BI IOS App - OpenVpn Connect issue

justme12 · Mar 2, 2021

Running BI for years with no issues. Need a mobile connection, so installed BI app and for Security OpenVpn for mobile LTE.

Question.

1. Is OpenVpn running correctly? On mobile LTE, I open the BI App and see VPN at the top and the OpenVpn connects ok and BI is fine.
Reading the forum, I’m under the impression the app should have the LAN ip in the app lan slot “and the WAN slot”. If I do, there is no connect.

2. BI is port forwarded to 81 as per remote wizard setup. I installed OpenVpn as I was under the impression it would allow me to stop port fwd.
If I stop – no connect.

ASUS RT-AC3100 Router
ASUSWRT-MERLIN 384.19

BlueIris ver 5.38.17 x 64

IOS 14 Iphone BI App ver 2.00.32

OPENVPN ver 3.2.3 (3760)

SouthernYankee · Mar 2, 2021

I use the new android app.
I manually start the OpenVPN application.
Then I start the BI app.
look at the cameras
I shut the app down
then shut OpenVPN down

My WAN addresss is blank in the BlueIris app.

I do not port forward. After opening OpenVPN you are on the home network, all address are local.
My address of my server is local 192.168.1.235:8081 ... The BI web server is on 8081 in my system
I use an ASUS router .

justme12 · Mar 2, 2021

SouthernYankee said:
I use the new android app.
I manually start the OpenVPN application.
Then I start the BI app.
look at the cameras
I shut the app down
then shut OpenVPN down

My WAN addresss is blank in the BlueIris app.

I do not port forward. After opening OpenVPN you are on the home network, all address are local.
My address of my server is local 192.168.1.235:8081 ... The BI web server is on 8081 in my system
I use an ASUS router .

so what address are you placing in the Android app for lan and wan?

SouthernYankee · Mar 2, 2021

LAN 192.168.1.235:8081
WAN - nothing it is blank. It is never used as I only use a VPN so all communications is local.

justme12 · Mar 2, 2021

Just don't get it. If I leave it blank -NO connection. Phone is on LTE only. Run openvpn app and connect. Connect BI app with Lan Address & Wan remote address = connect.
Openvpn app show a connection log to BI remote logon wan ip. So it appears I am connected properly. ( yet all I hear is the lan and wan address should match in the app.

Also, if I turn off port forwarding of 81 I can not connect.

wittaj · Mar 2, 2021

It is connecting because of the port forwarding not because of OpenVPN...

Who is your LTE provider? Some mobile providers don't allow the VPN port so you need to change it.

OpenVPN connection to port 443 is being dropped by network. Is this a policy? | AT&T Community Forums

Does AT&T Wireless have a policy against VPN traffic? Specifically, I am using OpenVPN to connect to Toronto Private Internet Access server on port 443. This was recommended by PIA. The connecti...

forums.att.com

SouthernYankee · Mar 2, 2021

How is your home network connected to the internet ?
Who is your home internet provider ?
Who is your cell phone provider ?

justme12 · Mar 2, 2021

SouthernYankee said:
How is your home network connected to the internet ?
Who is your home internet provider ?
Who is your cell phone provider ?

Home Network Connected to Internet via Asus Merlin Router thru Verizon Fios ONT ( Ethernet and wifi)
Internet = Verizon Fios
Cell = Verizon

Mike A. · Mar 2, 2021

Th

justme12 said:
Home Network Connected to Internet via Asus Merlin Router thru Verizon Fios ONT ( Ethernet and wifi)
Internet = Verizon Fios
Cell = Verizon

Shouldn't be a problem with ISP/cell carrier. I use the same (FIOS/Verizon/Asus/OpenVPN/IOS 14.x). LAN/WAN IPs set the same.

Not running Merlin though. Any rules set up there? It's been forever since I've used it.

Once connected to your net over VPN, can you connect to anything else? Can you ping the BI server or other local addresses?

SouthernYankee · Mar 2, 2021

Are you sure you are successfully connection to your VPN on the ASUS router.

Do you see a message that looks like this in the ASUS system log (ignore the XXX)

Mar 2 20:38:26 vpnserver1[1444]: XXX.112.217.XXX:29852 TLS: Username/Password authentication succeeded for username 'XXXXXXX'

Mar 2 20:38:26 vpnserver1[1444]: XXX.112.217.XXX:29852 [client] Peer Connection Initiated with [AF_INET]XXX.112.217.XXX:29852 (via [AF_INET]XXX.31.116.XXX%eth0)

Not sure about APPLE but on the Android you will get a Key icon. On other interface you will get a green horseshoe.
Does your home internet address change on each connection or does it remain the same?
Can you exectue the UI3 web app from a browser on your phone when connected by VPN ?
How did you place the Verizon "Modem" in bypass /passthru / bridge mode ?

Make and model number of your "Modem"

mikeynags · Mar 2, 2021

Check a site like ipchicken.com while VPN’d in and verify you are not split tunneling and your IP comes back as your home address and not one from Verizon on your data plan

Sent from my iPhone using Tapatalk

justme12 · Mar 2, 2021

peer connection initiated = YES

asus router shows = Openvpn CONNECTED!!

