What's new

openvpn, route phone via ovpn through external ovpn server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

frashman

New Around Here
[Solved] openvpn, route phone via ovpn through external ovpn server

hi,

i have a little problem with my openvpn setup. i want to access my router and it's internet connection from my mobile phone. therefore i set up an openvpn server and the android client. and my router (AC66U Merlin .374.39) also use an openvpn connection to another server. both setups are working fine separately. all my clients behind the router can access to the ovpn server and my mobile phone can access to the router (via the route of ISP or the ovpn server). But the problem is my phone have only a local connection and cannot go into the web when i use the ovpn server route.

Code:
1. OpenVpn server <------ (ISP) ------> ASUS AC66U - working
2. Android client <------ (ISP) ------> ASUS AC66U - working
3. Android client <------ (OpenVpn server) ------> ASUS AC66U - working, until router and local clients, but no internet connection

here ovpn config from router as server
Code:
daemon
server 10.0.1.0 255.255.255.0
proto udp
port 1194
dev tun21
cipher AES-256-CBC
comp-lzo adaptive
keepalive 15 60
verb 3
push "route 10.0.0.0 255.255.255.0"
push "dhcp-option DNS 10.0.0.1"
push "redirect-gateway def1"
tls-auth static.key
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status

android client config (note: the dyndns domain is the ip from the external ovpn server)
Code:
client
dev tun
proto udp
remote 46.y.y.y 1194
float
cipher AES-256-CBC
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
resolv-retry infinite
nobind

##certs, keys etc...

Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
46.y.y.y        178.x.x.254     255.255.255.255 UGH   0      0        0 eth0
178.x.x.254     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
10.0.1.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun21
46.y.y.0        0.0.0.0         255.255.255.0   U     0      0        0 tun11
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 br0
10.0.1.0        10.0.1.2        255.255.255.0   UG    0      0        0 tun21
178.x.x.0       0.0.0.0         255.255.248.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         46.y.y.1        128.0.0.0       UG    0      0        0 tun11
128.0.0.0       46.y.y.1        128.0.0.0       UG    0      0        0 tun11
0.0.0.0         178.x.x.254     0.0.0.0         UG    0      0        0 eth0

i think (or hope ;-) its a simple route i have to add.
thanks for the help

note: android >4.x clients are unable to use a TAP devices
 
Last edited:
I just solved the problem by myself. I forgot to add push "route-gateway 10.0.0.1" in the server config
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top