I'm setting up a VPN to bypass location blocks. For example I'm currently based in a country that blocks www.bbc.com
I have successfully created my own VPN server (on pfsense) in a country that allows the BBC e.g. UK. I have tested the connection using my iPhone and can successfully browse the BBC website.
However when i use the exact same config file in OpenWRT i cannot browse the BBC website.
Some observations which makes me think its a OpenWRT configuration problem:
The public IP address of the OVPN Server is e.g. 110.239.456.789
When my iPhone is connected to the OPVN server (on 4G network) a check on my IP shows: 110.239.456.789 (same as the IP in UK - great!)
When i check the IP of a device connected to OpenWRT it shows the public of IP of the ISP e.g 230.110.22.333
Why based on the exact config would yield different results even using the same OVPN config?
The network setting here before OpenWRT was installed:
Laptop/iPhone > Local Network > Router > pfSense > Bad Country ISP
After OpenWRT was installed:
Laptop/iPhone > TPLink Nano with OpenWRT > Local Network > Router > pfSense > Bad Country ISP
The local device is connecting to OpenWRT using Wifi whilst the TPlink device is in DHCP mode and dynamically retrieving the IP from the local network.
Any ideas on how i can get the devices connected to OpenWRT report the Public IP of the UK server to get around the blocks?
When your server uses user-pass authentication, and running a client on a router, you will need to store the username and password in a file and reference it with auth-user-pass path/filename.
Then start OpenVPN on the router and check the log for any problems. OpenVPN will log a lot of stuff, and finally "Initialization Sequence Completed" if the connection is successful.
When the connection is successful, the firewall on the router still needs to be set up to route from your LAN into the VPN tunnel. The simplest way to do this is to place the OpenVPN device tun0 into the wan firewall zone.
Sorry for the oversight, its already included on the openWRT config:
/etc/openvpn/19B.auth
I can successfully connect to the OVPN server as my pfsense box in the UK show the connected client. I can browse the web in [Bad Country] but as said the connections are all coming from [BAD County] ISP IP and not the UK public IP of the OVPN server. I have tested the same OVPN config using my iPhone in the same country over 4G network and when I check my public ip address on Google it will show the UK IP (which is what i want).
Not sure if you can spot anything strange in the log but from what i can tell the connection is successful:
Wed Jun 22 15:21:05 2022 daemon.notice openvpn(19B)[1624]: [OpenVPN Server] Peer Connection Initiated with [AF_INET][UK IP]:1194
Wed Jun 22 15:21:37 2022 daemon.warn openvpn(19B)[1624]: WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
Wed Jun 22 15:21:38 2022 daemon.notice netifd: Interface 'OpenVPN' is enabled
Wed Jun 22 15:21:38 2022 daemon.notice netifd: Network device 'tun0' link is up
Wed Jun 22 15:21:38 2022 daemon.notice openvpn(19B)[1624]: TUN/TAP device tun0 opened
Wed Jun 22 15:21:38 2022 daemon.notice openvpn(19B)[1624]: net_iface_mtu_set: mtu 1500 for tun0
Wed Jun 22 15:21:38 2022 daemon.notice openvpn(19B)[1624]: net_iface_up: set tun0 up
Wed Jun 22 15:21:38 2022 daemon.notice netifd: Interface 'OpenVPN' has link connectivity
Wed Jun 22 15:21:38 2022 daemon.notice netifd: Interface 'OpenVPN' is setting up now
Wed Jun 22 15:21:38 2022 daemon.notice openvpn(19B)[1624]: net_addr_v4_add: 192.0.1.2/24 dev tun0