Here is from the sys log

Mar 1 22:34:46 ovpn-server1[8727]: xxx.242.74.109:3933 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Mar 1 22:34:46 ovpn-server1[8727]: xxx.242.74.109:3933 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 1 22:34:46 ovpn-server1[8727]: xxx.242.74.109:3933 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Mar 1 22:34:46 ovpn-server1[8727]: xxx.242.74.109:3933 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 1 22:34:46 ovpn-server1[8727]: xxx.242.74.109:3933 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 2048 bit RSA
Mar 1 22:34:46 ovpn-server1[8727]: xxx.242.74.109:3933 [client] Peer Connection Initiated with [AF_INET6]::ffff:xxx.242.74.109:3933
Mar 1 22:34:46 ovpn-server1[8727]: client/xxx.242.74.109:3933 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Mar 1 22:34:46 ovpn-server1[8727]: client/xxx.242.74.109:3933 MULTI: Learn: 10.8.0.2 -> client/xxx.242.74.109:3933
Mar 1 22:34:46 ovpn-server1[8727]: client/xxx.242.74.109:3933 MULTI: primary virtual IP for client/xxx.242.74.109:3933: 10.8.0.2
Mar 1 22:34:46 ovpn-server1[8727]: client/xxx.242.74.109:3933 PUSH: Received control message: 'PUSH_REQUEST'

justme12 · Mar 2, 2021

mikeynags said:
Check a site like ipchicken.com while VPN’d in and verify you are not split tunneling and your IP comes back as your home address and not one from Verizon on your data plan

Sent from my iPhone using Tapatalk

Doesn't come back as home = verizon address

justme12 · Mar 2, 2021

SouthernYankee said:
Are you sure you are successfully connection to your VPN on the ASUS router.

Do you see a message that looks like this in the ASUS system log (ignore the XXX)

Mar 2 20:38:26 vpnserver1[1444]: XXX.112.217.XXX:29852 TLS: Username/Password authentication succeeded for username 'XXXXXXX'

Mar 2 20:38:26 vpnserver1[1444]: XXX.112.217.XXX:29852 [client] Peer Connection Initiated with [AF_INET]XXX.112.217.XXX:29852 (via [AF_INET]XXX.31.116.XXX%eth0)

Not sure about APPLE but on the Android you will get a Key icon. On other interface you will get a green horseshoe.
Does your home internet address change on each connection or does it remain the same?
Can you exectue the UI3 web app from a browser on your phone when connected by VPN ?
How did you place the Verizon "Modem" in bypass /passthru / bridge mode ?

Make and model number of your "Modem"

.45:7353 [client] Peer Connection Initiated with [AF_INET6]::ffff
Username/Password authentication succeeded for username

justme12 · Mar 2, 2021

Correction = IP comes back as home address while connected to OpenVpn, verizon ip when disconnected and on lte

mikeynags · Mar 2, 2021

justme12 said:
Doesn't come back as home = verizon address

So you aren’t local to your home network via OpenVPN for some reason. Explains why the port forward is still needed to access BI. When you take a PC on your local network and hit ipchicken.com, your phone with WiFi turned off and VPN’d in should also get the same IP from ipchicken.com.

Sent from my iPhone using Tapatalk

mikeynags · Mar 2, 2021

justme12 said:
Correction = IP comes back as home address while connected to OpenVpn, verizon ip when disconnected and on lte

OK - saw this late. You have the LAN and WAN IP in the BI iOS app set to the local address right?

Sent from my iPhone using Tapatalk

mikeynags · Mar 2, 2021

mikeynags said:
OK - saw this late. You have the LAN and WAN IP in the BI iOS app set to the local address right?

Sent from my iPhone using Tapatalk

What about the symbol on the iOS app? Do you see this when VPN’d in?

Sent from my iPhone using Tapatalk

justme12 · Mar 2, 2021

mikeynags said:
What about the symbol on the iOS app? Do you see this when VPN’d in?
View attachment 83857

Sent from my iPhone using Tapatalk

NO no little symbol only at top besides LTE it says vpn.

Also in the BI app if i put the local address in lan & wan = DOES NOT CONNECT only connects when local is in lan and remote in wan

justme12 · Mar 2, 2021

justme12 said:
NO no little symbol only at top besides LTE it says vpn.

Also in the BI app if i put the local address in lan & wan = DOES NOT CONNECT only connects when local is in lan and remote in wan

also the BI app log shows connected to unknown ip's

Search

BI IOS App - OpenVpn Connect issue

justme12

n3wb

SouthernYankee

justme12

n3wb

SouthernYankee

justme12

n3wb

wittaj

OpenVPN connection to port 443 is being dropped by network. Is this a policy? | AT&T Community Forums

SouthernYankee

justme12

n3wb

Mike A.

Known around here

SouthernYankee

mikeynags

Known around here

justme12

n3wb

justme12

n3wb

justme12

n3wb

justme12

n3wb

mikeynags

Known around here

mikeynags

Known around here

mikeynags

Known around here

justme12

n3wb

justme12

n3wb