DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Not able to connect to remote resources on iPad or iPhone VPN

  • ranjit8083
  • Topic Author
  • User
  • User
More
13 Jul 2020 19:27 #1 by ranjit8083
Not able to connect to remote resources on iPad or iPhone VPN was created by ranjit8083
Hi, I have setup Smart VPN connecting to our Draytek via SSL using port 443. I can make the connection to the Draytek and it connects sucessfully. However I cannot seem to access any remote applications/devices on the network? I have also connected to the VPN via an Andriod phone and everything works fine with the same settings. Not sure why I cannot access anything on the iPad or iPhone?

Draytek 2860n
version: 3.8.9.3_BT

Please Log in or Create an account to join the conversation.

  • ranjit8083
  • Topic Author
  • User
  • User
More
13 Jul 2020 19:45 #2 by ranjit8083
Replied by ranjit8083 on topic Re: Not able to connect to remote resources on iPad or iPhone VPN
Just to add, once connected via SSL VPN, if it browse to 192.168.0.1 it takes me to the local BT router, but it should take me to the remote Draytek router.
If I try to browse to another device on the remote network (192.168.0.6), I just get page cannot be found, etc. But try the same IP on my Andriod or Windows device and it opens the web interface for that device.

Please Log in or Create an account to join the conversation.

  • ranjit8083
  • Topic Author
  • User
  • User
More
13 Jul 2020 20:39 #3 by ranjit8083
Replied by ranjit8083 on topic Re: Not able to connect to remote resources on iPad or iPhone VPN
Hi, just another update, I have connected to mobile hotspot on the ipad, so now when I connect via VPN I can connect to the remote devices. So it seems, when I am on my home WiFi network in the range of 192.168.0.x (the remote network I am connecting to is also in the 192.168.0x range) It does not work and Safari etc keeps wanting to connect to local devices, and not devices on the remote network. I am only getting this problem on iPad and iPhones, any ideas?

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
14 Jul 2020 00:01 #4 by hornbyp
Replied by hornbyp on topic Re: Not able to connect to remote resources on iPad or iPhone VPN

ranjit8083 wrote:
So it seems, when I am on my home WiFi network in the range of 192.168.0.x (the remote network I am connecting to is also in the 192.168.0x range) It does not work and Safari etc keeps wanting to connect to local devices, and not devices on the remote network. I am only getting this problem on iPad and iPhones, any ideas?



My first reaction is, how would it ever work ... how could it know which of two identically numbered networks you mean?

When you try and access a 192.168.0.x address, it should "know" that it is on the same local network and therefore use ARP to find the target, rather than routing (anywhere). Seemingly, Android doesn't do that - or maybe, it tries the Default Gateway, as a last resort after ARP has failed - and IOS doesn't :?:

The best solution, would be if you could change one of these networks, so that it's something other than 192.168.0.x (I realise this might not be trivial).

How to make IOS behave like Android - when it's not known what magic Android is performing (ARP Proxy?) - is another matter ...

Please Log in or Create an account to join the conversation.

  • ranjit8083
  • Topic Author
  • User
  • User
More
14 Jul 2020 11:10 #5 by ranjit8083
Replied by ranjit8083 on topic Re: Not able to connect to remote resources on iPad or iPhone VPN
Hi, thanks for the reply. I could try changing my home network to something other than 192.168.0.x to perhaps 192.168.1.x

The thing is I dont have the same issue when I VPN from my Windows computers or Andriod devices which is on the 192.168.0.x range. For example, if I VPN into the Draytek from my Windows computer and then browse to 192.168.0.1 I get to the login page of the Draytek which is on the remote network. When I try this on IOS and connect via VPN it takes me to the my local 192.168.0.1 BT router.

Does this mean if I have to change my IP range at home away from the 192.168.0.x range I will need to tell all my users who are using this range on their home network that they need to change their network range?

Thanks
Ranjit

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
15 Jul 2020 03:37 #6 by hornbyp
Replied by hornbyp on topic Re: Not able to connect to remote resources on iPad or iPhone VPN

ranjit8083 wrote:
Hi, thanks for the reply. I could try changing my home network to something other than 192.168.0.x to perhaps 192.168.1.x


Yes ... or even a totally different network class. Something in the 172.16.0.0->172.31.255.255 range or 10.0.0.0->10.255.255.255. See: https://en.wikipedia.org/wiki/Private_network . There's no centralised scheme for coordinating private IP address ranges, unfortunately :(

The thing is I don't have the same issue when I VPN from my Windows computers or Android devices which is on the 192.168.0.x range. For example, if I VPN into the Draytek from my Windows computer and then browse to 192.168.0.1 I get to the login page of the Draytek which is on the remote network. When I try this on IOS and connect via VPN it takes me to the my local 192.168.0.1 BT router.

It's a puzzler. If you're using Draytek's VPN client in each case, maybe they've just been coded differently and ended up with different functionality.
Thinking about it, I know it is possible to use routing to overcome issues like this - but it's better if you don't have to. (I had to add a persistent route entry for 192.168.100.1 (cable mode) to be via 192.168.100.254 (Vigor), rather than looking it for it on my LAN (which was 192.168.100.0 and clashed). The cable modem was on the 'far-side' of the Vigor, not on the LAN - and I couldn't change its IP address. Theoretically, something like this could be done with an IOS VPN client - but I wouldn't know where to start.


Does this mean if I have to change my IP range at home away from the 192.168.0.x range I will need to tell all my users who are using this range on their home network that they need to change their network range?

Potentially yes. Is it possible to just change the target network instead?

Please Log in or Create an account to join the conversation.