Setting up a VPN relay server to access home connection from outside?

[carrickwater]

Hi. I'll like to set up a VPN server so that I can access my connection in any part of the world as if I'm connecting from the house. I've used both softether and windows incoming connections and none seem to work, so I'll like some help, thanks.

[Levent]

Sounds like your issue is with configuration of your software or your firewall. I am doing the exact same thing with OpenVPN.

Make sure your server firewall allows traffic inside the VPN network, also make sure your client (the computer you are trying to access) also allows traffic within that virtual network. You gonna need to share details, what OS are you using for your server, what firewall, what is your client OS, firewall, your vpn configuration, your firewall configuration(s). 

[carrickwater]

1 minute ago, Levent said:

Sounds like your issue is with configuration of your software or your firewall. I am doing the exact same thing with OpenVPN.

Make sure your server firewall allows traffic inside the VPN network, also make sure your client (the computer you are trying to access) also allows traffic within that virtual network. You gonna need to share details, what OS are you using for your server, what firewall, what is your client OS, firewall, your vpn configuration, your firewall configuration(s). 

I'll start by saying what I'm doing and uploading some pictures. I'm using windows 10 with the latest update, the one that came with the windows sandbox update. I followed the steps this website gave me : https://pureinfotech.com/setup-vpn-server-windows-10/ which is creating the VPN using the built in windows connections and I got this error. Sorry for bluring but I saved the VPN as someone's name. Went to windows firewall and allowed remote connections but still got the error, so I checked online and was told to ping the IP address of my home computer. I tried pining it but it gave me a request timed out error. I didn't know how to fix it so I moved on to softether, but that one seems even more confusing. I'll share my softether pictures soon.

[mtz_federico]

1 hour ago, carrickwater said:

I'll start by saying what I'm doing and uploading some pictures. I'm using windows 10 with the latest update, the one that came with the windows sandbox update. I followed the steps this website gave me : https://pureinfotech.com/setup-vpn-server-windows-10/ which is creating the VPN using the built in windows connections and I got this error. Sorry for bluring but I saved the VPN as someone's name. Went to windows firewall and allowed remote connections but still got the error, so I checked online and was told to ping the IP address of my home computer. I tried pining it but it gave me a request timed out error. I didn't know how to fix it so I moved on to softether, but that one seems even more confusing. I'll share my softether pictures soon.

Make sure that the server's internal and external  ip hasn't changed and that you are port forwarding the port 1723 to the windows computer

[carrickwater]

3 hours ago, mtz_federico said:

Make sure that the server's internal and external  ip hasn't changed and that you are port forwarding the port 1723 to the windows computer

How come every port is closed on my router? Also I opened port 1723 but it stil tells me closed.

[mtz_federico]

1 hour ago, carrickwater said:

How come every port is closed on my router? Also I opened port 1723 but it stil tells me closed.

There are private/internal IPs and external ips. The internal IPs are the ones that all computers get and the external one is the one that your router gets.

The ip that you put in the Internal Host is an external ip, you want it to have your computers ip. From what I can see in the photo your computer's internal ip is in the 192.168.100.1 - 192.168.100.254 range (it might be 192.168.100.3, you can check what's your computers ip in CMD by typing ipconfig. everything else looks good.

 

Keep in mind that both external and internal ips change, to have a static internal ip you need to go to your computer settings and assign it a static ip that is not being used. To have a static external ip you need to contact your internet service provider.

By default all ports are blocked and you have to open them/port forward them.

 

EDIT: Do not share your external ip (It is in both photos that you shared and starts with 154.160)

 

[carrickwater]

34 minutes ago, mtz_federico said:

There are private/internal IPs and external ips. The internal IPs are the ones that all computers get and the external one is the one that your router gets.

The ip that you put in the Internal Host is an external ip, you want it to have your computers ip. From what I can see in the photo your computer's internal ip is in the 192.168.100.1 - 192.168.100.254 range (it might be 192.168.100.3, you can check what's your computers ip in CMD by typing ipconfig. everything else looks good.

 

Keep in mind that both external and internal ips change, to have a static internal ip you need to go to your computer settings and assign it a static ip that is not being used. To have a static external ip you need to contact your internet service provider.

By default all ports are blocked and you have to open them/port forward them.

 

EDIT: Do not share your external ip (It is in both photos that you shared and starts with 154.160)

 

Thanks for that info. So yes I did exactly what you saw in the picture and still get the error, so maybe the router is closing the ports? I wonder why this is so difficult. Which setup do you use, and can you show me how to use it. Thanks.

