VPN Issues

[ChalkChalkson]

Hey guys,

I am currently trying to connect my parent's network to mine using the OpenVPN plugin on my parent's unraid server (which I want to access in the first place).

I got stuck at the point where I tried to connect my client to the server. The final readout of the client is:

Spoiler

Sat Oct 01 01:49:43 2016 Control Channel Authentication: tls-auth using INLINE static key file
Sat Oct 01 01:49:43 2016 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Oct 01 01:49:43 2016 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Oct 01 01:49:43 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Oct 01 01:49:43 2016 UDPv4 link local: [undef]
Sat Oct 01 01:49:43 2016 UDPv4 link remote: [AF_INET]~I filtered my IPv4 here for obvious reasons~:1194
Sat Oct 01 01:49:43 2016 MANAGEMENT: >STATE:1475279383,WAIT,,,
Sat Oct 01 02:02:06 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Oct 01 02:02:06 2016 TLS Error: TLS handshake failed
Sat Oct 01 02:02:06 2016 SIGUSR1[soft,tls-error] received, process restarting
Sat Oct 01 02:02:06 2016 MANAGEMENT: >STATE:1475280126,RECONNECTING,tls-error,,

 

I interpreted this as connection issue to my IP, so I checked whether my port forward works correctly.

NOTE: My parents router [CH6640E] is WEIRD.. for once it shows no IPv4, just an IPv6 on the dashboard, the other strange issue is that it only supports port forwarding to manually entered MACs.

When I used an online port checking tool it told me that neither on my IPv6 nor on my IPv4 there are open ports.

I guess the issue might be with my ISP but I am not sure

 

If anyone has an idea on what the real issue is or if someone miraculously knows a work around I'd be eternally grateful! 

 

 

EDIT:

 

Another thing I that might be causing problems (though probably MUCH later in the process if ever): I am currently in the same subnet as my VPNServer since I have pretty much no other way if I want to physically in the same location as my parent's server and not messing up their network topology

 

Other resources:

Spoiler

Routers forwarding screen

 

Server log:

Spoiler

Fri Sep 30 17:52:44 2016 OpenVPN 2.3.11 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 10 2016
Fri Sep 30 17:52:44 2016 library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09
Fri Sep 30 17:52:44 2016 MANAGEMENT: TCP Socket listening on [AF_INET]192.168.0.3:10000
Fri Sep 30 17:52:44 2016 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Fri Sep 30 17:52:44 2016 Diffie-Hellman initialized with 4096 bit key
Fri Sep 30 17:52:44 2016 Control Channel Authentication: using '/mnt/user/Server/OVPN/ta.key' as a OpenVPN static key file
Fri Sep 30 17:52:44 2016 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Sep 30 17:52:44 2016 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Sep 30 17:52:44 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Sep 30 17:52:44 2016 TUN/TAP device tun0 opened
Fri Sep 30 17:52:44 2016 TUN/TAP TX queue length set to 100
Fri Sep 30 17:52:44 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Sep 30 17:52:44 2016 /usr/sbin/ip link set dev tun0 up mtu 1500
Fri Sep 30 17:52:44 2016 /usr/sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Fri Sep 30 17:52:44 2016 GID set to users
Fri Sep 30 17:52:44 2016 UID set to nobody
Fri Sep 30 17:52:44 2016 UDPv4 link local (bound): [AF_INET]192.168.0.3:1194
Fri Sep 30 17:52:44 2016 UDPv4 link remote: [undef]
Fri Sep 30 17:52:44 2016 MULTI: multi_init called, r=256 v=256
Fri Sep 30 17:52:44 2016 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Fri Sep 30 17:52:44 2016 IFCONFIG POOL LIST
Fri Sep 30 17:52:44 2016 Initialization Sequence Completed

Other server log:

Spoiler

default via 192.168.0.1 dev br0 
10.8.0.0/24 dev tun0  proto kernel  scope link  src 10.8.0.1 
127.0.0.0/8 dev lo  scope link 
172.17.0.0/16 dev docker0  proto kernel  scope link  src 172.17.0.1 
192.168.0.0/16 dev br0  proto kernel  scope link  src 192.168.0.3 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1 linkdown 

And the third one (appeared later)

Spoiler

TITLE,OpenVPN 2.3.11 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 10 2016
TIME,Fri Sep 30 19:03:07 2016,1475287387
HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username
HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
GLOBAL_STATS,Max bcast/mcast queue length,0
END

 

server config

 

The plugin I use

 

[gtx1060=value]

are you using openvpn or expressvpn??? the authentication code is sha256 for expressvpn. If you want access to their unraid server, get them to set up teamviewer to it. If you aren't at your parents place, you will have connected via vpn but they still need to allow it on their side

[ChalkChalkson]

I am using the " OpenVPN Server TUN mode " (<-link) plugin on unraid. I am at my parents place and I want to get full access to it especially the plex server and I also don't want to call them every time I want to do a backup and-or stream a movie

[Mikensan]

41 minutes ago, ChalkChalkson said:

Hey guys,

I am currently trying to connect my parent's network to mine using the OpenVPN plugin on my parent's unraid server (which I want to access in the first place).

I got stuck at the point where I tried to connect my client to the server. The final readout of the client is:

 

I interpreted this as connection issue to my IP, so I checked whether my port forward works correctly.

NOTE: My parents router [CH6640E] is WEIRD.. for once it shows no IPv4, just an IPv6 on the dashboard, the other strange issue is that it only supports port forwarding to manually entered MACs.

