Trying to access Raspberry Pi through OpenVPN via Android

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Louis Smith

New Around Here
Hey guys, sorry in advance if I sound like a noob but I don’t often ask questions online. What I’m aiming to do is a bit of a doozie in terms of difficulty (at least to me). Basically, I set up an always-on Raspberry Pi BitTorrent box. On that Raspberry Pi is a samba and SFTP shared external hard drive.

My goal basically is to be able to access the deluge client (port 58846), deluge web UI (port 8112) and the external hard drive over a cellular network (my android phone). I understand that a VPN connection to my LAN is probably the best way to go about doing this, correct me if I’m wrong, however.

I have an Asus RT-AX88U running version 384.15 Asuswrt-Merlin and I created a server using the default settings and set it to allow the client to access the home LAN and the Internet. I downloaded the .OVPN file and loaded it through the OpenVPN application on android and it works for the most part. It adopts my home public IP, I can see it on the client list on my router home page and I can access router settings, but I cannot access any devices within LAN, not even pinging works.

Same issue with IPsec and PPTP. I also tried FTP, SFTP, and TeamViewer to access the drive with no dice (FTP and SFTP have the same issue as samba and TeamViewer won’t accept authorization to access the files but it can still remote control graphically ssh-wise, interestingly enough). I’ve read about a lot of other ideas; SSH tunneling/forwarding, port forwarding on the router, iptables, VPN split tunnels, TUN vs TAP, encryption settings, configuring the router VPN to set up a route from the phone to the RPI. There’s so much information out there and it’s really difficult to piece everything together, especially because I can’t find many people with identical setups and how they set everything up; not to mention I don't have too much background knowledge on setting up complex VPNs and network configurations.

I tried reading a lot and understanding these concepts but the directions seem generic and vague. I’ve tried looking at logs for the android applications I used and the router but they don’t generate any information when trying to connect, even when I turn the log output verbosity to the maximum level or the application doesn’t have a log feature. Then again, I suspect the issue at hand is fundamentally that my phone cannot access, discover or even interact with other devices in the network through VPN; only the router can and the router isn’t allowing the phone to interact with the local devices, even through the VPN connections.

The android applications I am using are Termux (terminal for android, no sudo access), Transdone and Trireme for deluge, Android Samba Client (official google app), and AndFTP. To be more specific, all applications (including chrome for deluge web UI) basically time out trying to connect. All ports that I am using are default.

I should also add that the Raspberry Pi is connected to Express VPN via its own OpenVPN instance running on Raspbian, which I suspect would complicate things even more. I also understand if this ambition isn't practical without a crazy amount of time spent to make it work. Any help would be appreciated.

Thanks, Louis Smith.
 
Last edited:

elorimer

Very Senior Member
A lot going on there. Some first steps.

1. Start off with the default TUN server settings, but set it to LAN only. That should handle all the complicated stuff you are reading about. It pushes a route to your local LAN. I assume all the android apps are trying to connect to the pi's LAN IP.
2. What client are you using on the phone to make the OpenVPN connection? I've had problems with the official client and use the blinkt.de client.
3. You might stop the express vpn client for the moment until you get the phone-to-pi connection going. There are some posts here by @Martineau about server-in, client-out configurations for once you have that going.
 

Louis Smith

New Around Here
A lot going on there. Some first steps.

1. Start off with the default TUN server settings, but set it to LAN only. That should handle all the complicated stuff you are reading about. It pushes a route to your local LAN. I assume all the android apps are trying to connect to the pi's LAN IP.
2. What client are you using on the phone to make the OpenVPN connection? I've had problems with the official client and use the blinkt.de client.
3. You might stop the express vpn client for the moment until you get the phone-to-pi connection going. There are some posts here by @Martineau about server-in, client-out configurations for once you have that going.


Amazing! Doing all the steps you prescribed worked! I'm getting access denied when trying to connect to the drive using Samba but FTP works, which will do. Yes, I was using the official OpenVPN client and then I switched to the client you're talking about which I suspect helped out resolving the issue. I also can confirm the Express VPN client needed to be turned off in order to connect to those services. I'm having trouble finding the threads by @Martineau that you're talking about, I also tried to look up server-in, client-out configurations but I can't find any guides, I only see test bank answers. I read about the concept of split tunneling, which, the only services I would want to connect to are FTP and deluge (or deluge web UI), and I know the ports for those applications.

I can see specifically that the port is open before connecting to ExpressVPN and it closes after connecting. I'm thinking that setting a rule through iptables to split tunnel port 8112 bypassing OpenVPN would make it work? I read SSH tunneling is easier and realistically I only need to route torrent traffic through the VPN.

Note: I found a workaround, but it's not ideal at all; a bit of a hassle but should theoretically work anywhere. I have TeamViewer host running on the RPI and I can pause all torrents via remote control through TeamViewer, even on my android phone. Then, I close the ExpressVPN connection, access FTP/Deluge, then I reopen the ExpressVPN connection and resume all torrents and disconnect. That way, bittorrent traffic remains in VPN at all times.
 
Last edited:

elorimer

Very Senior Member
Nifty! One arm working, so now you have to figure out how to get the ExpressVPN client going again.