[Lurick]

11 minutes ago, carrickwater said:

Thanks for that info. So yes I did exactly what you saw in the picture and still get the error, so maybe the router is closing the ports? I wonder why this is so difficult. Which setup do you use, and can you show me how to use it. Thanks.

On your router, under the WAN tab, does it show the same external IP as in the pictures above?

[carrickwater]

8 minutes ago, Lurick said:

On your router, under the WAN tab, does it show the same external IP as in the pictures above?

Seems the network provider has disabled messing with it. Also it does not show it. I run netstat -a and it showed did. An article said it should be listening rather.

 

 

 

[Lurick]

I suspect your ISP might be using Carrier Grade NAT, in which case opening ports is much more difficult

[carrickwater]

Just my luck haha. Any other options?

[WkdPaul]

7 minutes ago, carrickwater said:

Just my luck haha. Any other options?

If you're stuck behind a CGNAT, the solution is https://ngrok.com/

 

Also, you can ask for help in my VPN guide if you have any issues with the VPN setup *sameless plug* ;

 

[carrickwater]

8 minutes ago, Lurick said:

I suspect your ISP might be using Carrier Grade NAT, in which case opening ports is much more difficult

There's a UPnP setting, and there's this : Under how to forward ports. https://www.howtogeek.com/131338/how-to-access-your-router-if-you-forget-the-password/

[carrickwater]

2 minutes ago, wkdpaul said:

https://ngrok.com/

Please explain this for me. I barely know anything about networking, thanks.

[WkdPaul]

1 minute ago, carrickwater said:

Please explain this for me. I barely know anything about networking, thanks.

It basically creates a connection to the ngrok servers over port 80 or 443 and routes the traffic through that.

 

So basically, it would be something like ;

 

*your web address* -> ngrok networks -> your network

[carrickwater]

1 minute ago, wkdpaul said:

It basically creates a connection to the ngrok servers over port 80 or 443 and routes the traffic through that.

 

So basically, it would be something like ;

 

*your web address* -> ngrok networks -> your network

If I understand this correctly, does it basically acts a router between my home PC and the outside PC i'm trying to connect from. You said web address though, so it's confusing me. I don't have a website or a domain name for one.

[WkdPaul]

8 minutes ago, carrickwater said:

If I understand this correctly, does it basically acts a router between my home PC and the outside PC i'm trying to connect from. You said web address though, so it's confusing me. I don't have a website or a domain name for one.

You'll need something to direct the traffic to your VPN, I personally use a DDNS, it's a website looking address that translate to your modem's public IP, so when you setup the VPN connection, you don't enter your IP, you enter the address.

 

There's one included with SoftEther, and there are a few free DDNS services ;

http://freedns.afraid.org/
https://www.noip.com/free
https://dyndnss.net/eng/
https://www.duckdns.org/
https://www.cloudns.net/dynamic-dns/

 

 

I use this one http://freedns.afraid.org/ for anything else than SoftEther

 

 

P.S. : sorry if it all seems to get more and more complicated, setting up a VPN and accessing it without any issues is kind of an involved task with lots of moving parts. If you're unsure about something, just ask and I (or someone else) will explain as best as we can.

[carrickwater]

4 minutes ago, wkdpaul said:

You'll need something to direct the traffic to your VPN, I personally use a DDNS, it's a website lokking address that translate to your modem's public IP, so when you setup the VPN connection, you don't enter your IP, you enter the address.

 

There's one included with SoftEther, and there are a few free DDNS services ;

http://freedns.afraid.org/
https://www.noip.com/free
https://dyndnss.net/eng/
https://www.duckdns.org/
https://www.cloudns.net/dynamic-dns/

 

 

I use this one http://freedns.afraid.org/ for anything else than SoftEther

 

 

P.S. : sorry if it all seems to get more and more complicated, setting up a VPN and accessing it without any issues is kind of an involved task with lots of moving parts. If you're unsure about something, just ask and I (or someone else) will explain as best as we can.

I I'm actually cool with how complicated it is, since I'm learning bit by bit.

[carrickwater]

10 minutes ago, wkdpaul said:

You'll need something to direct the traffic to your VPN, I personally use a DDNS, it's a website looking address that translate to your modem's public IP, so when you setup the VPN connection, you don't enter your IP, you enter the address.