When I used an online port checking tool it told me that neither on my IPv6 nor on my IPv4 there are open ports.

I guess the issue might be with my ISP but I am not sure

 

If anyone has an idea on what the real issue is or if someone miraculously knows a work around I'd be eternally grateful! 

Lot of ISPs are assigning IPv6 to customers and sometimes doing encapsulation. 

What port(s) have you forwarded so far? And when you test make sure the plugin is actively listening for connections.

 

Could you share a screenshot of your router's port forwarding screen? Want to look at the way the rules are.

[ChalkChalkson]

Forwarding Screen

How can I make sure it is listening? I mean the server is running

 

Also:

I added some information above 

 

[Mikensan]

Yea if the plugin is running/active then that's all there is to it. Oh, so you're trying to connect from within the LAN to the OpenVPN server? In theory it shouldn't be an issue because that's how some networks allow communication between a secure network and their wild west network. However the file you generate for the clients includes the IP address to the server - make sure you're using the internal IP not external, because you're behind the gateway you technically cannot go out and back in the gateway interface.

 

 

I would say install OpenVPN on your phone to test it. Or if you can share your phone's internet. 

[ChalkChalkson]

Ok, thanks, at least one weird thing is out of the way now...

I finally get a ping on my IP  

But the port still shows up as closed under v6 and under v4

[Mikensan]

3 minutes ago, ChalkChalkson said:

Ok, thanks, at least one weird thing is out of the way now...

I finally get a ping on my IP  

But the port still shows up as closed under v6 and under v4

Well most likely whatever you're using to test the port is testing TCP, find something that you can specify UDP. Most do not do UDP because UDP won't say if it's close/open/reject, just not part of the protocol like it is in TCP.

[Mikensan]

http://support.nightlydev.org/tcp-udp-port-scan

 

see if that'll do it for you

[ChalkChalkson]

Weirdly enough this tool tells me that the port is open

But when trying to connect I still get the same error telling me that "the Key negotiation failed to occur within 60 seconds " 

[Mikensan]

6 minutes ago, ChalkChalkson said:

Weirdly enough this tool tells me that the port is open

But when trying to connect I still get the same error telling me that "the Key negotiation failed to occur within 60 seconds " 

 

 

If you're trying to connect from the Laptop to the OpenVPN, you cannot do so by trying to connect to 001.002.003.004.

[ChalkChalkson]

I since your post suggesting using my phones internet connection I am doing so thus not being in the same network (i guess)

[Mikensan]

Just now, ChalkChalkson said:

I since your post suggesting using my phones internet connection I am doing so thus not being in the same network (i guess)

Ah ok - you disconnected from the wifi right?

 

Are you able to see any logs / monitor the OpenVPN server?

[ChalkChalkson]

i mistakenly double posted and do not know how to delete a post

[ChalkChalkson]

10 minutes ago, Mikensan said:

Ah ok - you disconnected from the wifi right?

 

Are you able to see any logs / monitor the OpenVPN server?

Yeah, I added the full log in my original post though the third log just appeared (sometime between now and when I edited the post) 

I can also connect via telnet but I have no idea what kind of commands the open VPN plugin has 

[Mikensan]

If you open your ovpn file, is the "remote" line your public IP address?

[ChalkChalkson]

Just now, Mikensan said:

If you open your ovpn file, is the "remote" line your public IP address?

Yes it is, shall I try going back to the network and using the local IP?

[Mikensan]

from the logs I don't see any connection attempts - and you've proven that from outside the network (your phone  + port test) that it is accepting connections. So that leaves the configuration as being an issue.

 

Not being familiar with the plugin (or even unraid) would you mind sharing a screenshot of the openvpn config screen (or do you have the manually edit a file?).

 

When you try from your phone, you get the exact same timeout error?

[ChalkChalkson]

4 minutes ago, Mikensan said:

When you try from your phone, you get the exact same timeout error?

Yes, the exact same

 

4 minutes ago, Mikensan said:

Not being familiar with the plugin (or even unraid) would you mind sharing a screenshot of the openvpn config screen (or do you have the manually edit a file?).

 

Sure, ill add it above

 

 

When I use the local IP it actually works (Open VPN shows a green light)

[Mikensan]

Is the OpenVPN server IP different than unraid or are they sharing an IP? 

[ChalkChalkson]

5 minutes ago, Mikensan said:

Is the OpenVPN server IP different than unraid or are they sharing an IP? 

this is what it is showing me in terms of IPs

[Mikensan]

When you connect via LAN, are you connecting to 10.8.0.1 or 192.168.0.3? @ChalkChalkson

[ChalkChalkson]

Also noteworthy 

2 minutes ago, Mikensan said:

When you connect via LAN, are you connecting to 10.8.0.1 or 192.168.0.3?

I don't really get what you are trying to say (it is 4:35 am after all) but when I am connected to the VPN pinging either IP gives me timeout 

[Mikensan]

Just now, ChalkChalkson said:

Also noteworthy 

I don't really get what you are trying to say (it is 4:35 am after all) but when I am connected to the VPN pinging either IP gives me timeout 

You said you "when I use the local IP it works" - what local IP are you using?

[ChalkChalkson]

2 minutes ago, Mikensan said:

You said you "when I use the local IP it works" - what local IP are you using?

the 192.168.0.3 since the 10.8.0/24 is the subnet of the VPN itself