openvpn-install
openvpn-install copied to clipboard
Nyr
macOS cannot access LAN, but Android can
I'm using a bare Debian 11 image. I use the script to generate the .ovpn file. When I use the file on my android phone (OpenVPN client) I can access my LAN fine. But when I use the file on my mac, I cannot access any LAN IPs.
I've tried using OpenVPN Connect Version 3.3.6 (4368) and Tunnelblick 3.8.8beta04 (build 5800) on macOS Monterey 12.4 (21F79).
When I connect to 443/80 endpoints (regular web browsing) the IP address is correct (the VPN server's IP), so I know the VPN server is functioning correctly. Using ipaddress.com on the mac verifies this.
I'm mystified. I searched all sorts of things regarding the two mac clients and the OpenVPN manual and the github Issues here to no avail... This wasn't an issue a year or two ago... Trying to figure out if it's macOS weirdness (the new versions are sadly worse in a lot of ways) or if it's something to do with the clients or ?
I know this is likely not an issue with Nyr/openvpn-install but I'm at a total loss and if anyone else is having this issue, I'd love to figure out the why and wherefore. 🙏
i don't use mac regularly but can you check the dns settings? best bet is to set to automatic and let the vpn route the traffic. then if you want to get picky set the mac's dns to match. i believe opendns is the default with the script.
Thanks, I set up another vpn instance using 8.8.8.8 this time (overriding the script default of inheriting the DHCP server's settings) to no avail. My router is set to use 1.1.1.1/1.0.0.1, and the mac confirms this behavior (I can see 192.168.1.1, 1.1.1.1, 1.0.0.1 in the gui settings for wlan). I will try again, but if I recall, the mac doesn't allow for manual override of DNS server. (I'm not in front of my computer right now, so I probably sound clueless). But thank you for pointing out the DNS issue. Perhaps I will try to remove the 192.168.1.1... but that doesn't seem like it will fix it because when connected to the VPN, I can get to my router's settings screen by going to 192.168.1.1... hmm
I set the mac's DNS to 8.8.8.8/8.8.4.4 manually but no dice. When I navigate to 192.168.1.1 it goes to the Spectrum "configure my router" website. If I connect with my android phone, it correctly goes to my own router (where the vpn server is). I'm lost. hmmm...
It may very well by a DNS issue, but can't quite put my finger on it. I guess back to Google!
Router, pc/mac and vpn script should all have matching dns. I would set the router and pc/Mac to automatic dns for diagnosing the problem (hopefully working) then change dns again one by one, testing each change. Ipv6 is not needed when using the vpn, fyi. Maybe you changed something there too
Thanks for your comment. Everything has been set on auto for years now. The router is set for 1.1.1.1/1.0.0.1 and the mac and android devices use automatic DNS. I previously tried to manually tinker with the DNS on the mac to no avail.
When I connect to the vpn server with the android phone, everything works as expected, meaning I can access LAN IPs and even manage the router, etc. But when I connect to the vpn server with the mac, I can't access any LAN resources. BUT when I use ipaddress.com it correctly shows the IP as the IP of the vpn server.
A real mystery for me that I'm not sure how to begin to troubleshoot...
I tried again with Tunnelblick this time on the mac, and after a few minutes, Tunnelblick gave me the following message (on this vpn server, I chose to manually use Google's DNS instead of auto):
Using a different vpn server I had previously set up, Tunnelblick gives me the following message (this server uses Option 1 for the DNS, which is to use whatever the router is using):
@thejohnha Try changing your Server LAN to a different subnet. eg. 192.168.51.0/24
@misterG13 The script does not support MacOS as the host to run the script, that is all.
@thejohnha Try changing your Server LAN to a different subnet. eg.
192.168.51.0/24
Thanks @TinCanTech this was a good suggestion. But it looks like the server is set to be on 10.8.0.0 already. Quoting from my server config file:
server 10.8.0.0 255.255.255.0
More sleuthing uncovered this: https://apple.stackexchange.com/questions/365178/dns-on-vpn-does-not-work
Still trying to resolve this issue... It's not an Nyr/openvpn-install issue at all as I mentioned in my original post, but still hoping this can be useful to macOS users.
One item is that the current (foreign) network I'm using right now uses 192.168.1.0/24 which coincides with my home network [that I'm trying to vpn into]. I believe trying to access LAN IPs (on my home network) e.g. 192.168.1.x are failing because my mac is trying to access those on the current network I'm using.
@thejohnha Which is why I suggest you change your server LAN IP.
Hmm, @TinCanTech did you happen to see my prior post? I thought it was sufficient that the server config had this line (the script default):
server 10.8.0.0 255.255.255.0
Your server LAN is not your VPN subnet.
Thank you very much for the clarification 🙏 *back to the OpenVPN manual
I still haven't figured out how to change the server's subnet, but in the meantime I found this post.
For certain IPs on my home LAN, I can manually add the route using: sudo route add -host 192.168.1.5 -interface utun3
You mentioned a router, that would create a subnet. Usually 192.168.#.#. the vpn creates subnet 10.#.#.#. Login into the router to change the subnet, how to do that is usually on the bottom of the router
Thanks, @misterG13 but I can't change my subnet at home because it would mess up too many things... And I can't change the subnet where I'm at right now because I don't have access to the router.
OK, after testing on different networks I realized this issue only exists when the remote network you're connected to shares the same network where your VPN server is on. In my case that was 192.168.1.0/24 255.255.255.0. Still not sure why the android device worked fine, but the mac didn't... This is totally unrelated to the openvpn-install script, so my apologies for creating this issue here while I sorted it out. I would still like to figure out how to make macOS work for this use case, but it's tough for me to test it now that I am no longer using the remote network I was on temporarily while traveling.
