Resend my activation email : Register : Log in 
BCF: Bike Chat Forums


BTOpenzone + VPN

Reply to topic
Bike Chat Forums Index -> The Geek Zone Goto page 1, 2, 3  Next
View previous topic : View next topic  
Author Message

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 16:59 - 08 Oct 2018    Post subject: BTOpenzone + VPN Reply with quote

At home I have my raspberry pi running OpenVPN and have been able to successfully connect and browse for the last year or so.

I have recently encountered a new issue in that there is an BT openzone hotspot that I can connect to near work. I can still connect to my VPN from this hotspot, but am unable to browse any internet pages.

I can successfully connect to the VPN and can access the web server and RDP into the computer on my home network. I can also ping/nslookup webpages from the terminal/command prompt.

If I use my phone as a hotspot, I can connect to the VPN and everything is fine. Any ideas?
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 09:28 - 09 Oct 2018    Post subject: Reply with quote

Some domestic ISP's can tend to block or restrict certain actions, especially VPN, to reduce free streaming of sports etc.

It could be at the router or at BT's end. Ring them up and ask. I've seen Sky block at ISP end and Virgin routers often need PPTP passthough enabling as it's often disabled as standard.
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

ColinK98
Traffic Copper



Joined: 27 Jun 2016
Karma :

PostPosted: 10:38 - 09 Oct 2018    Post subject: Reply with quote

everything except http/https is going via your VPN.
Hence RDP/Ping and so forth work as intended.

http/https is getting jacked on the BT AP to want to send you via some sigh up page type thing as opposed to going out via your VPN's soft nic.

you should be able to tunnel all traffic via your VPN.
or try running a proxy ont he PC at home and use that when connecting via VPN.
____________________
PCX125 (stolen) - CBF600 (current)
Ride it like you stole it.
ride sensible and not like an idiot and you wont get 6 points in one week.
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 13:28 - 09 Oct 2018    Post subject: Reply with quote

Is the VPN connection on a Windows device?
Is "Use Gateway on remote network" ticked, under the IPv4 address advanced setup?

Is IPv6 enabled?
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 16:58 - 09 Oct 2018    Post subject: Reply with quote

The VPN client is on various devices, android phone, linux mint or windows 10.

How do I ensure that all traffic is routed through the VPN? VPN Server is on raspberry pi running openVPN.

When I connect to the VPN using my phone as a hotspot for my laptop, my public ip address changes to the ip address of my home network. If I wasn't routing all traffic I would expect my ip address to be the same as the address from my phone.
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 09:19 - 10 Oct 2018    Post subject: Reply with quote

It's pretty likely to be the BT Openreach connection blocking certain traffic over VPN then.

BT, Sky and Virgin aren't keen on VPN passthrough on their domestic services as it helps people stream stuff for free, which they try to charge a premium for. The Openreach connections are generally using another BT customers' router to generate the Openreach guest network. I should imagine that will be even more limited to a standard private connection.

It's also worth noting that on Windows for sure, the network location of VPN needs to be set to "private" not "public" for VPN to work properly.

Can't you just check for TCP ports 80 and 443 with an open ports checker?
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 11:06 - 10 Oct 2018    Post subject: Reply with quote

How can I check open ports when connected to the VPN?

The pi, as well as hosting the vpn server, also hosts a small webpage that is only accessible to users inside the network. It'a a very basic static page that allows me to execute some ssh commands such as turn on the my fileserver, restart plex. This page is accessible when connected to the VPN. As is my plex/Emby server webpages. Therefore I don't think that port 80 is being blocked.
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 14:36 - 10 Oct 2018    Post subject: Reply with quote

el_oso wrote:
How can I check open ports when connected to the VPN?

The pi, as well as hosting the vpn server, also hosts a small webpage that is only accessible to users inside the network. It'a a very basic static page that allows me to execute some ssh commands such as turn on the my fileserver, restart plex. This page is accessible when connected to the VPN. As is my plex/Emby server webpages. Therefore I don't think that port 80 is being blocked.


Are we not just over thinking this?
If it all works OK when connecting your VPN via your 3G/4G phone hotspot, but not through the public BT Openreach, that's where the issue lies surely?

Quote:
BT changed something in the last month or so which is now blocking (or interfering with) VPN connections.

I've worked in IT for the last 30 years and whilst I'm not a networking expert, I understand enough to know that this isn't something that we, the customer, can fix.
I've tried everything possible, as have my work colleagues, all without success.
Myself and some of my work colleagues have spoken with BT "experts", used live chat, search the forums and are still no closer to resolving this issue.


It sound like they're trying to block the sort of relaying which Torrent and Acestreams would use through a VPN to stream sports etc, but not being blocked by your mobile provider.
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

ColinK98
Traffic Copper



Joined: 27 Jun 2016
Karma :

PostPosted: 20:29 - 10 Oct 2018    Post subject: Reply with quote

mpd72 CPT wrote:
It's pretty likely to be the BT Openreach connection blocking certain traffic over VPN then.


how ?

if the VPN connection is successfully made.
then any traffic over it should be masked from the provider.
that's the whole point of a VPN.
____________________
PCX125 (stolen) - CBF600 (current)
Ride it like you stole it.
ride sensible and not like an idiot and you wont get 6 points in one week.
 Back to top
View user's profile Send private message You must be logged in to rate posts

ColinK98
Traffic Copper



Joined: 27 Jun 2016
Karma :

PostPosted: 20:31 - 10 Oct 2018    Post subject: Reply with quote

el_oso wrote:

How do I ensure that all traffic is routed through the VPN? VPN Server is on raspberry pi running openVPN.


there should be an option somewhere which allows you to select "tunnel all" this would mean all traffic from the client device gets routed via the VPN.

the opposite is a split tunnel.
where as traffic for the VPN network is routed via the VPN.
but other traffic is routed via the local gateway.

a plit tunnel would explain what you are seeing.
Where you can see all the devices on your VPN network.
Where as HTTP is going via the local gateway (BT)
____________________
PCX125 (stolen) - CBF600 (current)
Ride it like you stole it.
ride sensible and not like an idiot and you wont get 6 points in one week.
 Back to top
View user's profile Send private message You must be logged in to rate posts

ColinK98
Traffic Copper



Joined: 27 Jun 2016
Karma :

PostPosted: 20:33 - 10 Oct 2018    Post subject: Reply with quote

el_oso wrote:
How can I check open ports when connected to the VPN?

The pi, as well as hosting the vpn server, also hosts a small webpage that is only accessible to users inside the network. It'a a very basic static page that allows me to execute some ssh commands such as turn on the my fileserver, restart plex. This page is accessible when connected to the VPN. As is my plex/Emby server webpages. Therefore I don't think that port 80 is being blocked.


See my note about split tunnel.
your webpages hosted on your VPN network are being directed over the VPN and hence they are loading.

any http traffic not on your vpn network is getting routed via the local BT gateway and that's causing you issues.
____________________
PCX125 (stolen) - CBF600 (current)
Ride it like you stole it.
ride sensible and not like an idiot and you wont get 6 points in one week.
 Back to top
View user's profile Send private message You must be logged in to rate posts

owl
World Chat Champion



Joined: 21 Oct 2016
Karma :

PostPosted: 10:05 - 11 Oct 2018    Post subject: Reply with quote

It sounds like it works as expected elsewhere, which like mpd says means it not the config, it's something on the Openzone side. iirc those bt hotspots have those captive portal pages, have you fully connected and completed that first?

If you can ping home network internal IPs and external website IP's but not reach the sites, it sounds like a DNS issue.

Additionally the easiest way to tell if you are tunnelled or split, is go to a website like www.whatismyip.com, if it comes up with your home WAN IP then you are tunnelled.
____________________
Observation is the greatest source of wisdom.
 Back to top
View user's profile Send private message You must be logged in to rate posts

NeverAgain
Renault 5 Driver



Joined: 29 Oct 2016
Karma :

PostPosted: 09:44 - 12 Oct 2018    Post subject: Reply with quote

owl wrote:
It sounds like it works as expected elsewhere, which like mpd says means it not the config, it's something on the Openzone side. iirc those bt hotspots have those captive portal pages, have you fully connected and completed that first?


If configured correctly, the openzone cannot tell the difference between the types of traffic within the VPN. It's all just encrypted traffic to the portal. It's a setup issue. Possibly the setup with with the DNS as some setups don't send the DNS requests through the tunnel.
 Back to top
View user's profile Send private message You must be logged in to rate posts

owl
World Chat Champion



Joined: 21 Oct 2016
Karma :

PostPosted: 10:03 - 12 Oct 2018    Post subject: Reply with quote

NeverAgain wrote:

If configured correctly, the openzone cannot tell the difference between the types of traffic within the VPN. It's all just encrypted traffic to the portal. It's a setup issue. Possibly the setup with with the DNS as some setups don't send the DNS requests through the tunnel.


True, but how does it work fine on another connection then?
____________________
Observation is the greatest source of wisdom.
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 11:59 - 12 Oct 2018    Post subject: Reply with quote

Worth a look? A bit old, but similar issue. When connected, what gateway and DNS show for the VPN tunnel and local connection?

https://community.bt.com/t5/ADSL-Copper-broadband/BT-Broadband-and-corporate-VPN/td-p/44711

Quote:
The VPN software connects as normal but now the gateway and DNS settings do not carry through. If set manually they conflict with those from the home hub and its connection. So now I can either talk to systems at work or systems in the big wide world but nolonger both. Any ideas?


I take it your local IP when connected to Openreach is on a different subnet to the remote network?
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 12:54 - 12 Oct 2018    Post subject: Reply with quote

I've tried disabling the BT DNS helper thing.

And yes, I think I'm on a different subnet. Honestly though, networking isn't my strongest computer skill.

