Openvpn and TMobile

[themow]

I setup a VPN server via orbi router at a friend's house this weekend. He has a hik nvr and cams. With my device Galaxy s6 on cricket mobile, I can connect to his VPN and see cameras

However on his iPhone running TMobile, we can connect to VPN however ivms4500 will not show live view.

His device is definitely connected to the network though since I can input the local ip of the nvr into his browser and it pulls up the login page(when connected to VPN)

Prior to this, he had a port open and was viewing live with no issues.

All I did was close port and setup VPN.
We also tried it on an iPhone on cricket and it worked fine. And tried a second iPhone on TMobile and it failed.

I've done some research and think it might be related to TMobile using ipv6 but I still can't figure out why it would have worked before VPN with just an open port.

Has anyone run into this issue before?
Thanks

 

[pete_c]

Been using T-Mobile here for a few years now. Only utilize VPN to get to my home network here.

I am using a PFSense Firewall and an IPSec VPN tunnel which works great with the Hikvision iVMS 4500 app.

 

[themow]

On wifi, I can get into ivms, on VPN, I can't access ivms but I can access other local ip addresses from a browser so I know I'm into the network. Any ideas?

 

[pete_c]

I was having issues like this for a bit and more.

I could not get to my servers (Linus or Windows). I changed the VPN client connection such that the auto proxy is off.

There should be a client option relating to proxy on your VPN connection.

IE: The VPN subnet is different than the main LAN subnet. So I am thinking it was using the gateway address for the VPN then doing a NAT from there to the regular LAN.

So when I shut off the proxy thinking that it default to the NAT ==> regular LAN subnet. Found this out after testing it with different settings and looking at the VPN logs on PFSense. I also tested the browser on the phone and it was using my home firewall.

I also connect to my Leviton OmniPro 2 panel and use the camera configuration there.

 

[themow]

Thanks Pete. It's under a different subnet. I had not checked that

 

[pete_c]

That and do not utilize OpenVPN for my connection. Here utilize IPSec / L2TP combo VPN. By default the VPN tunnel connection is on an autonomous NAT'd network.

I was having issues until I configured the main LAN / Gateway address in the VPN configuration. Tested using the browser on the phone and checking IP address it shows my home IP WAN address rather than the T-Mobile WAN address.

Just sit in front of any computer on your network / with firewall/VPN settings and your cell phone only connected to T-Mobile (not local WLAN). What worked was just shutting off the proxy settings on the VPN client on the phone.

 

[themow]

Just as an update. This is definitely a Tmobile issue.
When the phones are on any other wifi connection and vpn is enabled, live view works.
When WIFI is off and vpn is enabled, live view fails. However, i can still access LAN addresses when on LTE and VPN. Just not IVMS4500

 

[pete_c]

Yes when you are doing VPN via WiFI you are using NAT Reflection and live view will work.

hxxps:/docs.netgate.com/pfsense/en/latest/book/nat/nat-reflection.html

Try shutting off the VPN proxy settings in your T-Mobile client.

Test first on a PC running Windows or Linux attaching to your mobile client acting as an AP.

You can validate that you are using T-Mobile by doing a "what is my IP".

I also had some issues using the DNS name from my DDNS service and went to using the intenet IP.

Post screen shots of your VPN client settings here. Blur out the IPs.