menekis
Posts: 3
Joined: Fri Sep 13, 2019 3:15 pm

PiVPN Bridge Mode, no internet or access to local network

Fri Sep 13, 2019 3:28 pm

Hi all, not sure if my problem was solved in older posts ( i've tried to follow them and other tutorials and can't seem to make it work still.)
So I cahnged my router in the past year to a google wifi that unfortunately doesn't support VPN server automagically.. I bought a rPie 3B+ hoping to have at least a openvpn server running that will give me access to my local network. I think I'm halfway there since when I connect from the office I seem to have the right IP assigned, but I dont have internet connectivity nor access to other appliances on the network at home.

here are the informations and setups I have, hoping someone can help me with that (thanks in advance)


ifconfig on the raspberry

Code: Select all

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.19  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::ba27:ebff:fe97:f036  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:97:f0:36  txqueuelen 1000  (Ethernet)
        RX packets 25129  bytes 24454327 (23.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6421  bytes 449131 (438.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether b8:27:eb:97:f0:36  txqueuelen 1000  (Ethernet)
        RX packets 29689  bytes 25998969 (24.7 MiB)
        RX errors 47  dropped 0  overruns 0  frame 0
        TX packets 6421  bytes 449131 (438.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 11  bytes 602 (602.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11  bytes 602 (602.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

/etc/network/interfaces

Code: Select all

# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

# This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).

 # The loopback network interface
 auto lo br0
 iface lo inet loopback

 # Set up interfaces manually, avoiding conflicts with, e.g., network manager
 iface eth0 inet manual

 iface tap0 inet manual

 # Bridge setup
 iface br0 inet static
    bridge_ports eth0 tap0
        address 192.168.1.19
        broadcast 192.168.1.255
        netmask 255.255.255.0
        gateway 192.168.1.1

/etc/openvpn/server.conf

Code: Select all

dev tap0
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/raspberrypi_f5487768-63a2-48e8-9fa0-79f25ba32323.crt
key /etc/openvpn/easy-rsa/pki/private/raspberrypi_f5487768-63a2-48e8-9fa0-79f25ba32323.key
dh none
topology subnet
#server 10.8.0.0 255.255.255.0
server-bridge 192.168.1.19 255.255.255.0 192.168.1.61 192.168.1.70
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device. 
#duplicate-cn
# Generated for use by PiVPN.io
part of the ovpn file

Code: Select all

client
dev tun
proto udp
remote [MYIP] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberrypi_f5487768-63a2-48e8-9fa0-79f25ba32323 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBtjCCAVygAwIBAgIUY1 ....
thanks again for any help in the right direction :)

epoch1970
Posts: 3801
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: PiVPN Bridge Mode, no internet or access to local network

Fri Sep 13, 2019 4:06 pm

You cant mix tun and tap.
Change the client or the server configs to use a tun or tap device

If you want bridge mode, that is tap everywhere. iOS does not support tap.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

menekis
Posts: 3
Joined: Fri Sep 13, 2019 3:15 pm

Re: PiVPN Bridge Mode, no internet or access to local network

Fri Sep 13, 2019 5:16 pm

sorry I copied the wrong Ovpn, it's indeed in TAP instead of tun

Code: Select all

client
dev tap
proto udp
remote MYIP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberrypi_f5487768-63a2-48e8-9fa0-79f25ba32323 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBtj...
so thats still not the issue but thanks for the answer tho!

epoch1970
Posts: 3801
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: PiVPN Bridge Mode, no internet or access to local network

Fri Sep 13, 2019 5:29 pm

I don't know then. I never use the built-in bridge options in openvpn and faux DHCP server.
If you can, look at the bridge on the server when the client is connected, check the tap is in there and sees traffic.

Of course I assume the IP ranges of your home network and the host network for the client (=the office --perhaps not the best idea, BTW) are different?
In other words if the client is on 192.168.1.0 before dialing home, and your home network is also on 192.168.1.0, it won't work.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

menekis
Posts: 3
Joined: Fri Sep 13, 2019 3:15 pm

Re: PiVPN Bridge Mode, no internet or access to local network

Fri Sep 13, 2019 11:39 pm

No they are different, at home I use pretty standard 192.168.1.x
but at the offices its the standard ovpn IP ranges actuaclly (10.x.x.x)

So I'm a bit lost too.. Is there another way to accomplish what I'm trying to do?

epoch1970
Posts: 3801
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: PiVPN Bridge Mode, no internet or access to local network

Sat Sep 14, 2019 10:27 am

There is p2p mode where the actual DHCP server is used. Configurations are simpler and if you get an address, it means the tunnel is really up.

You’re using the default port 1194. You could try moving it and see if the connection goes through. Or test the connection from various places/hotspots (your smartphone?) and see if it fails with the same regularity.
If that is the solution, the office does not approve of personal VPN tunnels (...), so see the admin.

Also look at the logs, and try the client connection from a laptop where you can examine network config and logs comfortably.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

Return to “Networking and servers”