Resend my activation email : Register : Log in 
BCF: Bike Chat Forums


BTOpenzone + VPN

Reply to topic
Bike Chat Forums Index -> The Geek Zone Goto page Previous  1, 2, 3  Next
View previous topic : View next topic  
Author Message

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 14:12 - 12 Oct 2018    Post subject: Reply with quote

Still not there...
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 14:24 - 12 Oct 2018    Post subject: Reply with quote

el_oso wrote:
Still not there...


You don't see this when you click on advanced, from the IPV4 properties of your VPN connection on your client PC?

http://i64.tinypic.com/2hz38ew.jpg
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 14:31 - 12 Oct 2018    Post subject: Reply with quote

I only have the interface metric box
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 14:40 - 12 Oct 2018    Post subject: Reply with quote

el_oso wrote:
I only have the interface metric box


You've lost me.

On your client PC, go to "Control Panel". Make sure the view is "Large icons" not "Category".

Find "Network and Sharing Centre" > "Change adaptor settings" on the left > Right click your VPN dial up connection > Properties > IPV4 > Advanced.

It's in there. I've never seen a PC where that's missing on any standard Windows VPN, wireless or Ethernet connection.
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 14:49 - 12 Oct 2018    Post subject: Reply with quote

no option
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 15:42 - 12 Oct 2018    Post subject: Reply with quote

el_oso wrote:
no option


That's not a screenshot from a Windows client VPN connection, that's from a LAN or wifi connection. Like I said, I presume you're using a standard Windows VPN dial up connection?

Have you tried just creating a VPN connection using the Windows built in VPN client? All you need is WAN IP, username and password. You know, Network and Sharing Centre > Setup a new connection or network.
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

owl
World Chat Champion



Joined: 21 Oct 2016
Karma :

PostPosted: 15:50 - 12 Oct 2018    Post subject: Reply with quote

http://bt.custhelp.com/app/answers/detail/a_id/14244/c/402

I have problems using my VPN (Virtual Private Network)

Some VPNs may not work well with the BT Web Address Help service. If you're experiencing problems with your VPN you should disconnect from the VPN and then opt out of the BT Web Address Help service in Preferences. You'll only need to opt out once.
____________________
Observation is the greatest source of wisdom.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 15:51 - 12 Oct 2018    Post subject: Reply with quote

I'm using openVPN as my client on Windows, not using the built in Windows functionality.
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 16:01 - 12 Oct 2018    Post subject: Reply with quote

el_oso wrote:
I'm using openVPN as my client on Windows, not using the built in Windows functionality.


Try it, you'll be able to tick the remote gateway option then.

It takes seconds to set up a connection as it's all automatic other than needing WAN IP, username and password.
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

owl
World Chat Champion



Joined: 21 Oct 2016
Karma :

PostPosted: 16:14 - 12 Oct 2018    Post subject: Reply with quote

mpd72 CPT wrote:
el_oso wrote:
I'm using openVPN as my client on Windows, not using the built in Windows functionality.


Try it, you'll be able to tick the remote gateway option then.

It takes seconds to set up a connection as it's all automatic other than needing WAN IP, username and password.


it won't have the certificates.
____________________
Observation is the greatest source of wisdom.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 16:18 - 12 Oct 2018    Post subject: Reply with quote

I couldn't work out how to add the certificates to make it work. These are all home generates certificates
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 16:29 - 12 Oct 2018    Post subject: Reply with quote

Is there a reason why you're using this public wifi Openreach connection? Are there no other connections available, because clearly the issue is down to the Openreach connection.
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

NeverAgain
Renault 5 Driver



Joined: 29 Oct 2016
Karma :

PostPosted: 16:39 - 12 Oct 2018    Post subject: Reply with quote

I've got no issues with my setup and having everything tunnelled through and I use BT Openzone daily at work. One obvious differential is I use port 443 as the listening port at my server end for VPN traffic and DNS requests go through my VPN to my pihole at home.

