Can't connect using VPN even though web browser works

[TheShanMan 40]

My router has a VPN server running. I'm connected to the VPN from outside my network and Theater can't connect using IP address but a web browser works fine. What could the problem be? I'm entering https://ip and 8920 in the port field which matches what I'm putting in my browser.

[TheShanMan 40]

Also for what it's worth emby android can connect to my server when my phone is connected to my VPN as well.

[Carlo 4560]

You would not be able to connect to an SSL port by IP because SSL works with a domain.

If you connect to the VPN then use the 8096 non-SSL port.

[Luke 42077]

What domain is the ssl certificate associated with? The answer to that is the only way you'll be able to use https.

[TheShanMan 40]

That must be it, because I used to port forward before setting up my VPN. Guess emby doesn't prompt about an invalid cert the way web browsers do. I'll be able to try connecting again later tonight. Thanks!

[TheShanMan 40]

Nope. Couldn't connect with theater over http. Then I tried it in my browser and it automatically redirected me to https. So I turned off the external access option. Now the web browser says forbidden with http and client apps just don't connect. Being on the VPN, I guess emby sees the connection as external.

I wonder why the android client has no problem connecting over https.

Edited July 23, 2021 by TheShanMan

[Luke 42077]

It could be that the clients are connecting, but rejecting or not trusting your certificate.

[TheShanMan 40]

So how do I get http to work? Is the problem with http that VPN connections are on a different subnet and thus they're considered external, even if I'm using the private IP to connect? It didn't look like there were any settings relating to other subnets establishing a connection - just for bandwidth restrictions.

[Luke 42077]

Quote

Is the problem with http that VPN connections are on a different subnet and thus they're considered external

It could be, but this is specific to your environment so it's hard to answer that without specific examples. Try loosening up some of the server network settings that might be restricting connectivity.

[TheShanMan 40]

Not sure what there is to loosen though. I don't see any settings that relate to http connectivity other than LAN Networks which is blank and therefore shouldn't be an issue. My LAN subnet is 192.168.1.0 and my VPN subnet is 10.8.0.0.

[Luke 42077]

Well there's this:

Quote

So I turned off the external access option.

 

[TheShanMan 40]

And that didn't solve it, so I turned it back on.

[Luke 42077]

Even though it didn't solve it, you're probably better off leaving it off until the problem is identified, because it's possible for the problem to be caused in multiple ways.

[TheShanMan 40]

Unless I have something specific to try, I'll need to leave it on for now so I can use emby. Once I get back from my trip I can turn that off if it's helpful. Ultimately, there's no sense using https over an already encrypted VPN so my goal is to not need https at all. But until there's a solution, only https actually works.

[Carlo 4560]

On 7/22/2021 at 11:13 AM, TheShanMan said:

My router has a VPN server running. I'm connected to the VPN from outside my network and Theater can't connect using IP address but a web browser works fine. What could the problem be? I'm entering https://ip and 8920 in the port field which matches what I'm putting in my browser.

Keep in mind https or SSL connection only work in conjunction with a domain name and not IP address.

So if you have a point to point VPN between the client and the server it's essentially a local connection and you wouldn't connect via domain but by IP address using 8096.

In order to use your domain over VPN you would have to have support for loopback connections available on your network, but there is no point in doing this as the VPN connection is already encrypted.

Does this help?

[TheShanMan 40]

Sounds like you're under the impression I'm trying to get https working. I'm not. I'm trying to get http working. Thanks though!

[Carlo 4560]

This is what you said in post one

On 7/22/2021 at 11:13 AM, TheShanMan said:

My router has a VPN server running. I'm connected to the VPN from outside my network and Theater can't connect using IP address but a web browser works fine. What could the problem be? I'm entering https://ip and 8920 in the port field which matches what I'm putting in my browser.

So my point is you can't use SSL and IP but need a domain name.

But moving on what is the IP of the machine running Theater?  What is the IP being shown on Emby Server for local connections?

[TheShanMan 40]

192.168.1.x is what server shows and what I'm using for clients to connect.

BTW like the Rush cover. 

[Carlo 4560]

Yes but what are each of the specific IP addresses.  No need to hide/mask internal IPs.

OK let's get more info so we can help you better.

Do you share with anyone outside your house (any family or friends) that need to access your server via Internet without using a VPN?
Or will all outside connections be done only through your self hosted VPN server?

PS: Yes, I liked that cover since the Permanent Waves cover was in black and white but I found online the original picture used that was in color.
Kind of fun for me when people recognize it.

[Q-Droid 989]

On 7/23/2021 at 3:31 PM, TheShanMan said:

Not sure what there is to loosen though. I don't see any settings that relate to http connectivity other than LAN Networks which is blank and therefore shouldn't be an issue. My LAN subnet is 192.168.1.0 and my VPN subnet is 10.8.0.0.

Have you tried adding your VPN subnet to the LAN Networks field in the Network settings? It should then treat your VPN subnet as another local network.

Edit:

If it's empty now you should add both (or more) of your subnets. 

 

Edited July 26, 2021 by Q-Droid

[TheShanMan 40]

9 hours ago, cayars said:

Yes but what are each of the specific IP addresses.  No need to hide/mask internal IPs.

OK let's get more info so we can help you better.

Do you share with anyone outside your house (any family or friends) that need to access your server via Internet without using a VPN?
Or will all outside connections be done only through your self hosted VPN server?

PS: Yes, I liked that cover since the Permanent Waves cover was in black and white but I found online the original picture used that was in color.
Kind of fun for me when people recognize it.

True but the precise IP isn't helpful either. Nevertheless it's .98.

Access is now only via VPN. No more port forwarding, hence I won't care about https once I can fix this.

I bought Permanent Waves probably within about a year of its release as a kid.

2 hours ago, Q-Droid said:

Have you tried adding your VPN subnet to the LAN Networks field in the Network settings? It should then treat your VPN subnet as another local network.

Edit:

If it's empty now you should add both (or more) of your subnets. 

 

I guess I could give that a try but that would suggest the help text next to that field is wrong. Edit: That actually failed! I put in "10.0.0.0/8, 192.168.0.0/24" which is what the help text says is the default, and I could no longer connect over http on my LAN via browser. It redirected me to https.

Edited July 26, 2021 by TheShanMan

[Q-Droid 989]

Your LAN is .1.0, not .0.0. And you should try the /24 subnet for your VPN. 

 

 

[TheShanMan 40]

Good catch! I was thinking of /16, rather than /24. I just tried "10.0.0.0/8, 192.168.0.0/16" and it worked both on my LAN and VPN. So not only is the help text wrong (should say /16), but by default emby does NOT consider all the private IP's to be local. Hopefully both of those can be fixed but at least I have a workaround in the meantime. Thanks!

Edited July 26, 2021 by TheShanMan

[Carlo 4560]

So are you good now?

[TheShanMan 40]

In the sense of having a workaround, yes. But it would be good to see those 2 bugs fixed.