Wed Jun 22 15:21:38 2022 daemon.notice netifd: Interface 'OpenVPN' is now up
Wed Jun 22 15:21:38 2022 daemon.notice openvpn(19B)[1624]: /usr/libexec/openvpn-hotplug up 19B tun0 1500 1552 192.0.1.2 255.255.255.0 init
Wed Jun 22 15:21:38 2022 daemon.info dnsmasq[970]: reading /tmp/resolv.conf.d/resolv.conf.auto
Wed Jun 22 15:21:38 2022 daemon.info dnsmasq[970]: using only locally-known addresses for domain test
Wed Jun 22 15:21:38 2022 daemon.info dnsmasq[970]: using only locally-known addresses for domain onion
Wed Jun 22 15:21:38 2022 daemon.info dnsmasq[970]: using only locally-known addresses for domain localhost
Wed Jun 22 15:21:38 2022 daemon.info dnsmasq[970]: using only locally-known addresses for domain local
Wed Jun 22 15:21:38 2022 daemon.info dnsmasq[970]: using only locally-known addresses for domain invalid
Wed Jun 22 15:21:38 2022 daemon.info dnsmasq[970]: using only locally-known addresses for domain bind
Wed Jun 22 15:21:38 2022 daemon.info dnsmasq[970]: using only locally-known addresses for domain lan
Wed Jun 22 15:21:38 2022 daemon.info dnsmasq[970]: using nameserver 8.8.8.8#53
Wed Jun 22 15:21:38 2022 daemon.info dnsmasq[970]: using nameserver 172.29.1.1#53
Wed Jun 22 15:21:38 2022 daemon.warn openvpn(19B)[1624]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Jun 22 15:21:38 2022 daemon.notice openvpn(19B)[1624]: **Initialization Sequence Completed**
Wed Jun 22 15:21:38 2022 user.notice firewall: Reloading firewall due to ifup of OpenVPN (tun0)
Wed Jun 22 15:21:48 2022 daemon.info hostapd: wlan0: STA 04:ba:36:39:a0:08 IEEE 802.11: authenticated
Wed Jun 22 15:21:48 2022 daemon.info hostapd: wlan0: STA 04:ba:36:39:a0:08 IEEE 802.11: associated (aid 1)
Wed Jun 22 15:21:48 2022 daemon.notice hostapd: wlan0: AP-STA-CONNECTED 04:ba:36:39:a0:08
Wed Jun 22 15:21:48 2022 daemon.info hostapd: wlan0: STA 04:ba:36:39:a0:08 WPA: pairwise key handshake completed (RSN)
Wed Jun 22 15:21:59 2022 daemon.info hostapd: wlan0: STA 20:c1:9b:db:3c:0b IEEE 802.11: authenticated
Wed Jun 22 15:21:59 2022 daemon.info hostapd: wlan0: STA 20:c1:9b:db:3c:0b IEEE 802.11: associated (aid 2)
Wed Jun 22 15:21:59 2022 daemon.notice hostapd: wlan0: AP-STA-CONNECTED 20:c1:9b:db:3c:0b
Wed Jun 22 15:21:59 2022 daemon.info hostapd: wlan0: STA 20:c1:9b:db:3c:0b WPA: pairwise key handshake completed (RSN)
Wed Jun 22 15:22:09 2022 daemon.info dnsmasq[970]: read /etc/hosts - 4 addresses
Wed Jun 22 15:22:09 2022 daemon.info dnsmasq[970]: read /tmp/hosts/odhcpd - 0 addresses
Wed Jun 22 15:22:09 2022 daemon.info dnsmasq[970]: read /tmp/hosts/dhcp.cfg01411c - 0 addresses
Wed Jun 22 15:22:09 2022 daemon.info dnsmasq[970]: read /etc/hosts - 4 addresses
Wed Jun 22 15:22:09 2022 daemon.info dnsmasq[970]: read /tmp/hosts/odhcpd - 1 addresses
Wed Jun 22 15:22:09 2022 daemon.info dnsmasq[970]: read /tmp/hosts/dhcp.cfg01411c - 0 addresses
Wed Jun 22 15:24:11 2022 user.info : luci: accepted login on / for root from 172.29.1.100
Is the openvpn network in the wan firewall zone?
Check your routing table it should show the split route (0.0.0.0/1 and 128.0.0.0/1) going to the VPN tunnel.
I wondering if this could be the problem. On the pfsense side it shows 192.0.1.2 as the virtual address whilst OpenWRT is showing 192.0.1.1 in the routing table? How can i correct this?
The routes look correct. Address of your end or the tunnel likely is 192.0.1.2, the address of the server end would be 192.0.1.1.
From the router CLI, ping 192.0.1.2 should have a very short ping time (since it is inside your router) and ping 192.0.1.1 would have a longer ping since it goes to the server in the UK.
