the Openzone side. iirc those bt hotspots have those captive portal pages, have you fully connected and completed that first?


If configured correctly, the openzone cannot tell the difference between the types of traffic within the VPN. It's all just encrypted traffic to the portal. It's a setup issue. Possibly the setup with with the DNS as some setups don't send the DNS requests through the tunnel.
 Back to top
View user's profile Send private message You must be logged in to rate posts

owl
World Chat Champion



Joined: 21 Oct 2016
Karma :

PostPosted: 10:03 - 12 Oct 2018    Post subject: Reply with quote

NeverAgain wrote:

If configured correctly, the openzone cannot tell the difference between the types of traffic within the VPN. It's all just encrypted traffic to the portal. It's a setup issue. Possibly the setup with with the DNS as some setups don't send the DNS requests through the tunnel.


True, but how does it work fine on another connection then?
____________________
Observation is the greatest source of wisdom.
 Back to top
View user's profile Send private message You must be logged in to rate posts
- This post is not being displayed because the poster has bad karma. Unhide this post / all posts.

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 12:54 - 12 Oct 2018    Post subject: Reply with quote

I've tried disabling the BT DNS helper thing.

And yes, I think I'm on a different subnet. Honestly though, networking isn't my strongest computer skill.

BT router at home is standard 192.168.1.254.
Pi address 192.168.1.3 running openVPN server with an address of 10.8.0.1

Google tells me my external IP address is that of my home network when connected to the VPN.
I accidentally discovered I could load YouTube but no other external sites.
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts
- This post is not being displayed because the poster has bad karma. Unhide this post / all posts.

owl
World Chat Champion



Joined: 21 Oct 2016
Karma :

PostPosted: 13:17 - 12 Oct 2018    Post subject: Reply with quote

10.8.0.6 is the default openvpn issued client dhcp address, it's normal for it not to have a gateway, even with tunnelling enabled.
____________________
Observation is the greatest source of wisdom.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 13:20 - 12 Oct 2018    Post subject: Reply with quote

That's my laptop running Windows 10 (because work is all MS)

OpenVPN client installs a virtual Ethernet adaptor to tunnel to the connection through.

The wi-fi is the Openzone hotspot.

Connected to wi-fi provided by phone in hotspot mode, and connected to the VPN on my laptop I get the same blank gateway for the virtual adapter.
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts
- This post is not being displayed because the poster has bad karma. Unhide this post / all posts.

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 13:30 - 12 Oct 2018    Post subject: Reply with quote

mpd72 CPT wrote:
I mentioned this before, but in the properties of the VPN conenction in Network and Sharing centre, go to networking> IPV4 properties> advanced and see if "use default gateway on remote network" is ticked.

I presume the client is just dialling a normal Windows VPN connection?


sorry, forgot to reply with it's not an option that I can find in Win10.
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

owl
World Chat Champion



Joined: 21 Oct 2016
Karma :

PostPosted: 13:52 - 12 Oct 2018    Post subject: Reply with quote

the choice of whether to tunnel or not is set when setting up the server config, if you check the connection logs you should have something like

redirect-gateway def1 from client side
____________________
Observation is the greatest source of wisdom.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 13:57 - 12 Oct 2018    Post subject: Reply with quote

owl wrote:
the choice of whether to tunnel or not is set when setting up the server config, if you check the connection logs you should have something like

redirect-gateway def1 from client side


I have that line in my server config. I specifically remember adding it in when I set up the VPN server as my initial test returned a different ip address to my home network from whatsmyip

One semi-random thought I had when I went to get some lunch was is it possible that these BT hotspots are available because someone is sharing their internet connection. These would then be running on their own network. Is it possible that I'm running on the same network as something on there. i.e. my route is already a route
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts
- This post is not being displayed because the poster has bad karma. Unhide this post / all posts.
- This post is not being displayed because the poster has bad karma. Unhide this post / all posts.
Old Thread Alert!

The last post was made 5 years, 169 days ago. Instead of replying here, would creating a new thread be more useful?
  Display posts from previous:   
This page may contain affiliate links, which means we may earn a small commission if a visitor clicks through and makes a purchase. By clicking on an affiliate link, you accept that third-party cookies will be set.

Post new topic   Reply to topic    Bike Chat Forums Index -> The Geek Zone All times are GMT + 1 Hour
Goto page 1, 2, 3  Next
Page 1 of 3

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Read the Terms of Use! - Powered by phpBB © phpBB Group
 

Debug Mode: ON - Server: birks (www) - Page Generation Time: 0.09 Sec - Server Load: 0.33 - MySQL Queries: 17 - Page Size: 139.41 Kb