Problem with vpn while on separate WiFi

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
Pings aren't really a good way to test. Lots of things don't respond to pings.

So what magic does the client device use to pass traffic to the remote net without a connection (local IP) to the local router? The local router has no clue and doesn't care (generally) that the client is using VPN and doesn't make some special connection for it. It just sees a local device making requests for traffic that's to be routed outside the local net. The traffic just happens to be encrypted.
 

mikeynags

Known around here
Joined
Mar 14, 2017
Messages
1,034
Reaction score
939
Location
CT
Right - that's the magic of the IP routing table. Everything is handled by the client's IP stack. The router is just the gateway routing packets. The client is aware of where to route packets outbound to reach the host on the other end. The VPN client just packages everything up and encapsulates it as an encrypted package and ships it out based on the local routing table. Depending on the VPN, the successful connection can also result in the VPN client modifying the local routing table also.

Again - my initial thought on this was not to blame having a 192.168.x.x IP scheme as the issue. I connect to many networks having that IP scheme and I have yet to see it affect my ability to reach my VPN.
 

Valiant

Pulling my weight
Joined
Oct 30, 2017
Messages
305
Reaction score
174
Location
Australia
I'm not sure this is an accurate statement. If you are on someone's guest wifi, when you connect via OpenVPN back to your network, you won't be initiating that connection as the 192.168.X.X address of the guest wifi, you will be using the public NAT IP of the ISP connection. Not sure where the overlap issue comes in.

Good technical discussion here.

Agree on the above, but after successful connection then what happens ?. Yes my response may have been a little simplistic. The original poster mentioned they can connect to the VPN but not connect to their local Lan afterwards. I agree that split tunneling may be short circuiting the traffic to the local wifi LAN and causing the problem.

Perhaps the solution (and a good test) is to reconfigure the VPN server and client so that all traffic is routed via the VPN. Some people prefer this solution because you can then safely use the internet on untrusted public wifi networks, and the home subnet may not need to be reconfigured. Apologies if anyone has already started changing the IP settings on 254 hosts :D
 

mikeynags

Known around here
Joined
Mar 14, 2017
Messages
1,034
Reaction score
939
Location
CT
Definite a good point. I’ve run two separate VPNs over the years (OpenVPN and Global Protect) and both had to have configuration of what a client can access in place. I have it setup so that when I use the VPN I can access local networks and the Internet as well.

Hurricane Electric makes a great little network troubleshooting app for iPhone, they might have it as well for Android. It may be worthwhile to test just what you have access to on the local LAN once VPN’d in to determine if it’s a VPN routing issue or maybe something wrong with the configuration of the Blue Iris PC that’s preventing you from accessing it while VPN’d in.

I use the tool and the simple ping utility can help determine where the issue lies or at least point you in the right direction.


Sent from my iPhone using Tapatalk
 

reflection

Getting comfortable
Joined
Jan 28, 2020
Messages
348
Reaction score
261
Location
Virginia
Hurricane Electric makes a great little network troubleshooting app for iPhone...
I love this app! Been using it for years. And it's free tool.

mikeynags is right, the OP's issue is VPN split-tunneling. Disabling VPN split-tunneling should fix his problem. As noted, he will not be able to get to anything at the local source location while the VPN is active.
 

Rakin

Pulling my weight
Joined
May 27, 2019
Messages
216
Reaction score
147
Location
US
Like the discussions going on here. I still haven’t done anything about it yet since there are only 2 places I must access outside WiFi that I don’t have cell coverage and I’m usually not there long.

So about this split tunneling. I don’t see it even being an option on my iPhone vpn settings. I don’t remember it either in my gateway.


Sent from my iPhone using Tapatalk
 

ibrouting

Young grasshopper
Joined
Jul 6, 2016
Messages
30
Reaction score
5
My .02 here- split tunneling being turned off will route ALL of the client device requests to the VPN's network and very likely solve the problem. IP routing is pretty well defined and prefers all locally connected devices to ones that have to transit a connection, adding weight or "costs" to the route. So, if split tunneling was on enabling it to access the local resources if the device does a route lookup for how to get to 192.168.1.21 (BI server) and the device has an IP of 192.168.1.45 on the local/guest network, it will always try the local network first (and fail) unless forced to go to the remote network via the VPN. You can see some of the metrics at work by opening a command prompt on a windows or Mac machine and typing "netstat -nr" and see the weights/metrics.
 

Rakin

Pulling my weight
Joined
May 27, 2019
Messages
216
Reaction score
147
Location
US
Ok so on my iPhone in the vpn settings I have the “send all traffic” turned on so I assume that basically means split tunneling is turned off. But for whatever reason I am still having the same issues.


Sent from my iPhone using Tapatalk
 
Top