cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
1,938 Views
Message 1 of 15

VPN server no longer working since moving to BT

Go to solution

I was on PlusNet FTTP and I had a VPN server at home.  I used it when connected to a public WiFi for security and I had to use it when my bank thought I was not in the UK!  My router is a TP-Link ER605 which has a built in OpenVPN server.

 

When I moved to BT FTTP, all I had to do was change my PPoE login and password on the router.

 

However, since the switch to BT, my VPN server isn’t functioning properly.  I can connect from a remote client (I can see the client joining on the server) but the client can’t do anything.  For example, it can’t browse the internet.

 

Has anyone else come across this (maybe with a different router and VPN server)?

 

Thanks

0 Ratings
Reply
14 REPLIES 14
1,910 Views
Message 2 of 15

Re: VPN server no longer working since moving to BT

Go to solution

@jaybeetoo 

Interesting.

I'm on FF500 and have a Synology device that provides a VPN server and I've just tried it and I'm having  the same issue as you.

I'm using an Asus router btw.

0 Ratings
Reply
1,883 Views
Message 3 of 15

Re: VPN server no longer working since moving to BT

Go to solution
I’m glad it’s not just me then. I find it strange if BT are blocking something given PlusNet is part of BT.
0 Ratings
Reply
1,877 Views
Message 4 of 15

Re: VPN server no longer working since moving to BT

Go to solution

Can you do anything on your home LAN such as connect to a PC?

Have you checked what IP addresses are being used, to make sure where you are connected from is not using the same ip range as your LAN at home?

0 Ratings
Reply
1,872 Views
Message 5 of 15

Re: VPN server no longer working since moving to BT

Go to solution

The IP address on the remote VPN client, is one of the ones reserved for VPN (it starts 10. whereas my router LAN starts 192. ). The VPN server is showing that the remote client has connected sometimes (see below).

I’ve done some more digging and I can confirm the remote VPN client is not getting to the VPN server when I’m trying from the mobile network.  I assume it’s not getting to my router either.  The VPN client is timing out when trying to get to the server.

 

Yesterday I tried from a public WiFi.  The VPN client did connect but I couldn’t do anything - no email, no browsing, no apps working.

0 Ratings
Reply
1,853 Views
Message 6 of 15

Re: VPN server no longer working since moving to BT

Go to solution

There are 3 private address ranges:

  • 10.0. 0.0 to 10.255. 255.255.
  • 172.16. 0.0 to 172.31. 255.255.
  • 192.168. 0.0 to 192.168. 255.255.

If I do a tracert on my LAN to www.bbc.co.uk I get: 

1 <1 ms <1 ms <1 ms bthub [192.168.1.254]
2 4 ms 4 ms 4 ms 172.16.13.228
3 * * * Request timed out.
4 * * * Request timed out.
5 10 ms 10 ms 10 ms peer3-et0-0-6.redbus.ukcore.bt.net [194.72.16.88]
6 10 ms 10 ms 10 ms 195.99.126.73
7 10 ms 10 ms 10 ms 132.185.249.96
8 10 ms 10 ms 10 ms 212.58.237.129

BT are therefore using at least 1 range, plus customers will be using one usually 192.168.1.x it would be worth checking if they are using a 172.x.x.x with you and not a 10.x.x.x.

0 Ratings
Reply
1,847 Views
Message 7 of 15

Re: VPN server no longer working since moving to BT

Go to solution

@jaybeetoo 

Well got it working for me.

I'd changed the IP Address of my router recently but hadn't changed the gateway & DNS settings in my Synology VPN app.

Suggests it might something to do with DNS settings as I'm using those set in my router and they aren't BT's

0 Ratings
Reply
1,838 Views
Message 8 of 15

Re: VPN server no longer working since moving to BT

Go to solution

I have been using OpenVPN Server on a Raspberry Pi 4 for yonks, it was fine with Virgin and then also fine with BT, still is today, there was quite the difference between the two also, Virgin using DHCP to give me an external IP where BT PPPOE. When moving from Virgin I had to update my DNS to dynamic as BT doesnt use a static IP's for residential, as my VPN clients devices only look to connect to the DNS name they dont really care whats behind that, so long as that DNS record points to my router and then my router will forward the UDP port to the local IP of my Pi VPN Server.

With BT now my router will automatically update my public A record to resolve to whatever external IP is assigned to my PPPOE interface, so the client config remains the same.

Perhaps Plusnet had a static IP, maybe you are using dynamic DNS already I dont know but you say they connect but cant browse the internet, I assume LAN also. Maybe firewall rule needs updating, given that the VPN is configured directly on the router there maybe an automatic firewall rule that was created. How is your DNS setup on the VPN server also, I guess automatic? Have you tried just deleting the config and re-building it creating new OVPN files? Just wondering also if the default route might be causing and issue which will be different after moving.

Someone else mentioned this also but I did have an issue once when the location I was at was sharing the same subnet as me. It doesnt matter what private address your client gets for its VPN connection if the parent interface is on 192.168.0.0/24 where ever you are and thats the same subnet you have at home it wont work, well internet should work but accessing local clients wont because when it looks up anything local it will look up on the network where you are at and not over the VPN connection. For this reason I changed my home subnet to 192.168.84.0/24. But you said you cant use the internet and this theory would only apply to trying to get at your local clients from a remote connection on the same subnet. It doesnt matter if the VPN NIC has a 10 address, the parent interface will be the one that matters. The internet wouldnt work however if perhaps you are running your own DNS server at home and you were somewhere else sharing the same subnet.

Bit of a brain fart I know but trying to think about what could be the problem.

 

Edit: Looks like you have confirmed that the VPN Client is not reaching the VPN Server as I was writing this, in that case I would be first looking at your external IP and if your clients are expecting a static IP which is still your Plusnet one, you'll need to update that to the BT IP on the client site and i'd recommend utilising dynamic DNS then so if your IP every changes your router will automatically update your A record, therefore your clients can use the same DNS address everytime. Theres a ton of options to consider for that, too many to post now!  

 

 

-----------------------------------------------------------------------------------------------
BT900 | Nokia ONT | Ubiquiti ER-X | EETV Box Pro (IP Mode) | Unifi CK2 | 6x Unifi U6+ | 2x Unifi SAK Ultra
0 Ratings
Reply
1,742 Views
Message 9 of 15

Re: VPN server no longer working since moving to BT

Go to solution

Thank you for all the suggestions.

I use dynamic DNS and I have confirmed it is updating my IP address correctly.

I have deleted the VPN server entry on my router, recreated it and exported the ovpn file.

From my mobile phone network, I can connect as a VPN client to the VPN server on my router.  I can see on my phone’s OpenVPN  and on the router VPN that there is a connection.  However, I can’t do anything on phone - apps don’t work, browser doesn’t connect to the internet, email doesn’t refresh.  I’ve tried changing the local IP range (which doesn’t clash with my home LAN IP range).

It looks like one final piece of the jigsaw is missing.

I don’t know if this makes any difference but my home LAN is 192.168.0.0/24, my VPN local IP range is 192.168.1.0/24.

I assume it doesn’t matter which DNS server I use for VPN? I’m using 8.8.8.8 for the primary and 8.8.4.4 for the secondary.

 

0 Ratings
Reply
1,732 Views
Message 10 of 15

Re: VPN server no longer working since moving to BT

Go to solution

If the client is given an ip address in the 192.168.0.0/24 range and your LAN is in the 192.168.1.0/24 then it would suggest that the client could be unable to contact anything on the LAN. What is shown as the default gateway of your client, if it is 192.168.0.254 for example then  does that actually exist?

0 Ratings
Reply