Firewalla driving me crazy: VPN connecting but no traffic

Comments

16 comments

  • Avatar
    S. M.

    Same for newly created OpenVPN server profile.

    0
    Comment actions Permalink
  • Avatar
    Rich T.

    For those networks, what is the DNS server setting? 

    0
    Comment actions Permalink
  • Avatar
    S. M.

    Tried DoH and Unbound in Firewalla with no success. Router has Cloudflare DNS, Android device is on automatic DNS.

    Meanwhile access from other WiFi network to VPN was possible, but not from mobile network.

    0
    Comment actions Permalink
  • Avatar
    Rich T.

    My setup is purple in router mode so I'm not sure if I can help (in my setup there's a network icon on the home screen and wireguard and openvpn are listed there and you can see the DNS server), but when the android device is connected, you do see an active connection in the firewalla app? In the android device, when connected, can you see the IP and DNS server it gets assigned? Also when connected, can you access anything on the network (like your router) via IP address?

    0
    Comment actions Permalink
  • Avatar
    S. M.

    I can see active connection in Firewalla app. Also IP is assigned on Android. I can't access anything locally connected to Firewalla.

    0
    Comment actions Permalink
  • Avatar
    S. M.

    Maybe I found the problem. My mobile provider APN is IPv4/IPv6 protocol and I only get an IPv6 when connecting to mobile network... 🙄

    Is there any solution to be able to access vpn network anyway? Or at least use DNS of Firewalla over IPv6?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Do you mean your mobile provider, you can't access any ipv4-based sites?

    Does your local devices have an IPv6 address? if you do, try to access them that way.

    0
    Comment actions Permalink
  • Avatar
    S. M.

    Yes. I get an IPv6 and as IPv4 a local address like "192.0.0.4".

    0
    Comment actions Permalink
  • Avatar
    S. M.

    I cannot access devices by IPv6. Wireguard profile that Firewalla created does not allow IPv6.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Check your network mask on your phone and see if it is /8? or it can be broad and cover your LAN.

    0
    Comment actions Permalink
  • Avatar
    S. M.

    Where do I check this?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    If you have a PC connect to your phone, do a traceroute and see where the packet is getting dropped. 

    0
    Comment actions Permalink
  • Avatar
    S. M.

    How do I directly connect PC with Android when I am in mobile network? In Home network everything works, even VPN.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Search for a "traceroute" app on the app store, it is likely more efficient than messing around with a PC. Use that app to do a traceroute of your home machine while on VPN and see where the packet drops

    0
    Comment actions Permalink
  • Avatar
    S. M.

    Traceroute to my router:

    traceroute to fritz.box.lan (2001:....:a8e8), 30 hops max
    Hop 1:
    *

    Hop 2:
    *

    Hop 3:
    *

    Hop 4:
    *

    Hop 5:
    *

    Hop 6:
    *

    Hop 7:
    *

    Hop 8:
    *

    Hop 9:
    From 2003:0:1309:4000::1, 74 ms

    Hop 10:
    From 2003:0:1309:4012::2, 73 ms

    Hop 11:
    From 2001:1438:0:3::f01, 70 ms

    Hop 12:
    From 2001:1438:0:3::f02, 71 ms

    Hop 13:
    *

    Hop 14:
    *

    Hop 15:
    *

    Hop 16:
    *

    Hop 17:
    *

    Hop 18:
    *

    Hop 19:
    *

    Hop 20:
    *

    Hop 21:
    *

    Hop 22:
    *

    Hop 23:
    *

    Hop 24:
    *

    Hop 25:
    *

    Hop 26:
    *

    Hop 27:
    *

    Hop 28:
    *

    Hop 29:
    *

    Hop 30:
    *

    Traceroute complete: 30 hops, time: 23075 m

    0
    Comment actions Permalink
  • Avatar
    S. M.

    When connected to IPv4 network, there are only two hops. My VPN IP and then the router IP.

    And it works with IPv4 but not when IPv6 only.

    0
    Comment actions Permalink

Please sign in to leave a comment.