VPN Primer for Noobs

What VPN Solution are you using?


  • Total voters
    857
Thanks, seems the settings have changed in Android 7.0. Already had Power Saving mode turned off, and the other options (ultra power saving, etc.) don't exist, and can't find "Restrict all background data". Argh. Frustrating. :)

Edit" Found the restrict background data option, was already turned on so that wasn't it either.
 
Last edited:
This is a fascinating issue. When I connect the S6 via OpenVPN after shutting off its WiFi, I can connect to my main router page, my Brother Printer, etc. via the local IP address as if I'm connected via WiFi.

What's interesting, is that I can't get to my NVR's login page, it just hangs and hangs and never loads.

On my S8, I can get to the NVR login page easily.

Now that's messed up! Trying to think through what could potentially cause this, seems like it must be an NVR setup issue somewhere if the S6 can't connect to the NVR local IP but has no issues connecting to other devices on my home network.
 
Have tried a bunch of different things at this point to no avail.

Any thoughts as to why one IP address (the NVR) can't be accessed on my S6 while all others appear fine...and all is fine on the S8?

Tried TinyCam as well but not surprisingly it didn't load. What's weird is that iVMS-4500 is recognizing there are 7 cameras on the IP address I give it but can't connect.
 
Been looking to get sorted for a while, tried a few options and ended up here.

Raspberry pi 3 running vpnpi, and after one wobbly, as in the official openvpn app failed to allow me to use a password on the .ovpn file !! I found using openvpn for android client works..
 
I have an S6, and remember having to do something "special" on it before openvpn worked.
See this
Samsung S6 6.0 Energy options break VPN · Issue #471 · schwabe/ics-openvpn · GitHub

Are you running on Android 7.0?

I'm baffled by this and basically my wife can no longer view our cameras when she's not connected to our wifi (which is kind of the point of this!).

I've even tried completely resetting the phone to factory defaults, reinstalling everything, exporting a new OpenVPN file, ensured power saving mode is off, that the apps aren't optimized for battery usage, that restrict background data is off, yet same issue. Connects just fine to OpenVPN, but doesn't want to connect to my NVR's IP Address at all. Even with other IP addresses, it's hit and miss as to whether it connects and sometimes it will connect once, and next time I try a 10 seconds later just hangs.

Makes no sense whatsoever.

Edit: Interface Type on router is TUN in case anyone was going to suggest checking that.
 
Holy cow, finally figured it out.

In case anyone else has the same issue with OpenVPN and their Galaxy S6 not connecting to local IP addresses, in the OpenVPN app on Android I had to go into preferences, and then in VPN Protocol I had to specifically select "UPD" instead of the default "Adaptive".

Also, had to click the checkbox on "Force AES-CBC ciphersuites" as well which by default is not checked in the app.

Not sure why as my S8 works fine at default settings.

Phew.
 
Just for fun I tried the same app settings in my Galaxy S8 and guess what? The same settings cause that phone to stop connecting to OpenVPN. Just plain weird.
 
Also, had to click the checkbox on "Force AES-CBC ciphersuites" as well which by default is not checked in the app.

I also have had to do this for every phone tablet I've set up with my Qnap NAS. didn't have to do it with the PIVPN I set up at my parents house though I don't think.
 
Is there a way to force the Blue Iris iPhone app to start the VPN when you click on the iPhone BI icon? That sounds like a useful and basic option? If not, is there a way to program a "macro" that would start the VPN (OpenVPN) then start the Blue Iris mobile app?
I would think an option in BI would be best and logical but not sure it has been considered or tried. Thanks
 
So I've run into a problem sing OpenVPN on a Netgear 7000.

I successfully configured the VPN on an iPhone 6 and when launching OpenVPN is connects to the router as expected according to the router logs. I also get a successful connection indication on the OpenVPN client on the iPhone. But I cant connect to my internal IP for the DVR (192.168.1.x) because the router assigns an IP of 192.168.254.2 and yet the router is by default showing the LAN as 192.168.1.0 with a 255.255.255.0 subnet mask.....?????????????????

Apparently I'm not the first IP networking dummy to run into this, but he didnt seem to get a fix either.. R7000 VPN with iOS device - IP in subnet 192.168.2... - NETGEAR Communities
 
Can you connect to anything else on your network? What do you mean, "can't connect to dvr"? If I type the IP address of my NVR intro my phone's browser, nothing "connects" either. Whether I'm on my VPN or not.
 
Sorry I left out that part. I'm connecting via iDMSS as I normally do.

When I launch iDMSS on the iPhone it times out looking for the cameras/DVR. The router and OpenVPM app on the iPhone clearly show a connection established, but the router is giving the iPhone an IP of 192.168.254.2 and the DVR is at 192.168.1.108. All of the other LAN connected devices are assigned a 192.168.1.X address EXCEPT the device connecting via OpenVPN...

So any device that connects via OpenVPN that has a 192.168.254.X address isnt going to be able to talk with another device on the LAN with a 192.168.1.X address....
 
I THINK it needs to be different than your internal numbers? And it needs to be different than the numbers of whatever network your physically connected to also. Maybe there's some bridging that needs to happen, but I'm not entirely sure.

Can you change the range in the router? It should let you set it. Play with some different options?
 
My VPN server gives connected clients a 10.8.0.xx address. I ran into a problem once at an airport where their wifi gave clients the same 10.8.0.xx address and I couldn't connect to my VPN.
 
I'm certainly no IP networking expert :lmao: but I'm pretty sure for devices to talk on a network that have to be in the same range...
I suppose I could try and change the subnet mask to 255.255.0.0 which would in theory allow the 192.168.254.X range, but that may open other problems?
 
My VPN server gives connected clients a 10.8.0.xx address. I ran into a problem once at an airport where their wifi gave clients the same 10.8.0.xx address and I couldn't connect to my VPN.

That I would understand, the device would think it was connected to your home network when it wasnt.. But I'm not connected to WiFi and my home router doles out 192.168.1.X addresses to anything else that connects.
 
Do you have the right username/password for the NVR?

I'm pretty much out of ideas. But I'll suggest one more thing. Download TinyCam. While connected to your Wi-Fi, scan the network and add some cameras. It should find then automatically and then be sure to set the password in the app for each camera. Add the NVR as a device as well. Once you get that working while on your wifi, then disconnect and go to mobile data, connect to your VPN, then reopen TinyCam a day see if you can see any of the streams.

You'll probably run into the same issue, but, that's what I'd try if I was troubleshooting my own setup.
 
Thanks David, yes I have the correct password and can indeed connect to the DVR without going through the VPN via iDMSS, the Web interface, SmartPSS, Tinycam or anything else I want to use. But once I connect via VPN the router is assigning the 192.168.254.X address to the VPN connected device and my internal network is on the 192.168.1.X range, thus, no connected device through the VPN can communicate with the devices on the 192.168.1.X range...

I did try opening the subnet mask to 255.255.0.0 which would in theory make the LAN network bigger and encompass the 192.168.254.X range, but the DHCP server of the router still doesnt recognize anything beyond 192.168.1.X and doesnt allow me to manually set the DHCP range, so that doesnt work ... iDMSS still times out trying to connect via OpenVPN

Thanks for your help, I'm going to pose the question to our Corp IT guy who may be able to figure it out.