1st, if this isn’t the place for this just let me know and I’ll delete this. I’m just posting here because a vpn seems like “must have” to tinker with h.e and pivpn seems like the cheapest and easier way.
Pivpn installed successfully. External ip and google dns
Successfully ftp the ovpn client file
Opened it on iPad and it wouldn’t connect
Trouble shooting so far, I made sure the external ip in the file matched my ip
And I double checked port forwarding. Opened router settings, clicked my pi and forwarded 1194. Then I totally disabled my pi hole. Still no luck.
I tried from a cell connection, bypassing any in network conflicts. Any suggestions?
Silly question, but did you forward UDP packets to port 1194 on your Rpi?
I previously had pivpn configured (worked great btw) but switched to a router that had it built-in because it didn't rely on an internal devices to exposed on an external port.
However when I used pivpn, I used the android client. I forgot the minor issues I ran into but there was a log in the openvpn app that told me why the connection couldn't be established (cert, password or otherwise). Verify whether there is a log on the IOS app and keep it open when you try to connect. It might point you in the right direction.
PS this is the video that I used as a guide for my install back then:
Yea, I see that now. Thank you. Btw, have you ever run vpn off a router that’s only a bridge or access point?
Edit: I have Fios and you HAVE to use their router first for tv to work. But their WiFi stinks. I plan on turning WiFi off, buying my own router then connected lan to wan. Then using the second router in bridge mode for WiFi. Can that second router have a vpn server while only in bridge mode?
I did not realize there was a security difference and assumed there would only be a performance hit. I am only able to get TCP outbound on specific ports on our enterprise wifi so I'm forced to use TCP. Can't change it yet (hopefully soon), but good to know.
In my opinion, considering that the OpenVPN payload is encrypted (default 256-bit) with an industrial grade cipher (AES-256-CBC), the capacity to more easily reassemble a sequence of TCP frames reduces security by a minuscule amount. I wouldn't lose any sleep over it.
Back when I started using openvpn I read it somewhere and blindly followed the advise. I just read up on things and can conclude that it is far from true. It might even be a little bit the other way around, especially in case of connecting to your own VPN via a smartphone over 4G. Because UDP doesn't use a 3-way handshake and package numbering it's easier to spoof the connection and insert packages (though easily secured with source IP white list). TCP on the other hand uses 3-way handshake and package numbering. So that is harder to actually insert packages in, but it never checks the security or source again after successful handshake and the first package with the right package number is accepted and therefore spoofable. But I think, no that I actually read all this, it's not very likely anybody would be able to get in your TCP connection in the first place because they would need your encryption key in the first place.
Though, the one you should consider is that TCP might be slower, it does check for errors and resends package if they are corrupted in any way. UDP might be faster because the lack of error checking, though you might have more problems with package loss.