 

There's one included with SoftEther, and there are a few free DDNS services ;

http://freedns.afraid.org/
https://www.noip.com/free
https://dyndnss.net/eng/
https://www.duckdns.org/
https://www.cloudns.net/dynamic-dns/

 

 

I use this one http://freedns.afraid.org/ for anything else than SoftEther

 

 

P.S. : sorry if it all seems to get more and more complicated, setting up a VPN and accessing it without any issues is kind of an involved task with lots of moving parts. If you're unsure about something, just ask and I (or someone else) will explain as best as we can.

Ok. That's easier to take in. I'll try it. Tell me, I don't really get something. How does the DDNS get your traffic? Like if you're in europe and want to watch an American only vidoes, how does the DDNS and the the website you linked above act like a VPN? I understand the concept but not well enough.

[WkdPaul]

11 minutes ago, carrickwater said:

Ok. That's easier to take in. I'll try it. Tell me, I don't really get something. How does the DDNS get your traffic? Like if you're in europe and want to watch an American only vidoes, how does the DDNS and the the website you linked above act like a VPN? I understand the concept but not well enough.

Actually, the DDNS address points to your public IP and nothing else, so let's say you chose the following address ; my.awesomevpn.com, this will point to the IP address your ISP has assigned to your modem, so if the IP changes for some reason, the my.awesomevpn.com address will point to your changed IP.

 

Like when you go to Google.com, depending on where you are and the traffic load during the day, you'll be connecting to different servers and the IP you're getting from a ping, will not be the same as someone in another region or country.

 

That's what DNS are for, to translate the Google.com into an IP address that can be used to connect to whatever server you're trying to reach. DNS = Domain Name System DDNS = Dynamic DNS (dynamic in the sense that the IP behind the address can change).

 

You could always do without a DDNS, but in case your IP change, that means you'll have to know what the new IP is and then edit your VPN client to point towards the new IP.

[carrickwater]

1 minute ago, wkdpaul said:

Actually, the DDNS address points to your public IP and nothing else, so let's say you chose the following address ; my.awesomevpn.com, this will point to the IP address your ISP has assigned to your modem, so if the IP changes for some reason, the my.awesomevpn.com address will point to your changed IP.

 

Like when you go to Google.com, depending on where you are and the traffic load during the day, you'll be connecting to different servers and the IP you're getting from a ping, will not be the same as someone in another region or country.

 

That's what DNS are for, to translate the Google.com into an IP address that can be used to connect to whatever server you're trying to reach. DNS = Domain Name System DDNS = Dynamic DNS (dynamic in the sense that the IP behind the address can change).

 

You could always do without a DDNS, but in case your IP change, that means you'll have to know what the new IP is and then edit your VPN client to point towards the new IP.

Ok that was a great explanation. What about https://ngrok.com/ . It's super confusing for me.

[carrickwater]

4 hours ago, wkdpaul said:

You'll need something to direct the traffic to your VPN, I personally use a DDNS, it's a website looking address that translate to your modem's public IP, so when you setup the VPN connection, you don't enter your IP, you enter the address.

 

There's one included with SoftEther, and there are a few free DDNS services ;

http://freedns.afraid.org/
https://www.noip.com/free
https://dyndnss.net/eng/
https://www.duckdns.org/
https://www.cloudns.net/dynamic-dns/

 

 

I use this one http://freedns.afraid.org/ for anything else than SoftEther

 

 

P.S. : sorry if it all seems to get more and more complicated, setting up a VPN and accessing it without any issues is kind of an involved task with lots of moving parts. If you're unsure about something, just ask and I (or someone else) will explain as best as we can.

My router again. Does not support the freedns option. It does support noip, but noip expires after 30 days.

[carrickwater]

5 hours ago, wkdpaul said:

If you're stuck behind a CGNAT, the solution is https://ngrok.com/

 

Also, you can ask for help in my VPN guide if you have any issues with the VPN setup *sameless plug* ;

 

Just setup my DDNS with noip. It works but seems like the router only allows requests from noip specifically. No Ip uses port 80 but checking port 80 gives me this.

So then as you said, I have to use ngrok.com. I'll need your help with it getting it up and running please. Thank you.

[carrickwater]

I was able to really find out that I'm behind a CGN, so I got these youtube videos and this website to try to help me. Have to go to school, so I'll not even be able to do it, but I hope by the time I come back you'll be around. Thanks for all your help everyone is this thread, I'm slowly getting to the solution.