BT router at home is standard 192.168.1.254.
Pi address 192.168.1.3 running openVPN server with an address of 10.8.0.1

Google tells me my external IP address is that of my home network when connected to the VPN.
I accidentally discovered I could load YouTube but no other external sites.
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 13:08 - 12 Oct 2018    Post subject: Reply with quote

el_oso wrote:
I've tried disabling the BT DNS helper thing.

And yes, I think I'm on a different subnet. Honestly though, networking isn't my strongest computer skill.

BT router at home is standard 192.168.1.254.
Pi address 192.168.1.3 running openVPN server with an address of 10.8.0.1

Google tells me my external IP address is that of my home network when connected to the VPN.
I accidentally discovered I could load YouTube but no other external sites.


What device that screen shot from? You have an Ethernet adaptor with no default gateway and no visible VPN connected.

What's the Ethernet adaptor configured for - DHCP or Static IP?
Why the two connections?
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

owl
World Chat Champion



Joined: 21 Oct 2016
Karma :

PostPosted: 13:17 - 12 Oct 2018    Post subject: Reply with quote

10.8.0.6 is the default openvpn issued client dhcp address, it's normal for it not to have a gateway, even with tunnelling enabled.
____________________
Observation is the greatest source of wisdom.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 13:20 - 12 Oct 2018    Post subject: Reply with quote

That's my laptop running Windows 10 (because work is all MS)

OpenVPN client installs a virtual Ethernet adaptor to tunnel to the connection through.

The wi-fi is the Openzone hotspot.

Connected to wi-fi provided by phone in hotspot mode, and connected to the VPN on my laptop I get the same blank gateway for the virtual adapter.
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 13:25 - 12 Oct 2018    Post subject: Reply with quote

I mentioned this before, but in the properties of the VPN conenction in Network and Sharing centre, go to networking> IPV4 properties> advanced and see if "use default gateway on remote network" is ticked.

I presume the client is just dialling a normal Windows VPN connection?
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 13:30 - 12 Oct 2018    Post subject: Reply with quote

mpd72 CPT wrote:
I mentioned this before, but in the properties of the VPN conenction in Network and Sharing centre, go to networking> IPV4 properties> advanced and see if "use default gateway on remote network" is ticked.

I presume the client is just dialling a normal Windows VPN connection?


sorry, forgot to reply with it's not an option that I can find in Win10.
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

owl
World Chat Champion



Joined: 21 Oct 2016
Karma :

PostPosted: 13:52 - 12 Oct 2018    Post subject: Reply with quote

the choice of whether to tunnel or not is set when setting up the server config, if you check the connection logs you should have something like

redirect-gateway def1 from client side
____________________
Observation is the greatest source of wisdom.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 13:57 - 12 Oct 2018    Post subject: Reply with quote

owl wrote:
the choice of whether to tunnel or not is set when setting up the server config, if you check the connection logs you should have something like

redirect-gateway def1 from client side


I have that line in my server config. I specifically remember adding it in when I set up the VPN server as my initial test returned a different ip address to my home network from whatsmyip

One semi-random thought I had when I went to get some lunch was is it possible that these BT hotspots are available because someone is sharing their internet connection. These would then be running on their own network. Is it possible that I'm running on the same network as something on there. i.e. my route is already a route
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 14:07 - 12 Oct 2018    Post subject: Reply with quote

el_oso wrote:
mpd72 CPT wrote:
I mentioned this before, but in the properties of the VPN conenction in Network and Sharing centre, go to networking> IPV4 properties> advanced and see if "use default gateway on remote network" is ticked.

I presume the client is just dialling a normal Windows VPN connection?


sorry, forgot to reply with it's not an option that I can find in Win10.


Click on "Advanced"
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 14:12 - 12 Oct 2018    Post subject: Reply with quote

el_oso wrote:
owl wrote:
the choice of whether to tunnel or not is set when setting up the server config, if you check the connection logs you should have something like

redirect-gateway def1 from client side


I have that line in my server config. I specifically remember adding it in when I set up the VPN server as my initial test returned a different ip address to my home network from whatsmyip

One semi-random thought I had when I went to get some lunch was is it possible that these BT hotspots are available because someone is sharing their internet connection. These would then be running on their own network. Is it possible that I'm running on the same network as something on there. i.e. my route is already a route


Most of these BT hotspots are a guest network on a different subnet on another BT customer's router. They're in "wireless isolation" mode, so can't access the other wireless LAN on the same router and can;t see other devices on the same network. As has been said though, they usually direct you to a proxy page where you have to login with your BT login details in order to use it.

Most BT routers broadcast 2-3 wireless networks, the private one, the openreach one for all other BT customers to use and occasionally one for VOIP phones.
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts
Display posts from previous:   

Post new topic   Reply to topic    Bike Chat Forums Index -> The Geek Zone All times are GMT + 1 Hour
Goto page 1, 2, 3  Next
Page 1 of 3

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Read the Terms of Use! - Powered by phpBB © phpBB Group
 

Debug Mode: ON - Server: discovery (www) - Page Generation Time: 0.19 Sec - Server Load: 1.72 - MySQL Queries: 16 - CDN Objects: 32 - Page Size: 135.9 Kb