I'm on an entirely Linux network though so can't contribute much to Windows setup.
 Back to top
View user's profile Send private message You must be logged in to rate posts

owl
World Chat Champion



Joined: 21 Oct 2016
Karma :

PostPosted: 16:44 - 12 Oct 2018    Post subject: Reply with quote

maybe try set the push dns option in the server config

push "dhcp-option DNS 8.8.8.8"

or whatever you want to use.

If you are saying that everything is pingable/reachable by IP still sounds like a DNS issue to me.
____________________
Observation is the greatest source of wisdom.
 Back to top
View user's profile Send private message You must be logged in to rate posts

NeverAgain
Renault 5 Driver



Joined: 29 Oct 2016
Karma :

PostPosted: 17:05 - 12 Oct 2018    Post subject: Reply with quote

owl wrote:
If you are saying that everything is pingable/reachable by IP still sounds like a DNS issue to me.


I think it's the only thing that could cause an issue. Openzone probably blocks requests to DNS servers outside of its control and therefore you need to tunnel those requests to a DNS through your VPN?
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 17:28 - 12 Oct 2018    Post subject: Reply with quote

If it is a DNS issue, the OP should be able to open up a BBC "page not found" by typing http://212.58.244.27 into the address bar of the browser.

If that works, it's DNS, if not, then BT are blocking it some other way.
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 13:04 - 15 Oct 2018    Post subject: Reply with quote

sorry guys, was away at the weekend. Thanks for your input so far.

I do get the page not found error from BBC when going to the page by IP.

My prefered DNS servers are pushed from the server. Just to be sure I've overridden the DNS in Windows and Linux Mint, but to no avail.
When doing an nslookup I get a return and the DNS server that I expect is being used.
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 15:02 - 15 Oct 2018    Post subject: Reply with quote

el_oso wrote:
sorry guys, was away at the weekend. Thanks for your input so far.

I do get the page not found error from BBC when going to the page by IP.

My prefered DNS servers are pushed from the server. Just to be sure I've overridden the DNS in Windows and Linux Mint, but to no avail.
When doing an nslookup I get a return and the DNS server that I expect is being used.


Can you set an DNS such as 208.67.220.220 in IP4 for the local area connection you photographed earlier? You know, the one with no default gateway, that you screenshotted from a command prompt.

I have a customer who has a few dial in VPN accounts. Since the VOIP supplier switched the broadband to their ISP, I've no longer been able to get DNS to work through the VPN connections. I have to map drives to a fixed IP address, instead of PC/Server name.
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 15:12 - 15 Oct 2018    Post subject: Reply with quote

mpd72 CPT wrote:


Can you set an DNS such as 208.67.220.220 in IP4 for the local area connection you photographed earlier? You know, the one with no default gateway, that you screenshotted from a command prompt.

I have a customer who has a few dial in VPN accounts. Since the VOIP supplier switched the broadband to their ISP, I've no longer been able to get DNS to work through the VPN connections. I have to map drives to a fixed IP address, instead of PC/Server name.


That is what it is currently set as. Confused
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

mpd72 CPT
World Chat Champion



Joined: 22 Oct 2013
Karma :

PostPosted: 16:02 - 15 Oct 2018    Post subject: Reply with quote

el_oso wrote:
mpd72 CPT wrote:


Can you set an DNS such as 208.67.220.220 in IP4 for the local area connection you photographed earlier? You know, the one with no default gateway, that you screenshotted from a command prompt.

I have a customer who has a few dial in VPN accounts. Since the VOIP supplier switched the broadband to their ISP, I've no longer been able to get DNS to work through the VPN connections. I have to map drives to a fixed IP address, instead of PC/Server name.


That is what it is currently set as. Confused


This is the Ethernet connection, not the wifi?
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 16:09 - 15 Oct 2018    Post subject: Reply with quote

correct.