I don't have a setup where the router has internet connection through an OpenVPN client of a VPN provider, and also an OpenVPN server, so I'm not a good source of information. The thread I was thinking of is here: openvpn server and client question. I'm not sure that is really your situation.

I understand split tunneling to be this: you have a computer connected to an OpenVPN server with a LAN. You want connections to the LAN to go over the tunnel, but internet access to go out from the computer not through the tunnel. Setting the router's OpenVPN server to LAN only sets up split tunneling. Setting it to Both also pushes the default gateway to the client, so the client also directs internet traffic over the tunnel.

You want to something else, so most everything you read about split tunneling is going to be off point. You want to make a connection from a client to your router using your ISP WAN connection, but have the router send its own internet traffic out over its OpenVPN client to ExpressVPN.

I don't use torrenting, so I'm at sea with deluge (haha), but I don't think you want to open ports: you don't want the torrent client operating if the ExpressVPN connection isn't working, because, you know... You want to get the ExpressVPN connection going.
 

SomeWhereOverTheRainBow

Very Senior Member
Hey guys, sorry in advance if I sound like a noob but I don’t often ask questions online. What I’m aiming to do is a bit of a doozie in terms of difficulty (at least to me). Basically, I set up an always-on Raspberry Pi BitTorrent box. On that Raspberry Pi is a samba and SFTP shared external hard drive.

My goal basically is to be able to access the deluge client (port 58846), deluge web UI (port 8112) and the external hard drive over a cellular network (my android phone). I understand that a VPN connection to my LAN is probably the best way to go about doing this, correct me if I’m wrong, however.

I have an Asus RT-AX88U running version 384.15 Asuswrt-Merlin and I created a server using the default settings and set it to allow the client to access the home LAN and the Internet. I downloaded the .OVPN file and loaded it through the OpenVPN application on android and it works for the most part. It adopts my home public IP, I can see it on the client list on my router home page and I can access router settings, but I cannot access any devices within LAN, not even pinging works.

Same issue with IPsec and PPTP. I also tried FTP, SFTP, and TeamViewer to access the drive with no dice (FTP and SFTP have the same issue as samba and TeamViewer won’t accept authorization to access the files but it can still remote control graphically ssh-wise, interestingly enough). I’ve read about a lot of other ideas; SSH tunneling/forwarding, port forwarding on the router, iptables, VPN split tunnels, TUN vs TAP, encryption settings, configuring the router VPN to set up a route from the phone to the RPI. There’s so much information out there and it’s really difficult to piece everything together, especially because I can’t find many people with identical setups and how they set everything up; not to mention I don't have too much background knowledge on setting up complex VPNs and network configurations.

I tried reading a lot and understanding these concepts but the directions seem generic and vague. I’ve tried looking at logs for the android applications I used and the router but they don’t generate any information when trying to connect, even when I turn the log output verbosity to the maximum level or the application doesn’t have a log feature. Then again, I suspect the issue at hand is fundamentally that my phone cannot access, discover or even interact with other devices in the network through VPN; only the router can and the router isn’t allowing the phone to interact with the local devices, even through the VPN connections.

The android applications I am using are Termux (terminal for android, no sudo access), Transdone and Trireme for deluge, Android Samba Client (official google app), and AndFTP. To be more specific, all applications (including chrome for deluge web UI) basically time out trying to connect. All ports that I am using are default.

I should also add that the Raspberry Pi is connected to Express VPN via its own OpenVPN instance running on Raspbian, which I suspect would complicate things even more. I also understand if this ambition isn't practical without a crazy amount of time spent to make it work. Any help would be appreciated.

Thanks, Louis Smith.
I have access to my Raspberry PI, but i simply installed wireguard on it and configured support for ipv4 and ipv6 on it. it was the easiest thing i ever did for my raspberrypi (had to setup easy port-forward and firewall rules on the router, but was simple).
 

Louis Smith

New Around Here
Nifty! One arm working, so now you have to figure out how to get the ExpressVPN client going again.

I don't have a setup where the router has internet connection through an OpenVPN client of a VPN provider, and also an OpenVPN server, so I'm not a good source of information. The thread I was thinking of is here: openvpn server and client question. I'm not sure that is really your situation.

I understand split tunneling to be this: you have a computer connected to an OpenVPN server with a LAN. You want connections to the LAN to go over the tunnel, but internet access to go out from the computer not through the tunnel. Setting the router's OpenVPN server to LAN only sets up split tunneling. Setting it to Both also pushes the default gateway to the client, so the client also directs internet traffic over the tunnel.

You want to something else, so most everything you read about split tunneling is going to be off point. You want to make a connection from a client to your router using your ISP WAN connection, but have the router send its own internet traffic out over its OpenVPN client to ExpressVPN.

I don't use torrenting, so I'm at sea with deluge (haha), but I don't think you want to open ports: you don't want the torrent client operating if the ExpressVPN connection isn't working, because, you know... You want to get the ExpressVPN connection going.
I have access to my Raspberry PI, but i simply installed wireguard on it and configured support for ipv4 and ipv6 on it. it was the easiest thing i ever did for my raspberrypi (had to setup easy port-forward and firewall rules on the router, but was simple).

Okay, I'll try out all of your suggestions and report back my results. Any more help is still greatly appreciated.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top