VPN Newbie question

[armsAC3100]

I have also posted this in an OpenVPN forum awaiting an answer.
I have installed Open VPN on my ASUS AC3100 router (380.68 firmware) and installed OVPN on my Android phone, Tablet and Windows 10 PC.
I am able to access all my local devices web interface (connecting to 192.168.xxx.xxx) to local network NAS, Camera, etc. Work great for that.

What does not work is when I attempt access to my Comcast live feeds. When I am away from my home network and establish a OVPN connection into my network via my ASUS router and access my DVR via the Comcast application I can retrieve and watch recorded material. However, when I attempt to access live TV programming it tells me that my access is restricted to devices on my home network. It does work when I am actually on my home network.

I was under the impression that making a VPN connection into my home network, it would appear that my request was initiated locally and everything would work as if local.

What am I missing / doing wrong?

Al

 

[JDB]

Have you created a TUN or TAP VPN?

You'd need TAP for the DVR to think you are in the local network. With TUN it will see you in a neighbouring LAN with the router doing an internal NAT.


Sent from my iPhone using Tapatalk

 

[armsAC3100]

Have you created a TUN or TAP VPN?

You'd need TAP for the DVR to think you are in the local network. With TUN it will see you in a neighbouring LAN with the router doing an internal NAT.


Sent from my iPhone using Tapatalk

Thanks for the response
I had created an Interface Type = TUN
Do I have to make any other changes in addition to making Interface Type = TAP?
I assume that it will require a new .ovpn client file

Regards, Al

 

[JDB]

Off the top of my head I couldn't say, but I'm pretty sure it's that simple, maybe add an IP pool in the same subnet as your LAN (but not clashing with your DHCP pool) as well if I recall correctly, it's all on the VPN client setup page though. Yes you'd need a new ovpn client file.

I actually have both types setup on my Mac as there advantages to both depending on what you are doing.

On iOS TAP is not supported, not sure if it is on Android or not, definitely is on Windows though.


Sent from my iPhone using Tapatalk

 

[armsAC3100]

Off the top of my head I couldn't say, but I'm pretty sure it's that simple, maybe add an IP pool in the same subnet as your LAN (but not clashing with your DHCP pool) as well if I recall correctly, it's all on the VPN client setup page though. Yes you'd need a new ovpn client file.

I actually have both types setup on my Mac as there advantages to both depending on what you are doing.

On iOS TAP is not supported, not sure if it is on Android or not, definitely is on Windows though.


Sent from my iPhone using Tapatalk

Thanks again. Unfortunately TAP based tunnels are not supported on my version of Android OVPN. I think it is up to date but will check. In the meantime I will check with the PC.

Thanks for all your help. It's amazing how much there is to learn. I do have a potential work around by setting the program to record and then accessing the recording. That seems to work.

Al

 

[armsAC3100]

Thanks again. Unfortunately TAP based tunnels are not supported on my version of Android OVPN. I think it is up to date but will check. In the meantime I will check with the PC.

Thanks for all your help. It's amazing how much there is to learn. I do have a potential work around by setting the program to record and then accessing the recording. That seems to work.

Al

Just an update on my PC VPN TAP connection. I did update the PC .ovpn client after configuring the router interface from TUN to TAP and was able to connect. The PC creates a virtual Ethernet adapter and the router creates a virtual MAC and shows an Ethernet connection to the PC. I still have to research the Android Tap interface situation.

Thanks again for your help, Al

 

[elorimer]

No TAP on Android w/o root. There is, I think, a paid app that will do TAP but I'm not sure if will work for your scenario. I've found also that you may need TCP not UDP--my Tivos will bail out on UDP.

 

[armsAC3100]

Just an update on my PC VPN TAP connection. I did update the PC .ovpn client after configuring the router interface from TUN to TAP and was able to connect. The PC creates a virtual Ethernet adapter and the router creates a virtual MAC and shows an Ethernet connection to the PC. I still have to research the Android Tap interface situation.

Thanks again for your help, Al

A follow up observation / question regarding use of VPN with TAP setup. I have observed that after establishing a VPN to my AC3100 that some of the traffic goes from my PC through the VPN and other traffic still uses local WIFI connected router network.

If the destination URL is an IPV6 capable connection trace route will show my AC3100 as the first hop. If the requested destination is an IPV4 site then the first hop shows my current WIFI connected router network.

I do have my AC3100 configured as IPv6 capable and my home network provider is IPV4 / IPV6 capable.

I do not see anything specific in the setup of the AC3100 VPN server that addresses IPV4 / IPV6.

I would like both IPV4 and IPV6 traffic to be routed through the VPN. Perhaps there is a local PC option that I have not setup properly. My PC is current version of Windows 10.

Al

 

[armsAC3100]

Just an update on my PC VPN TAP connection. I did update the PC .ovpn client after configuring the router interface from TUN to TAP and was able to connect. The PC creates a virtual Ethernet adapter and the router creates a virtual MAC and shows an Ethernet connection to the PC. I still have to research the Android Tap interface situation.

Thanks again for your help, Al

Now that I have addressed my primary requirement and have TAP / virtual Ethernet connection working for my PC I would like to be able to connect an Android device using TUN intrface. Can I configure a second server on my AC3100 that will provide me with TUN mode of operation in addition to TAP?

Thanks, Al

 

[JDB]

Now that I have addressed my primary requirement and have TAP / virtual Ethernet connection working for my PC I would like to be able to connect an Android device using TUN intrface. Can I configure a second server on my AC3100 that will provide me with TUN mode of operation in addition to TAP?

Thanks, Al

Yes. I have this setup


Sent from my iPhone using Tapatalk

 

[unsynaps]

On iOS TAP is not supported, not sure if it is on Android or not, definitely is on Windows though.

More specifically TAP is only supported on Windows.

 

[JDB]

More specifically TAP is only supported on Windows.

And Mac and Linux...


Sent from my iPhone using Tapatalk

 

[armsAC3100]

Yes. I have this setup


Sent from my iPhone using Tapatalk

Thanks... I configured VPN Server 1 openvpn TAP for my PC access and server 2 openvpn TUN for my android devices.
Works great!
Al

 

[visortgw]

No TAP on Android w/o root. There is, I think, a paid app that will do TAP but I'm not sure if will work for your scenario. I've found also that you may need TCP not UDP--my Tivos will bail out on UDP.

For TAP connections, I use the third-party OpenVPN Client from colucci-web.it, which is available via Google Play (https://play.google.com/store/apps/details?id=it.colucciweb.openvpn&hl=en). It is a great app with great support from the developer -- reasonably priced, too. Unfortunately, some providers now detect a VPN connection.