Menu
What's new
By:
Filters Better Search

Routing my VPN Server through VPN Client 1 Having issues with Facetime

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

ComputerSteve

Senior Member
Hello, So I am using VPN Director with this rule to route Server 2 through Client 1 :::
Torrent Route10.16.0.0/24OVPN1

I am noticing.. That while my internet connection works / I just can't use facetime / iOS push notifications also don't work on the macbook that is connecting to this server. Is there something i'm doing wrong ? Or is that expected?

This is the screenshot of Server 2:
Screenshot 2024-07-30 at 11.54.55 AM.png
 
The good news is, in general, when configured as you have it, it usually just works. Why it doesn't is difficult to know for sure w/o more details about your overall configuration.

One thing you always have to be careful about is the possibility of conflicts between the IP network on the local OpenVPN server's tunnel (10.16.0.0/24 in this case), and the IP network of the OpenVPN client's tunnel, esp. since it's the remote OpenVPN server that dictates what's used. Those obviously have to be different.

All that said, we did/do have an issue w/ 388.7 regarding channel tunnels.

www.snbforums.com

Clarification and Discussion on Recent 388.8 Changes

There are two changes in the 388.8 release that need clarification. VPN Kill Switch Initially (and quite some ago at this point), the OpenVPN kill switch used to be persistent. IOW, even if the OpenVPN client was disabled/off, the kill switch remained active. However, so many ppl complained...
www.snbforums.com www.snbforums.com

IIRC, it was later discovered that use of the VPN Director avoided the problem. So on the face of it, it would seem NOT to apply. Esp. if the problem is limited to specific services or destination IPs. But given you weren't specific about router model or firmware, well..., I think it's still work mentioning, esp. since your configuration otherwise comports w/ one known to be problematic w/ the 388.7 release. But again, it could be completely irrelevant at this point.
 
Ok so i'm confused by your response (sorry im kinda a novice with this stuff) So I thought all I did was add 10.16.0.0/24 rule in vpn director to get this to work. That does seem to work its just like facetime isn't working or apple push notificaitons. I don't think it's a conflict because my lan ips are 192.168.50.1-192.168.50.254 // Isn't the vpn using 10.16.0.0 ?
 
What I was referring to is the IP network established on the tunnel between the local OpenVPN client #1 and the remote OpenVPN server to which it is connected. There's always a chance that IP network could come into conflict w/ the IP network of your own OpenVPN server on that router, or (of course) a local IP network on that router. Since the OpenVPN server dictates the IP network on the tunnel, you don't typically know what that will be until OpenVPN client #1 gets connected! It's only then you might discover a conflict.

Regardless, if in fact it works at all, even partially for only some services and/or destinations IPs, then presumably all is OK in that regard, and the issue lies elsewhere.
 
Depends on whether they need local name resolution from your own DNS server. If that's the problem, then obviously it won't help. If you have a more general problem w/ DNS (e.g., nothing was working), I would say you should stop advertising it and allow the clients to continue using their own local DNS server(s), if only to see if things begin working.
 
So I still am not understanding whats not working so for example--- It seems to be anything apple isn't working --- If I click on Apple News app it says i'm not connected to the Internet -- However I am connected i'm using safari and making this post online on these forums and I know i'm going trough the VPN because the IP i'm seeing in the browser is my VPNS.
 
Well what happens if you do NOT route those OpenVPN clients of your OpenVPN server through OpenVPN client #1, but just over the WAN? Does everything work?

BTW, what is OpenVPN client #1 connected to? Your own OpenVPN server? A commercial OpenVPN server (e.g., NordVPN)?

That perhaps is part of the problem here. There are very few details provided.
 
Last edited:
Yes so it seems to work if I don't route through server 2 to client 1 ---- Meaning what I did was in VPN director I added my laptop and just routed it directly through VPN client 1 meaning my Macbook is now directly using the VPN... So what could be doing this because I want to be able to remotely connect my laptop to the vpn through server 2??? Should I change the ip of the sever to something other than 10.16?
 
eibgrad said:
Well what happens if you do NOT route those OpenVPN clients of your OpenVPN server through OpenVPN client #1, but just over the WAN? Does everything work?

BTW, what is OpenVPN client #1 connected to? Your own OpenVPN server? A commercial OpenVPN server (e.g., NordVPN)?

That perhaps is part of the problem here. There are very few details provided.
Click to expand...
OH its connected to Hide.me vpn provider !
 
In cases like these, I find it more efficient to simply dump the internals and see if any conflicts are self-evident. If all looks good, then we can start to consider other possible culprits.

