Stumped as to why Blue Iris Android app via OpenVPN will not connect

elmo

Getting the hang of it
Joined
Dec 25, 2019
Messages
38
Reaction score
39
Location
Tennessee
I got my Blue Iris PC set up over a year ago and had been successfully connecting to my Blue Iris PC using OpenVPN for Android with the OpenVPN server on my Synology RT2600AC. I've been going through a ridiculous run around with Synology support regarding my router OpenVPN server not working due to an expired certificate (that I could not connect to get renewed) problem for 6 weeks. Long story short, I finally was able to get a new Let's Encrypt certificate, re-exported my VPNconfig.ovpn file, and can connect to my network via OpenVPN for Android. When I connect, I get the little key icon, can verify data incoming and outgoing, and can even see the hit on the firewall on the router page. I haven't changed anything in my Blue Iris android app since I last was able to use it before this fiasco. Blue Iris and UI3 both connect while I am on the local network. Once I turn off wireless data or leave home and connect the VPN, neither the Blue Iris app nor the UI3 page will load. The app says it is unable to reach the server. The LAN and WAN are both set to 192.168.1.6:81 which is the local static IP for my Blue Iris box.

I took a screenshot a year ago of my firewall rules in case they were to ever inadvertently get erased, and confirm that they are exactly the same as when I was successfully connecting to Blue Iris via VPN. In the OpenVPN for android setting under allowed apps, I have it set to "VPN is used for only for selected apps," and I have Blue Iris checked.

I am out of ideas to try to figure out why the Blue Iris app won't connect when on VPN. I even pinged the Blue Iris PC while the VPN is connected and the Bitdefender firewall on the camera PC is seeing the hits. I have the Blue Iris folder excluded from the Bitdefender antivirus. I tried turning off the Bitdefender firewall and still cannot connect while using VPN.

Any ideas are appreciated.
 
Last edited:

Valiant

Pulling my weight
Joined
Oct 30, 2017
Messages
305
Reaction score
174
Location
Australia
Let's Encrypt certificates expire every 3 months I understand. Have you automated that process? because renewing it that often manually will be painful .

Seems you have set it up overly complex. Can you not use self signed certificates ?
 

elmo

Getting the hang of it
Joined
Dec 25, 2019
Messages
38
Reaction score
39
Location
Tennessee
Maybe consider Android phone "power settings tweaks" as mentioned by Randy here and detailed here ?
I tried your idea of removing battery optimization from the VPN for Android app but unfortunately I'm still a no go.

Let's Encrypt certificates expire every 3 months I understand. Have you automated that process? because renewing it that often manually will be painful .

Seems you have set it up overly complex. Can you not use self signed certificates ?
I tried with their tech support to use self signed certificates and it simply would not work. The tech said there is a bug in their firmware that they are supposed to be working on to fix this at some point.

The Let's Encrypt are supposed to automatically renew but for some reason they stopped doing so
 

Judman

Getting the hang of it
Joined
Oct 23, 2016
Messages
52
Reaction score
37
Can you access other services and computers while connected to the VPN? Have you tried to ping the PC from your phone with the VPN connected?

I have OpenVPN set to just run everything on my phone through the VPN. If you edit the VPN Config (the pencil icon next to the Profile), go to routing and make sure Use default route is set for IPv4 and IPv6. I want to say this made the difference for me.
 

elmo

Getting the hang of it
Joined
Dec 25, 2019
Messages
38
Reaction score
39
Location
Tennessee
Can you access other services and computers while connected to the VPN? Have you tried to ping the PC from your phone with the VPN connected?

I have OpenVPN set to just run everything on my phone through the VPN. If you edit the VPN Config (the pencil icon next to the Profile), go to routing and make sure Use default route is set for IPv4 and IPv6. I want to say this made the difference for me.
Problem solved. Thank you. I was able to ping my camera PC which is really what had me puzzled. I never had to check those routing boxes before and could find no mention of that anywhere. When I ticked both boxes, viola, the Blue Iris app connects. I went ahead in the VPN config under allowed apps and excluded Chrome as I would rather have it just pull from the LTE as that is noticeably faster.
 

D0T-C0M

Getting the hang of it
Joined
Feb 21, 2021
Messages
103
Reaction score
28
Location
NB, Canada
I was just going to say I had to create a route to my local lan otherwise you'd only have access to the router only and not the other IPs on your lan.

Also with the certificate being expired you can create an exception in your browser to disregard the certificate being expired. In firefox I had to go in the about:config first to config firefox to me to set the exemption. By default firefox doesn't let you make expemptions unless you tell it to allow them. There is no danger here because you control the server and thus know its secure.
 

elmo

Getting the hang of it
Joined
Dec 25, 2019
Messages
38
Reaction score
39
Location
Tennessee
I was just going to say I had to create a route to my local lan otherwise you'd only have access to the router only and not the other IPs on your lan.

Also with the certificate being expired you can create an exception in your browser to disregard the certificate being expired. In firefox I had to go in the about:config first to config firefox to me to set the exemption. By default firefox doesn't let you make expemptions unless you tell it to allow them. There is no danger here because you control the server and thus know its secure.
I see under the OpenVPN for Android config routing a custom routes option. Could I just put the IP of the Blue Iris desktop there instead of checking the use default route Ipv4 and IP6 boxes?

I wasn't aware you could get Firefox to ignore the expired certificate, but wouldn't that only work for the Ui3 page? I don't see how that would effect the Blue Iris app.
 

D0T-C0M

Getting the hang of it
Joined
Feb 21, 2021
Messages
103
Reaction score
28
Location
NB, Canada
I have an Asus RT-AX88U router and I'm running OpenVPN and DDNS on it. DDNS offers the option to certify your domain name so I'm also using "Let's Encrypt" on my router to certify my network. I'm assuming you'll have to put your router IP there because your Blue Iris IP is an internal IP. Are you using DDNS?
 

elmo

Getting the hang of it
Joined
Dec 25, 2019
Messages
38
Reaction score
39
Location
Tennessee
I have an Asus RT-AX88U router and I'm running OpenVPN and DDNS on it. DDNS offers the option to certify your domain name so I'm also using "Let's Encrypt" on my router to certify my network. I'm assuming you'll have to put your router IP there because your Blue Iris IP is an internal IP. Are you using DDNS?
I am using the free DDNS service provided by Synology
 
Top