Open VPN

[GeJee]

Kom er even niet uit, wellicht dat iemand me verder kan helpen.

Thuissituatie:

KPN Experiabox V10 -> Apple Time Capsule (fixed IP op basis van mac-adres) -> Synology DS212 NAS
In de V10 staat de DMZ ingesteld op het ip-adres van de Time Capsule
In de TC staat de default host ingesteld op het IP van de DS212
Nas benaderen vanaf eigen netwerk of extern netwerk gaat goed (ook via 4G)

Routing lijkt dus goed te gaan.

VPN package geïnstalleerd en gekozen voor OpenVPN met instellingen van de screenshot

Configuratie ziet er als volg uit:
dev tun
tls-client

remote XXXXXXXXXXXXXXX.synology.me 1194

# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

#redirect-gateway def1

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

#dhcp-option DNS DNS_IP_ADDRESS

pull

# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp

script-security 2


comp-lzo

reneg-sec 0

cipher AES-128-CBC

auth SHA1

auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
KNIP :-)
-----END CERTIFICATE-----
</ca>

Config geïmporteerd op iPhone 7 Plus met OpenVPN 1.1.1 build 212
Verbinding maken geen probleem maar als ik check blijft mijn IP-adres dat wat het was voordat de VPN werd opgezet, ik krijg dus niet het IP van mijn thuisadres.

Stukje log:
2017-08-09 13:52:59 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec  5 2016 12:50:25
2017-08-09 13:52:59 Frame=512/2048/512 mssfix-ctrl=1250
2017-08-09 13:52:59 UNUSED OPTIONS
1 [tls-client]
3 [pull]
5 [script-security] [2]

2017-08-09 13:52:59 EVENT: RESOLVE
2017-08-09 13:53:00 Contacting XX.XX.XXX.XXX:1194 via UDP
2017-08-09 13:53:00 EVENT: WAIT
2017-08-09 13:53:00 SetTunnelSocket returned 1
2017-08-09 13:53:00 Connecting to [XXXXXXXXXXXXXXX.synology.me]:1194 (XX.XX.XXX.XXX) via UDPv4
2017-08-09 13:53:00 EVENT: CONNECTING
2017-08-09 13:53:00 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2017-08-09 13:53:00 Creds: Username/Password
2017-08-09 13:53:00 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.1.1-212
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1

2017-08-09 13:53:00 NET Internet:ReachableViaWWAN/WR t------
2017-08-09 13:53:00 VERIFY OK: depth=1
cert. version    : 3
serial number    : C4:F5:AD:4B:49:79:37:BF
issuer name      : C=TW, ST=Taiwan, L=Taipei, O=Synology Inc., OU=Certificate Authority, CN=Synology Inc. CA, emailAddress=product@Synology.com
subject name      : C=TW, ST=Taiwan, L=Taipei, O=Synology Inc., OU=Certificate Authority, CN=Synology Inc. CA, emailAddress=product@Synology.com
issued  on        : 2016-02-27 07:59:47
expires on        : 2035-11-14 07:59:47
signed using      : RSA with SHA-256
RSA key size      : 1024 bits
basic constraints : CA=true, max_pathlen=0
subject alt name  :
cert. type        : SSL CA

2017-08-09 13:53:00 VERIFY OK: depth=0
cert. version    : 3
serial number    : 13:86:79:12:49:81:EB
issuer name      : C=TW, ST=Taiwan, L=Taipei, O=Synology Inc., OU=Certificate Authority, CN=Synology Inc. CA, emailAddress=product@Synology.com
subject name      : C=TW, ST=Taiwan, L=Taipei, O=Synology Inc., OU=FTP Team, CN=synology.com, emailAddress=product@Synology.com
issued  on        : 2016-02-27 07:59:48
expires on        : 2035-11-14 07:59:48
signed using      : RSA with SHA-256
RSA key size      : 1024 bits
subject alt name  :
cert. type        : SSL Server

2017-08-09 13:53:03 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
2017-08-09 13:53:03 Session is ACTIVE
2017-08-09 13:53:03 EVENT: GET_CONFIG
2017-08-09 13:53:03 Sending PUSH_REQUEST to server...
2017-08-09 13:53:03 OPTIONS:
0 [route] [10.0.1.0] [255.255.255.0]
1 [route] [10.8.0.0] [255.255.255.0]
2 [route] [10.8.0.1]
3 [topology] [net30]
4 [ping] [10]
5 [ping-restart] [60]
6 [ifconfig] [10.8.0.6] [10.8.0.5]

2017-08-09 13:53:03 PROTOCOL OPTIONS:
 cipher: AES-128-CBC
 digest: SHA1
 compress: LZO
 peer ID: -1
2017-08-09 13:53:03 EVENT: ASSIGN_IP
2017-08-09 13:53:03 Connected via tun
2017-08-09 13:53:03 LZO-ASYM init swap=0 asym=0
2017-08-09 13:53:03 EVENT: CONNECTED admin@XXXXXXXXXXXXXXX.synology.me:1194 (XX.XX.XXX.XXX) via /UDPv4 on tun/10.8.0.6/ gw=[10.8.0.5/]
2017-08-09 13:53:03 SetStatus Connected
2017-08-09 13:53:26 TUN reset routes
2017-08-09 13:53:26 EVENT: DISCONNECTED
2017-08-09 13:53:26 Raw stats on disconnect:
 BYTES_IN : 3478
 BYTES_OUT : 1909
 PACKETS_IN : 12
 PACKETS_OUT : 14
2017-08-09 13:53:26 Performance stats on disconnect:
 CPU usage (microseconds): 337529
 Network bytes per CPU second: 15960
 Tunnel bytes per CPU second: 0
2017-08-09 13:53:26 ----- OpenVPN Stop -----

Ter info, ik ben me er bewust van dat ik op dit moment test op het admin account, maar dit is bewust gedaan om eventuele rechten troubles uit te sluiten. Zodra alles werkend is en ik weet waar ik de boot gemist heb zal ik een apart VPN account gaan aanmaken.

Wie kan me aan de hand van deze gegevens vertellen wat ik vergeet of verkeerd doe?

[Hutje]

#redirect-gateway def1

#dhcp-option DNS DNS_IP_ADDRESS

Hier zou ik de # weg halen.
Tevens bij DNS_IP_ADDRESS even 8.8.8.8 neerzetten.

[GeJee]

Gedaan en jawel ... dit werkt als een speer.
Bedankt voor je snelle reactie.