Remote access via OpenVPN question

smarthome1 · November 18, 2019, 5:57pm

Hey guys -

I am trying to get OpenVPN setup on my home network so I can connect to the HE hub remotely. I've got a Netgear R7000 router that I flashed to Advanced Tomato firmware awhile back. Tomato supports OpenVPN server, so I have configured the server and created the client certs and .opvn config file for my Android phone and for my laptop.

I wanted to be able to access machines on my home network, so I set the the OpenVPN server up as TAP, not TUN. In my preliminary testing, things seem to be mostly working from my laptop... with the VPN connection established, I can access the internet over VPN, as well as bring up the HE hub webpage and my router admin page. I can ping my LAN machines by their LAN IP addresses, but I can't ping my LAN machines by their WINS names, but that is probably because I'm using a Macbook for testing this out.

I'd also like to be able to reach the hub over OpenVPN directly from my Android phone, but I discovered that OpenVPN only works in TUN mode on Android/iOS, not TAP mode. So my question is this... if I setup a 2nd OpenVPN server on my router (Tomato allows you to set up 2 OpenVPN servers on the same router) and set the 2nd server to use TUN instead of TAP... should my Android phone be able to reach the HE hub via the Hubitat app? If not, how do you guys have your OpenVPN servers configured to allow that?

spokra · November 18, 2019, 6:27pm

I have openvpn running on a PI and then port forward the needed ports into it. works like a charm

aaiyar · November 18, 2019, 7:17pm

This is correct (and unfortunate). I ran into this limitation as well in a different context. While trying to send SSDP over VPN.

It will work. Just bear in mind that both VPN servers cannot be bound to the same port (typically UDP 1194 for openVPN). So you'll have to adjust the client configuration files accordingly.

inetjnky · November 18, 2019, 7:20pm

I have my ASUS router setup with OpenVPN using TUN and it's working just fine to connect to HE while I'm away from IOS on my iPhone.

smarthome1 · November 22, 2019, 4:42pm

I have been able to get both OpenVPN servers (TAP and TUN) running on my Netgear R7000 router and had success connecting to Hubitat hub via both my laptop remotely over the TAP server and via my Pixel phone remotely via the TUN server. So that's all good.

I don't think I have the OpenVPN servers configured exactly right as I get some error messages from the TunnelBlick OpenVPN client on my MacBookPro. It's obviously mostly working, but would like to see the connections happen without any error message.

Do you guys have any pointers to how-to guides on setting OpenVPN up? The one I followed mostly was this one specifically for setting up OpenVPN server on a router with Tomato firmware flashed to it: