Connect a travel route to eblocker

12 Posts
4 Users
2 Reactions
440 Views
(@gggernest)
Active Member
Joined: 5 Jahren ago
Posts: 7
Topic starter  

I would like to know if it's possible to connect a router by vpn to my eblocker that I have at home. I have an Eblocker that I bought the last year.


   
ReplyQuote
(@benne)
Famed Member Admin
Joined: 6 Jahren ago
Posts: 1099
 

I'm not sure if I understand you correctly: You want to access your home network from outside, when you are not at home, right? If so, yes this can be easily done by setting up eBlocker Mobile. (s. https://eblocker.github.io/help/en-us/360000522814.html which is also available in German)

If I misunderstood you: Please be more clear and describe the use case you try to achieve.


   
ReplyQuote
(@gggernest)
Active Member
Joined: 5 Jahren ago
Posts: 7
Topic starter  

Hi @benne thanks for your answer, let me explain it better, I'm at my girlfriend's place and I want to connect a router to my eblocker at home and route all the traffic from the router through the vpn that connects the router to the eblocker so I can filter more than one device at the same time and don't need a different connection to the eblocker from each device that I want to filter, is more clear now?


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2077
 

@gggernest This would work if the router is capable of OpenVPN. Just use eBlocker‘s Mobile OpenVPN config file and it should work.

BUT please be aware that all devices in your girlfriend‘s home will be handled as ONE device from eBlocker. This would not allow individual settings for each device. If you want device individual configs each device needs to connect separately thru eBlocker Mobile.

I‘d personally rather recommend to grab another Raspi and install it in your girls home. Then you have full downstream bandwidth (and individual device settings). Otherwise your home‘s upstream bandwidth is limiting the downstream of the OpenVPN router connection.


   
Benne reacted
ReplyQuote
(@gggernest)
Active Member
Joined: 5 Jahren ago
Posts: 7
Topic starter  

@random Hi, thanks for your answer, and yes the router is capable of OpenVpn and it's actually working with some Vpn providers but with the Eblocker doesn't work well, it connects to the Eblocker but after a minute the connection drops and the router restarts the connection and that stays happening. From the router OpenVpn logs I get some errors, I googled them and it seems that could be related to the IP inforced by the OpenVpn server to its clients, in some kind of way it conflicts with the own router IP routing(hope this make sense to you). These are the logs I could recover from the web interface of the router maybe can help to identify the problem.

/sbin/ifconfig tun0 0.0.0.0
/etc/openvpn/update-resolv-conf tun0 1500 1570 10.8.0.18 10.8.0.17 init
SIGHUP[soft,ping-restart] received, process restarting
OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10

do_ifconfig, tt->did_ifconfig_ipv6_setup=0
/sbin/ifconfig tun0 10.8.0.18 pointopoint 10.8.0.17 mtu 1500
/etc/openvpn/update-resolv-conf tun0 1500 1570 10.8.0.18 10.8.0.17 init

Deprecated TLS cipher name 'AES128-SHA', please use IANA name 'TLS-RSA-WITH-AES-128-CBC-SHA'
TCP/UDP: Preserving recently used remote address: [AF_INET]92.117.123.232:1194
UDP link local: (not bound)
UDP link remote: [AF_INET]92.117.123.232:1194
[eblocker] Peer Connection Initiated with [AF_INET]92.117.123.232:1194

VERIFY EKU OK
VERIFY OK: depth=0, O=eBlocker 0cfffbbd, CN=eblocker, name=eBlocker mobile - eBloker, emailAddress=ernestop891123@gmail.com
write UDP: Network unreachable (code=128)

/etc/openvpn/update-resolv-conf tun0 1500 1570 10.8.0.18 10.8.0.17 init
SIGHUP[soft,ping-restart] received, process restarting
OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10

NOTE: Those are pieces of the logs coz can't retrieve the whole log.

And this is the logs from the OpenVpn server in the Eblocker that maybe helps too

1
Thu May 7 17:01:00 2020 device:30074da7000a/93.231.230.178:46108 send_push_reply(): safe_cap=940
Thu May 7 17:01:12 2020 device:30074da7000a/93.231.230.178:46108 [device:30074da7000a] Inactivity timeout (--ping-restart), restarting
Thu May 7 17:01:14 CEST 2020: learn.sh called with parameter delete 10.8.0.18
1
Thu May 7 17:07:00 2020 93.231.230.178:41051 [UNDEF] Inactivity timeout (--ping-restart), restarting
Thu May 7 17:07:10 2020 93.231.230.178:55421 CRL CHECK OK: O=eBlocker 0cfffbbd, CN=eBlocker 0cfffbbd CA, name=eBlocker mobile - eBloker, emailAddress=ernestop891123@gmail.com
Thu May 7 17:07:10 2020 93.231.230.178:55421 VERIFY OK: depth=1, O=eBlocker 0cfffbbd, CN=eBlocker 0cfffbbd CA, name=eBlocker mobile - eBloker, emailAddress=ernestop891123@gmail.com
Thu May 7 17:07:10 2020 93.231.230.178:55421 CRL CHECK OK: O=eBlocker 0cfffbbd, CN=device:30074da7000a, name=eBlocker mobile - eBloker, emailAddress=ernestop891123@gmail.com
Thu May 7 17:07:10 2020 93.231.230.178:55421 VERIFY OK: depth=0, O=eBlocker 0cfffbbd, CN=device:30074da7000a, name=eBlocker mobile - eBloker, emailAddress=ernestop891123@gmail.com
Thu May 7 17:07:10 2020 93.231.230.178:55421 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu May 7 17:07:10 2020 93.231.230.178:55421 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu May 7 17:07:10 2020 93.231.230.178:55421 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu May 7 17:07:10 2020 93.231.230.178:55421 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu May 7 17:07:10 2020 93.231.230.178:55421 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu May 7 17:07:10 2020 93.231.230.178:55421 [device:30074da7000a] Peer Connection Initiated with [AF_INET]93.231.230.178:55421
Thu May 7 17:07:10 2020 device:30074da7000a/93.231.230.178:55421 MULTI_sva: pool returned IPv4=10.8.0.18, IPv6=(Not enabled)
Thu May 7 17:07:10 CEST 2020: learn.sh called with parameter add 10.8.0.18 device:30074da7000a
1
Thu May 7 17:07:11 2020 device:30074da7000a/93.231.230.178:55421 send_push_reply(): safe_cap=940
Thu May 7 17:07:22 2020 device:30074da7000a/93.231.230.178:55421 [device:30074da7000a] Inactivity timeout (--ping-restart), restarting
Thu May 7 17:07:25 CEST 2020: learn.sh called with parameter delete 10.8.0.18
1
Thu May 7 17:07:28 2020 93.231.230.178:40089 CRL CHECK OK: O=eBlocker 0cfffbbd, CN=eBlocker 0cfffbbd CA, name=eBlocker mobile - eBloker, emailAddress=ernestop891123@gmail.com
Thu May 7 17:07:28 2020 93.231.230.178:40089 VERIFY OK: depth=1, O=eBlocker 0cfffbbd, CN=eBlocker 0cfffbbd CA, name=eBlocker mobile - eBloker, emailAddress=ernestop891123@gmail.com
Thu May 7 17:07:28 2020 93.231.230.178:40089 CRL CHECK OK: O=eBlocker 0cfffbbd, CN=device:30074da7000a, name=eBlocker mobile - eBloker, emailAddress=ernestop891123@gmail.com
Thu May 7 17:07:28 2020 93.231.230.178:40089 VERIFY OK: depth=0, O=eBlocker 0cfffbbd, CN=device:30074da7000a, name=eBlocker mobile - eBloker, emailAddress=ernestop891123@gmail.com
Thu May 7 17:07:29 2020 93.231.230.178:40089 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu May 7 17:07:29 2020 93.231.230.178:40089 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu May 7 17:07:29 2020 93.231.230.178:40089 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu May 7 17:07:29 2020 93.231.230.178:40089 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu May 7 17:07:33 2020 93.231.230.178:40089 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu May 7 17:07:33 2020 93.231.230.178:40089 [device:30074da7000a] Peer Connection Initiated with [AF_INET]93.231.230.178:40089
Thu May 7 17:07:33 2020 device:30074da7000a/93.231.230.178:40089 MULTI_sva: pool returned IPv4=10.8.0.18, IPv6=(Not enabled)
Thu May 7 17:07:33 CEST 2020: learn.sh called with parameter add 10.8.0.18 device:30074da7000a
1
Thu May 7 17:07:43 2020 device:30074da7000a/93.231.230.178:40089 [device:30074da7000a] Inactivity timeout (--ping-restart), restarting
Thu May 7 17:07:57 CEST 2020: learn.sh called with parameter delete 10.8.0.18
1
Thu May 7 17:08:11 2020 93.231.230.178:65247 CRL CHECK OK: O=eBlocker 0cfffbbd, CN=eBlocker 0cfffbbd CA, name=eBlocker mobile - eBloker, emailAddress=ernestop891123@gmail.com
Thu May 7 17:08:11 2020 93.231.230.178:65247 VERIFY OK: depth=1, O=eBlocker 0cfffbbd, CN=eBlocker 0cfffbbd CA, name=eBlocker mobile - eBloker, emailAddress=ernestop891123@gmail.com
Thu May 7 17:08:11 2020 93.231.230.178:65247 CRL CHECK OK: O=eBlocker 0cfffbbd, CN=device:701ce7c408c4, name=eBlocker mobile - eBloker, emailAddress=ernestop891123@gmail.com
Thu May 7 17:08:11 2020 93.231.230.178:65247 VERIFY OK: depth=0, O=eBlocker 0cfffbbd, CN=device:701ce7c408c4, name=eBlocker mobile - eBloker, emailAddress=ernestop891123@gmail.com
Thu May 7 17:08:11 2020 93.231.230.178:65247 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu May 7 17:08:11 2020 93.231.230.178:65247 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu May 7 17:08:11 2020 93.231.230.178:65247 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu May 7 17:08:11 2020 93.231.230.178:65247 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu May 7 17:08:11 2020 93.231.230.178:65247 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA256-SHA, 2048 bit RSA
Thu May 7 17:08:11 2020 93.231.230.178:65247 [device:701ce7c408c4] Peer Connection Initiated with [AF_INET]93.231.230.178:65247
Thu May 7 17:08:11 2020 device:701ce7c408c4/93.231.230.178:65247 MULTI_sva: pool returned IPv4=10.8.0.10, IPv6=(Not enabled)
Thu May 7 17:08:11 CEST 2020: learn.sh called with parameter add 10.8.0.10 device:701ce7c408c4
1
Thu May 7 17:08:12 2020 device:701ce7c408c4/93.231.230.178:65247 send_push_reply(): safe_cap=940