Code: 
ifconfig
brctl show
ip route
ip route show table ovpnc1
ip rule
iptables -vnL
iptables -t nat -vnL
cat /tmp/etc/openvpn/server2/config.ovpn
cat /tmp/etc/openvpn/client1/config.ovpn

Feel free to mask your public IP, keys, etc. Just make it obvious and consistent.

And please provide the specifics of your router and firmware!
 
eibgrad said:
In cases like these, I find it more efficient to simply dump the internals and see if any conflicts are self-evident. If all looks good, then we can start to consider other possible culprits.

Code: 
ifconfig
brctl show
ip route
ip route show table ovpnc1
ip rule
iptables -vnL
iptables -t nat -vnL
cat /tmp/etc/openvpn/server2/config.ovpn
cat /tmp/etc/openvpn/client1/config.ovpn

Feel free to mask your public IP, keys, etc. Just make it obvious and consistent.

And please provide the specifics of your router and firmware!
Click to expand...
I figured out a way to do it -- I private messaged you !
 
Thanks for the dumps.

Upon an initial examination, I don't see any obvious errors or conflicts. But given the nature of those things you claim are NOT working (facetime, push notifications), I'm wondering if in fact they are intended to work over a VPN. These kinds of services *might* depend on the ability to initiate connections from the server side of the OpenVPN tunnel, which is normally blocked w/ the Inbound Firewall setting (and I can tell from the dumps that it's set to Block). And I can see there were a few attempts to initiate connections from the far side of the tunnel which were in fact DROPped.

Code: 
Chain OVPNCI (1 references)
 pkts bytes target     prot opt in     out     source               destination       
    4   200 DROP       all  --  tun11  *       0.0.0.0/0            0.0.0.0/0

Then again, it seems to work if you bypass your own OpenVPN server and access the local OpenVPN client directly. So that would seem to suggest the OpenVPN client configuration is just fine. So I don't really see why routing through the OpenVPN client via the OpenVPN server would be any different.
 
So I tried it with x3mrouting and the same thing. How do I fix those drops. Those drops don’t seem to happen if I just connect directly to the client and don’t route it through server 2. Any suggestions?
 
ComputerSteve said:
So I tried it with x3mrouting and the same thing. How do I fix those drops. Those drops don’t seem to happen if I just connect directly to the client and don’t route it through server 2. Any suggestions?
Click to expand...

I'm not sure those drops are actually related. I suspect they aren't. But just out of curiosity if nothing else, you could try changing the Inbound Firewall rule to Allow, if only temporarily. Again, I don't really see the need, but let's just see.
 
So far we know that if you bypass your own OpenVPN server and directly access through the OpenVPN client to hide.me, it works. But what we don't know is if you access through your own OpenVPN server, but instead direct that traffic out the WAN, whether it still works.

I'm interested because I want to see if perhaps the OpenVPN client to hide.me is just a red herring, and if your own OpenVPN server is the real issue. If it is, it won't matter which route it takes once it comes into your own OpenVPN server, WAN or VPN, it still won't work.
 
Meaning you want me to remove the rule in vpn director meaning disable the redirect :: Meaning this rule disable it and then connect to the server and see if it work?
Route10.16.0.0/24
 
You must log in or register to reply here.

Similar threads

S
VPN Director - 2 VPN Clients and Killswitch (3004.388.8_2)
Replies
12
Views
806
Skillz
S
G
Using VPN Director to route only torrent traffic through VPN
Replies
9
Views
666
goldnet
G
C
How can I do this.. Router VPN Client to Server 2
Replies
3
Views
671
ComputerSteve
C
J
VPN director Multiple OpenVPN clients
Replies
7
Views
518
eibgrad
eibgrad
C
Weird client VPN problem that just started !
2 3
Replies
53
Views
2K
RMerlin
RMerlin
Similar threads
Thread starter Title Forum Replies Date
G [Help] Routing VPN server through VPN client (external VPN Provider) Asuswrt-Merlin 14
Celico Routing only traffic to specific IP through VPN? Asuswrt-Merlin 7
O PI hole + unbound + domain vpn routing Asuswrt-Merlin 10
CaptnDanLKW VPN Stays connected but Stops Routing after DoH Change Asuswrt-Merlin 2
el_pedr0 Please help me diagnose knotty routing problem Asuswrt-Merlin 4
T [Solved]Configure Policy based routing for transparent proxy Asuswrt-Merlin 6
M OpenVPN / site to site with special security/routing constraints Asuswrt-Merlin 7
Acru Bug Report: nvram chilli_enable=1 when guest network is removed causes no routing to occur Asuswrt-Merlin 2
P IPv6 routing table flags Asuswrt-Merlin 2
N Forward only specific port's traffic to Wireguard VPN Asuswrt-Merlin 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 631 (members: 23, guests: 608)
Top