0

I have an ovpn file which opens a tunnel to router I have setup. This tunnel works since I can confirm that my public IP is located at the same location as this router. This router has a local server connected to it with a web app at port 3333.

I am able to connect to this web app via the VPN tunnel with the LAN address http://192.168.1.244:3333 from my phone (IOS). BUT the same working VPN tunnel on a macbook pro is not able to connect to the web app. "server not responding".

I want to start to diagnose this issue at the very least. I am not sure what I can do. Both the phone and the macbookpro are physically on the same network, both tunneling on the same ovpn file.

What should I look into to investigate and hopefully fix this issue?

Note: The same tunnel worked before through the macbook and I was able to locate the 3333 web app.

Update

This is the routing table on mac os with the VPN tunnel on:

Internet:
Destination        Gateway            Flags               Netif Expire
0/1                10.8.0.5           UGScg               utun4
default            192.168.1.254      UGScg                 en0
10.8/24            10.8.0.5           UGSc                utun4
10.8.0.4/30        10.8.0.6           UGSc                utun4
10.8.0.5           10.8.0.6           UHr                 utun4
91.65.188.223/32   192.168.1.254      UGSc                  en0
127                127.0.0.1          UCS                   lo0
127.0.0.1          127.0.0.1          UH                    lo0
128.0/1            10.8.0.5           UGSc                utun4
169.254            link#15            UCS                   en0      !
192.168.1          link#15            UCS                   en0      !
192.168.1.105/32   link#15            UCS                   en0      !
192.168.1.115      4a:54:d3:8a:b2:cb  UHLWIi                en0   1154
192.168.1.117      72:26:cd:9c:0:94   UHLWI                 en0   1158
192.168.1.254/32   link#15            UCS                   en0      !
192.168.1.254      2c:79:d7:56:ed:3b  UHLWIir               en0   1163
192.168.1.255      ff:ff:ff:ff:ff:ff  UHLWbI                en0      !
224.0.0/4          link#15            UmCS                  en0      !
224.0.0.251        1:0:5e:0:0:fb      UHmLWI                en0
239.255.255.250    1:0:5e:7f:ff:fa    UHmLWI                en0
255.255.255.255/32 link#15            UCS                   en0      !

And this is without the VPN tunnel:


Internet:
Destination        Gateway            Flags               Netif Expire
default            192.168.1.254      UGScg                 en0
127                127.0.0.1          UCS                   lo0
127.0.0.1          127.0.0.1          UH                    lo0
169.254            link#15            UCS                   en0      !
192.168.1          link#15            UCS                   en0      !
192.168.1.105/32   link#15            UCS                   en0      !
192.168.1.254/32   link#15            UCS                   en0      !
192.168.1.254      2c:79:d7:56:ed:3b  UHLWIir               en0   1199
224.0.0/4          link#15            UmCS                  en0      !
239.255.255.250    1:0:5e:7f:ff:fa    UHmLWI                en0
255.255.255.255/32 link#15            UCS                   en0      !

Clearly there are routes added to the table when VPN tunnel is on

Improve this question
4
  • 1
    Not familiar with Apple stuff, but maybe even iOS and macOS still have different approaches in routing (just like the heavy usage of extra route tables in Android but not in typical "desktop" / GNU Linux). I think you'd need to at least provide the route table on your macOS (preferably before and after connecting to the VPN). Client and server opvn conf files in addition might help as well (with the private / sensitive parts redacted, of course).
    – Tom Yan
    Commented May 1 at 21:32
  • @TomYan Thanks for the advice. I added the routing tables to my question. Will add config files too if this is not enough
    – bcsta
    Commented May 2 at 7:17
  • Well, obviously the necessary route(s) isn't added. As you can see, your physical LAN uses the IP subnet 192.168.1.0/24 as well. In that case, the "default route override", namely 0.0.0.0/1 and 128.0.0.0/1, is not enough for you to access any 192.168.1.0/24 host on the remote side. (In other words, if say it is connected to some other WiFi or so that uses another IP subnet, the current VPN configuration would "work" OOTB.)
    – Tom Yan
    Commented May 2 at 7:59
  • Although your OS is not NetBSD, but the situation is somewhat similar to this question. You may see my answer there to get some more idea. (Things might be "easier" in the macOS case, but again I'm not familiar with it enough to tell.)
    – Tom Yan
    Commented May 2 at 8:00

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .