Menu
What's new
By:
Filters Better Search

Quick question/Public WiFi-VPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Ro berto

Ro berto

Regular Contributor
I'm connected to a public wifi and have internet, as soon as I connect to my router through the OpenVPN Server I lose internet connectivity but I can connect to my router through SSH.

Is it possible that a public WiFi blocks internet connection on a VPN connection?
 
If you can connect to your router via SSH though the VPN then there's no reason you shouldn't be able to access the internet also.

I suspect you have configured your VPN server incorrectly. Check the settings of "Direct clients to redirect Internet traffic" and "Advertise DNS to clients".
 
ColinTaylor said:
Check the settings of "Direct clients to redirect Internet traffic"
Click to expand...
I don't have that option (I'm on merlin).

I changed to a different public WiFi and am able to use internet with the VPN. o_O

Attached are my settings.
 

Attachments

  • Screenshot_20190503-122513.jpg
    Screenshot_20190503-122513.jpg
    44.2 KB · Views: 247
When you said "I can connect to my router through SSH" did you mean you were connecting through the VPN? Or have you enabled "SSH access from WAN" and were connecting directly to the router?
 
Ro berto said:
I don't have that option (I'm on merlin).
Click to expand...
You have to switch from Advanced Settings to General.

I changed to a different public WiFi and am able to use internet with the VPN. o_O
Click to expand...
Some public hotspots only allow "web" traffic, i.e. ports 80 and 443, or explicitly block VPN (port 1194). That's why some people choose to run their VPN server on port 443 instead of 1194.
 
Last edited:
ColinTaylor said:
When you said "I can connect to my router through SSH" did you mean you were connecting through the VPN?
Click to expand...
yes.

ColinTaylor said:
You have to switch from Advanced Settings to General.
Click to expand...
ah yes, got you, yeah it's enabled (see pic).

yeah, maybe it was that they were blocking port 1194 (funny, because it's the wifi from flixbus (a transportation company), and with one bus it was blocked, and with the next one it's not blocked).

ColinTaylor said:
That's why some people choose to run their VPN server on port 443 instead of 1194.
Click to expand...
is there any drawback with this?

thanks for your input Colin
 

Attachments

  • Screenshot_20190503-141412__01.jpg
    Screenshot_20190503-141412__01.jpg
    35.6 KB · Views: 327
Ro berto said:
yes.
Click to expand...
Then I'm confused as well. The whole point of a VPN is to encrypt the traffic so that it's impossible for anyone else (like the hotspot provider) to examine the data. So there's no way they could distinguish SSH traffic from HTTP. Maybe some sort of temporary routing problem on your router?

ah yes, got you, yeah it's enabled (see pic).

yeah, maybe it was that they were blocking port 1194 (funny, because it's the wifi from flixbus (a transportation company), and with one bus it was blocked, and with the next one it's not blocked).
Click to expand...
Seems unlikely (see previous answer). If they had blocked your VPN access on port 1194 your SSH connection wouldn't have worked either.

is there any drawback with this?
Click to expand...
Running a VPN server (or anything else) on a common port like 443 will mean that you will see endless connection attempts from port scanners.
 
ColinTaylor said:
Maybe some sort of temporary routing problem on your router?
Click to expand...
yeah most likely, since it makes sense what you say about being impossible to see encrypted data.
 
do you think it was related to the following?

I ran the following command on the SSH:
Code: 
iptables -I POSTROUTING -t nat -s $(nvram get vpn_server1_sn)/24 -o tun12 -j MASQUERADE
and had some problems, so I rebooted the router (I guess with the reboot this command was no longer valid).

(I ran this command so I could use the vpn client when away from home and using the openvpn sever, still trying to figure out how to make a script in openvpn-event so it runs automatically in up and down events)
 
Ro berto said:
do you think it was related to the following?

I ran the following command on the SSH:
Code: 
iptables -I POSTROUTING -t nat -s $(nvram get vpn_server1_sn)/24 -o tun12 -j MASQUERADE
Click to expand...
Quite possibly, although without knowing all the other rules and routing tables it's impossible to know for sure. It looks like you're trying to allow VPN server clients access to VPN Client #2.

and had some problems, so I rebooted the router (I guess with the reboot this command was no longer valid).
Click to expand...
Yes, rebooting would have removed that rule.
 
You must log in or register to reply here.

Similar threads

M
VPN for a Cruise Ship
Replies
11
Views
748
sfx2000
sfx2000
Z
Dynamic public IP question
Replies
4
Views
471
zero7404
Z
M
Help Me Understand OpenVPN
Replies
5
Views
592
Tech9
Tech9
G
VPN router on AIS
Replies
0
Views
417
georges
G
gdgross
Setting up VPN server (router?) for offsite access
Replies
13
Views
973
gdgross
gdgross
Similar threads
Thread starter Title Forum Replies Date
Z Dynamic public IP question VPN 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 775 (members: 20, guests: 755)
Top