Unable to view services when connected to the network via VPN

Hello!

So I’ve got Sonarr, Radar, Transmission and Prowlarr setup on a Pi installed with DietPi and everything is working great. OpenVPN is setup to auto connect to my AirVPN account. When I’m away from home I can connect to my network using a VPN on my mobile device but I cannot access any of the services on the Pi running the DietPi software. I have a separate Pi running PiHols and I can access the webui fine but can’t access anything on the DietPi - has anyone else run into this problem?

Thanks!

Did you enabled the killswitch on OpenVPN? If yes, it is blocking access to the device

No, the killswitch on the DietPi-VPN is disabled.

How does it behave if you disable OpenVPN client on DietPi?

If I disable the DietPi-VPN I am able to connect to the services remotely.

the problem is the way how packages are received and send back. They arrive on our DietPi device via your own VPN but send back via your AirVPN.

Best to my knowledge, you would need to setup additional iptable rules to send packages from your own VPN back same way and not via AirVPN. So called split tunnel.

We have a couple of similar topics within the forum but I guess @trendy might be able to assist further.

1 Like

With the VPN switched on please run the following and paste here the output:

iptables-save -c; ip -4 addr; ip -4 ro list table all; ip -4 ru

Here’s the output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.0.250/24 brd 192.168.0.255 scope global dynamic eth0
       valid_lft 77666sec preferred_lft 77666sec
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    inet 10.16.78.73/24 brd 10.16.78.255 scope global tun0
       valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.16.78.1 dev tun0
default via 192.168.0.1 dev eth0
10.16.78.0/24 dev tun0 proto kernel scope link src 10.16.78.73
104.254.90.245 via 192.168.0.1 dev eth0
128.0.0.0/1 via 10.16.78.1 dev tun0
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.250
broadcast 10.16.78.0 dev tun0 table local proto kernel scope link src 10.16.78.73
local 10.16.78.73 dev tun0 table local proto kernel scope host src 10.16.78.73
broadcast 10.16.78.255 dev tun0 table local proto kernel scope link src 10.16.78.73
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.0.0 dev eth0 table local proto kernel scope link src 192.168.0.250
local 192.168.0.250 dev eth0 table local proto kernel scope host src 192.168.0.250
broadcast 192.168.0.255 dev eth0 table local proto kernel scope link src 192.168.0.250
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

What is the subnet that you are using for the VPN server to connect at home from the Internet? And on which device does the VPN server terminate? (its IP basically)

It looks like it’s 192.168.2.3 - with a DNS Server of the router: 192.168.0.1 (I’m using the Teleport function in the WiFiman app from Unifi).

Try to add this static route ip -4 route add 192.168.2.0/24 via 192.168.0.1
If it is successful, you can make the change permanent by adding it in the startup script.

1 Like

That worked perfectly, thank you both for the help!

1 Like