   
ReplyQuote
(@benne)
Famed Member Admin
Joined: 6 Jahren ago
Posts: 1099
 

@gggernest I fear we can not dig into this issue as it's very specific and probably related to your router.

Again the recommendation: Grabbing another Raspi for 40 bucks is cheaper, quicker and the much better solution.


   
ReplyQuote
(@gggernest)
Active Member
Joined: 5 Jahren ago
Posts: 7
Topic starter  

@benne Ok, thanks anyways


   
Benne reacted
ReplyQuote
(@pio78)
Member
Joined: 6 Jahren ago
Posts: 329
 

@gggernest

what type of router do you have?

it is an interesting idea...

 

regards

PIO78

 


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2077
 
Posted by: @gggernest

[device:30074da7000a] Inactivity timeout (--ping-restart), restarting

Guess your router hangs up if there is no traffic activity. Does this happen when downloading thru the vpn as well?

Maybe there is a „keep alive“ option in your router’s vpn config or you can change the timeout? 


   
ReplyQuote
(@gggernest)
Active Member
Joined: 5 Jahren ago
Posts: 7
Topic starter  

@pio78 Hello, well the router is a GL.Inet GL-MT300N-V2 and it's running a Open-WRT firmware.

What I want is connect my girlfriend's smartTV to US Netflix using my Vpns connections already configured in my Eblocker at home, the problem is that TV doesn't support OpenVpn so I can't connect it directly to the Eblocker, then I thought in having a router connected to my Eblocker by OpenVpn and connect the devices that doesn't support OpenVpn to that router, another use case is when you don't want to mess with somebody's network or to have to install apps in any of their devices for example for watching US Netflix 🤣.

 

Regards


   
ReplyQuote
(@gggernest)
Active Member
Joined: 5 Jahren ago
Posts: 7
Topic starter  

@random Hi and thanks for your replay.

Posted by: @random

Guess your router hangs up if there is no traffic activity. Does this happen when downloading thru the vpn as well?

The connection drops right after been established, no time to try to download anything, actually, the bytes "in" and "out" from the vpn are 0, so no traffic through it.

Posted by: @random

Maybe there is a „keep alive“ option in your router’s vpn config or you can change the timeout? 

Well the "keep alive" setting exists, but in the config file downloaded from the Eblocker and I think is needed because the OpenVpn server running in the Eblocker is expecting that setting in the client(that is my believe since I haven't seen the server config).

 

I was wondering how can I access the Eblocker OpenVpn server configurations so I can take a look at it and maybe that helps me to figure out what is happening, I tried to find it by my self looking around at the repos in github but couldn't find it, tried also to connect to the Eblocker by ssh but no idea about user and password, maybe someone can give me a hand with that or point me in the right direction will be enough.

 

Regards


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2077
 

@gggernest There is no pass set, but you might set one your own via the file system... 🤩 


   
ReplyQuote

Nach oben scrollen