Have set the DNS using the network manager in Linux Mint as well, however it didn't seem to be switching to the google DNS.
____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

owl
World Chat Champion



Joined: 21 Oct 2016
Karma :

PostPosted: 16:32 - 15 Oct 2018    Post subject: Reply with quote

Can you post your client / server config minus the certs and answer the following

1. Does this vpn connection currently (like as in now) work as expected from other networks like starbucks for instance?
2. When/if it does work on another network are you tunnelling, ie if you visist whatismyip or similar do you see your home wan ip listed?
3. Did you see/complete a captive landing page when connecting to the bt openzone network?
____________________
Observation is the greatest source of wisdom.
 Back to top
View user's profile Send private message You must be logged in to rate posts

el_oso
World Chat Champion



Joined: 17 May 2008
Karma :

PostPosted: 16:58 - 15 Oct 2018    Post subject: Reply with quote

It appeared to work as expected, although from my phone, when I connected to hotspots in sri lanka. Was always able to access my home network, although I never explicitly checked what my external IP was.

Using the mobile network, I can connect to the VPN and my external IP is as if I was at home. Will try a UK based hotspot next time I walk past a pret/starbucks.

I dont remember going through a landing page, however it's an open hotspot. I am assuming it is using a BT cookie from BT sport etc to authorise me as being able to use the BT hotspot.

Code:

#/etc/openvpn/server.conf

local 192.168.1.3

dev tun

proto udp

port 1194

server 10.8.0.0 255.255.255.0

# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2

# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"

# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"

# your local subnet
push "route 192.168.1.3 255.255.255.255"

#push "dhcp-option DNS 192.168.1.254"   
push "dhcp-option DNS 8.8.8.8"

# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"

client-to-client

#duplicate-cn

keepalive 10 120

tls-server

cipher AES-256-CBC

comp-lzo

user nobody

group nogroup

persist-key

persist-tun

status /var/log/openvpn-status.log 20

log /var/log/openvpn.log

verb 3


Code:


machine-readable-output
#allow-recursive-routing
ifconfig-nowarn
client
verb 2
connect-retry-max 5
connect-retry 2 300
resolv-retry 60
dev tun
remote *removed address* 1194 udp
cipher AES-256-CBC
comp-lzo
key-direction 1
remote-cert-tls server
push-peer-info

____________________
Duke 390
Previous: '05 XR125L | '96 XJ600S Diversion |'05 Suzuki GSXR1000 | '05 Honda CBR125-R | '97 YZF 600R Thundercat | '11 Honda CBR250
Car: Jeep Wrangler 4.0L
 Back to top
View user's profile Send private message You must be logged in to rate posts

owl
World Chat Champion



Joined: 21 Oct 2016
Karma :

PostPosted: 17:58 - 15 Oct 2018    Post subject: Reply with quote

Can't see anything obviously wrong

Here's my server/client for comparison

Code:
-SERVER
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

-CLIENT
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote *removed* 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>


I don't have any BT accounts or I could test it on port 1194 for you, I just tried connecting to one and it popped up with the captive portal asking me to sign in.

Maybe you could try like NeverAgain said and change the ports to 443, however you might already have something assigned to this. You'd need to reconfigure your forwarding too.
____________________
Observation is the greatest source of wisdom.
 Back to top
View user's profile Send private message You must be logged in to rate posts

NeverAgain
Renault 5 Driver



Joined: 29 Oct 2016
Karma :

PostPosted: 09:51 - 16 Oct 2018    Post subject: Reply with quote

The DNS is still trying to go through Google's servers in this instance. Have you tried setting up a DNS within your home network so the DNS requests cannot be blocked by BT.

BT block external DNS servers on their home service to manage parental internet filters. I imagine the same system is used in their hotspots to prevent looking at porn in public?

I've got a script to bypass the openzone landing page so perhaps you've done the same as me?
 Back to top
View user's profile Send private message You must be logged in to rate posts
Display posts from previous:   

Post new topic   Reply to topic    Bike Chat Forums Index -> The Geek Zone All times are GMT + 1 Hour
Goto page Previous  1, 2, 3  Next
Page 2 of 3

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Read the Terms of Use! - Powered by phpBB © phpBB Group
 

Debug Mode: ON - Server: discovery (www) - Page Generation Time: 0.14 Sec - Server Load: 1.81 - MySQL Queries: 16 - CDN Objects: 31 - Page Size: 133.82 Kb