From owner-freebsd-questions@freebsd.org Thu Dec 7 12:06:32 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1732AE84F1E for ; Thu, 7 Dec 2017 12:06:32 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.fagskolen.gjovik.no", Issuer "Fagskolen i Gj??vik" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9D4BC2944 for ; Thu, 7 Dec 2017 12:06:31 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.15.2/8.15.2) with ESMTPS id vB7C6InY018328 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 7 Dec 2017 13:06:18 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.15.2/8.15.2/Submit) with ESMTP id vB7C6Iil018325 for ; Thu, 7 Dec 2017 13:06:18 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Thu, 7 Dec 2017 13:06:18 +0100 (CET) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: "freebsd-questions@freebsd.org" Subject: Re: openvpn & win10 vpn In-Reply-To: <5A292C9D.9010902@gmail.com> Message-ID: References: <5A290AFD.1080902@gmail.com> <5A292C9D.9010902@gmail.com> User-Agent: Alpine 2.21 (BSF 202 2017-01-01) Organization: Fagskolen Innlandet OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 Content-ID: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail.fig.ol.no Content-Type: text/plain; CHARSET=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Dec 2017 12:06:32 -0000 On Thu, 7 Dec 2017 19:57+0800, Ernie Luzar wrote: > Trond Endrestøl wrote: > > On Thu, 7 Dec 2017 17:33+0800, Ernie Luzar wrote: > > > > > It's my understanding that everything I do on the laptop will pass through > > > the > > > vpn tunnel to the host and then access the internet using the ip address > > > of > > > the host. > > > > Try configuring split tunnel on your openvpn server. > > > I can not find any reference to split tunnel mode in the documentation I misread your question. Split tunnel will not help. My bad. Maybe some of the HTTP headers give away your C/O IP address which is different from your openvpn server's address. -- Trond. From owner-freebsd-questions@freebsd.org Thu Dec 7 13:14:10 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 75CA0E86507 for ; Thu, 7 Dec 2017 13:14:10 +0000 (UTC) (envelope-from 4250.10.freebsd-questions=freebsd.org@email-od.com) Received: from bca5.email-od.com (bca5.email-od.com [207.246.239.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 449C563EE9 for ; Thu, 7 Dec 2017 13:14:09 +0000 (UTC) (envelope-from 4250.10.freebsd-questions=freebsd.org@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1512652451; x=1515244451; h=x-thread-info:date:from:to:subject:message-id:in-reply-to:references:mime-version:content-type:content-transfer-encoding; bh=dIdyI6ppMyNPNBkP6g9DA96FlsRHjvsZyhT3RGpGaug=; b=Tz0SGy+CZjTCBRHcjSIjxpuXed3rxXRT7tc7U4rXah2xN40GhfjzfFSKrMby/6totFWAfY5ypTXKJ+jddLnvfoLoXEfmTvwesZeSVRL7vvvDAMtbtIrorBXus88ZM/XvEkXSMESUz9UJbJ+FH5LcpQ3Es4HABx+tgj6b+zhM1w8= X-Thread-Info: NDI1MC4xMi44MTAwMDAwMDRjM2FhNS5mcmVlYnNkLXF1ZXN0aW9ucz1mcmVlYnNkLm9yZw== Received: from r1.h.in.socketlabs.com (r1.h.in.socketlabs.com [142.0.180.11]) by bca2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Thu, 7 Dec 2017 08:13:57 -0500 Received: from smtp.lan.sohara.org (EMTPY [89.127.62.20]) by r1.h.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Thu, 7 Dec 2017 08:13:55 -0500 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.89 (FreeBSD)) (envelope-from ) id 1eMvzt-00088K-7V for freebsd-questions@freebsd.org; Thu, 07 Dec 2017 13:13:53 +0000 Date: Thu, 7 Dec 2017 13:13:53 +0000 From: Steve O'Hara-Smith To: freebsd-questions@freebsd.org Subject: Re: openvpn & win10 vpn Message-Id: <20171207131353.5bdeb3276b704f35e2a103bc@sohara.org> In-Reply-To: <5A290AFD.1080902@gmail.com> References: <5A290AFD.1080902@gmail.com> X-Mailer: Sylpheed 3.6.0 (GTK+ 2.24.31; amd64-portbld-freebsd11.0) X-Clacks-Overhead: "GNU Terry Pratchett" Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Dec 2017 13:14:10 -0000 On Thu, 07 Dec 2017 17:33:49 +0800 Ernie Luzar wrote: > On my home 11.1 server I have installed the pkg version of openvpn and > configured it to use certificates. On my windows 10 laptop I have > installed the openvpn client and configured it. I copied the client ca, > crt, and key generated on the host to win10. When I connect the win10 > openvpn client the log shows everything is connected ok. > > It's my understanding that everything I do on the laptop will pass > through the vpn tunnel to the host and then access the internet using > the ip address of the host. That depends on the configuration, the openvpn server can be configured to push a default route in which case (if the client doesn't decline the push) then all traffic will go across the VPN, but it doesn't have to be configured that way. To find out you can either read the client and server config files carefully or (do this) point your laptop browser at somewhere like myip.com and find out what IP address you're using - if it isn't the one you want to be using then you will have to look at those config files and fix them (feel free to post them for help). > Secure Connection Failed > > The connection to www.hulu.com was interrupted while the page was > loading. That doesn't sound like a VPN problem - not sure what it is though. -- Steve O'Hara-Smith