Jump to content

Issues with OpenVPN Server

DocSwag
 Share
Go to solution Solved by dalekphalm,
22 hours ago, DocSwag said:

I've been looking at setting it up so that the home file server we have at home can be accessed from away from the network via a vpn. So I looked at using this guide to set it up on my Debian 8.6 based system.

https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8

 

Well when I finished doing it and tried connecting to the VPN on my mac through Tunnelblick it didn't work. I tried purging all the things I installed (ufw and openvpn) and it still didn't work. When I tried to connect to the vpn through Tunnelblick it would just say "Waiting for server response" and it seems like it's not making a connection to the server. 

 

So I have a few questions, would it work if I try connecting to the vpn even if the mac and server are on the same network? And I should be using the public ip address, correct?

 

I'm really just confused as to why this isn't working, and any suggestions as to what might be wrong are greatly appreciated. Thanks.

Did you forward the correct ports through your Router? Most likely the traffic is stopping at the router because it doesn't know what internal IP Address your OpenVPN server is using.

Posted

I've been looking at setting it up so that the home file server we have at home can be accessed from away from the network via a vpn. So I looked at using this guide to set it up on my Debian 8.6 based system.

https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8

 

Well when I finished doing it and tried connecting to the VPN on my mac through Tunnelblick it didn't work. I tried purging all the things I installed (ufw and openvpn) and it still didn't work. When I tried to connect to the vpn through Tunnelblick it would just say "Waiting for server response" and it seems like it's not making a connection to the server. 

 

So I have a few questions, would it work if I try connecting to the vpn even if the mac and server are on the same network? And I should be using the public ip address, correct?

 

I'm really just confused as to why this isn't working, and any suggestions as to what might be wrong are greatly appreciated. Thanks.

Make sure to quote me or tag me when responding to me, or I might not know you replied! Examples:

 

Do this:

Quote

And make sure you do it by hitting the quote button at the bottom left of my post, and not the one inside the editor!

Or this:

@DocSwag

 

Buy whatever product is best for you, not what product is "best" for the market.

 

Interested in computer architecture? Still in middle or high school? P.M. me!

 

I love computer hardware and feel free to ask me anything about that (or phones). I especially like SSDs. But please do not ask me anything about Networking, programming, command line stuff, or any relatively hard software stuff. I know next to nothing about that.

 

Compooters:

Spoiler

Desktop:

Spoiler

CPU: i7 6700k, CPU Cooler: be quiet! Dark Rock Pro 3, Motherboard: MSI Z170a KRAIT GAMING, RAM: G.Skill Ripjaws 4 Series 4x4gb DDR4-2666 MHz, Storage: SanDisk SSD Plus 240gb + OCZ Vertex 180 480 GB + Western Digital Caviar Blue 1 TB 7200 RPM, Video Card: EVGA GTX 970 SSC, Case: Fractal Design Define S, Power Supply: Seasonic Focus+ Gold 650w Yay, Keyboard: Logitech G710+, Mouse: Logitech G502 Proteus Spectrum, Headphones: B&O H9i, Monitor: LG 29um67 (2560x1080 75hz freesync)

Home Server:

Spoiler

CPU: Pentium G4400, CPU Cooler: Stock, Motherboard: MSI h110l Pro Mini AC, RAM: Hyper X Fury DDR4 1x8gb 2133 MHz, Storage: PNY CS1311 120gb SSD + two Segate 4tb HDDs in RAID 1, Video Card: Does Intel Integrated Graphics count?, Case: Fractal Design Node 304, Power Supply: Seasonic 360w 80+ Gold, Keyboard+Mouse+Monitor: Does it matter?

Laptop (I use it for school):

Spoiler

Surface book 2 13" with an i7 8650u, 8gb RAM, 256 GB storage, and a GTX 1050

And if you're curious (or a stalker) I have a Just Black Pixel 2 XL 64gb

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

first of all, can you put some output from server? - logs, service status, listening ports etc...

 

OpenVPN works if you are on the same network until you don't push route of your network (numerically) when you are - that means if you will be in for example hotel, with same address space as your home network, it will connect, but you will not be able to connect to your home network because of IP networks collision.

 

you can use in your openvpn config internal IP of your openvpn server, just take care of that pushing of routes (I can confirm, that it still will work, but all communication with local network will be "crippled" - you lose direct connection to all of your network except router and if you try to connect to device in local network, it will be pushed through VPN)... and public IP will also work from internal network, but you need to have configured NAT loopback on your router - most of "black-boxes" from ISPs have it natively, but for example Mikrotik, you have to configure it yourself.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

If your open to using any VPN solution, I can recommend SoftEther VPN, it was super easy to set up, and its free and open source, just like OpenVPN :)

https://www.softether.org/

[GUIDE] LGA 771 Mod for Dell Vostro 220 [GUIDE] LGA 775 BSEL Mod [BUILD] The Mighty Radeon-Powered Dell [VIDEO] Evolution of Intel CPUs

Can you game on an 8-year-old i7? Is the 4-year-old GTX 660 still relevant? Upgrading the HP Pro 3500

Main Rig:

Spoiler

CPU Intel Core i7 4930k @ 4.3GHz | Motherboard ASUS P9X79 Deluxe | RAM Hynix 32GB (8x4GB) 2133MHz CL11 | GPU Gigabyte GTX 980Ti G1 Gaming | Case NZXT Phantom 410 | Storage Samsung 850EVO 500GB, Seagate Barracuda 2TB | PSU Cooler Master G650M (650W) | Monitors x1 Dell U2515H, x2 Dell 1907FP | Cooling Noctua NH-D14 w. x2 NF-F12 iPPC-2000 PWM | Keyboard Logitech G610 ORION BROWN | Mouse Logitech Performance MX | OS Microsoft Windows 10 Pro x64

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Solution
22 hours ago, DocSwag said:

I've been looking at setting it up so that the home file server we have at home can be accessed from away from the network via a vpn. So I looked at using this guide to set it up on my Debian 8.6 based system.

https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8

 

Well when I finished doing it and tried connecting to the VPN on my mac through Tunnelblick it didn't work. I tried purging all the things I installed (ufw and openvpn) and it still didn't work. When I tried to connect to the vpn through Tunnelblick it would just say "Waiting for server response" and it seems like it's not making a connection to the server. 

 

So I have a few questions, would it work if I try connecting to the vpn even if the mac and server are on the same network? And I should be using the public ip address, correct?

 

I'm really just confused as to why this isn't working, and any suggestions as to what might be wrong are greatly appreciated. Thanks.

Did you forward the correct ports through your Router? Most likely the traffic is stopping at the router because it doesn't know what internal IP Address your OpenVPN server is using.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
22 hours ago, iJarda said:

first of all, can you put some output from server? - logs, service status, listening ports etc...

 

OpenVPN works if you are on the same network until you don't push route of your network (numerically) when you are - that means if you will be in for example hotel, with same address space as your home network, it will connect, but you will not be able to connect to your home network because of IP networks collision.

 

you can use in your openvpn config internal IP of your openvpn server, just take care of that pushing of routes (I can confirm, that it still will work, but all communication with local network will be "crippled" - you lose direct connection to all of your network except router and if you try to connect to device in local network, it will be pushed through VPN)... and public IP will also work from internal network, but you need to have configured NAT loopback on your router - most of "black-boxes" from ISPs have it natively, but for example Mikrotik, you have to configure it yourself.

I'm not sure how to view logs on the server itself, but these are the ones I'm getting from my mac. Service openvpn status returns active.

Spoiler

2017-08-24 13:47:06 *Tunnelblick: Established communication with OpenVPN

2017-08-24 13:47:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1338

2017-08-24 13:47:06 MANAGEMENT: CMD 'pid'

2017-08-24 13:47:06 MANAGEMENT: CMD 'state on'

2017-08-24 13:47:06 MANAGEMENT: CMD 'state'

2017-08-24 13:47:06 MANAGEMENT: CMD 'bytecount 1'

2017-08-24 13:47:06 MANAGEMENT: CMD 'hold release'

2017-08-24 13:47:06 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2017-08-24 13:47:06 PLUGIN_INIT: POST /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.17-openssl-1.0.2k/openvpn-down-root.so '[/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.17-openssl-1.0.2k/openvpn-down-root.so] [/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh] [-9] [-d] [-f] [-m] [-w] [-ptADGNWradsgnw]' intercepted=PLUGIN_UP|PLUGIN_DOWN 

2017-08-24 13:47:06 Socket Buffers: R=[196724->196724] S=[9216->9216]

2017-08-24 13:47:06 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay

2017-08-24 13:47:06 UDPv4 link local: [undef]

2017-08-24 13:47:06 UDPv4 link remote: [AF_INET]{IP Address of Server}:1194

2017-08-24 13:47:06 MANAGEMENT: >STATE:1503607626,WAIT,,,

2017-08-24 13:48:06 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

2017-08-24 13:48:06 TLS Error: TLS handshake failed

2017-08-24 13:48:06 SIGUSR1[soft,tls-error] received, process restarting

2017-08-24 13:48:06 MANAGEMENT: >STATE:1503607686,RECONNECTING,tls-error,,

2017-08-24 13:48:06 MANAGEMENT: CMD 'hold release'

2017-08-24 13:48:06 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2017-08-24 13:48:06 Socket Buffers: R=[196724->196724] S=[9216->9216]

2017-08-24 13:48:06 UDPv4 link local: [undef]

2017-08-24 13:48:06 UDPv4 link remote: [AF_INET]{IP Address of Server}:1194

2017-08-24 13:48:06 MANAGEMENT: >STATE:1503607686,WAIT,,,

I replaced the areas where it said the public IP of the server for obvious reasons.

22 hours ago, oskarha said:

If your open to using any VPN solution, I can recommend SoftEther VPN, it was super easy to set up, and its free and open source, just like OpenVPN :)

https://www.softether.org/

If I can't figure this one out, I'll definitely check this out! Thanks

37 minutes ago, dalekphalm said:

Did you forward the correct ports through your Router? Most likely the traffic is stopping at the router because it doesn't know what internal IP Address your OpenVPN server is using.

No I didn't, that would make sense as to why.

 

What would I be filling out in the router settings? For external start and end port do I put 1194 (port being used in all the openvpn stuff)? For local ip I would put the server's ip, right? What would I be putting for protocal, external IP, and internal start and end port?

Make sure to quote me or tag me when responding to me, or I might not know you replied! Examples:

 

Do this:

Quote

And make sure you do it by hitting the quote button at the bottom left of my post, and not the one inside the editor!

Or this:

@DocSwag

 

Buy whatever product is best for you, not what product is "best" for the market.

 

Interested in computer architecture? Still in middle or high school? P.M. me!

 

I love computer hardware and feel free to ask me anything about that (or phones). I especially like SSDs. But please do not ask me anything about Networking, programming, command line stuff, or any relatively hard software stuff. I know next to nothing about that.

 

Compooters:

Spoiler

Desktop:

Spoiler

CPU: i7 6700k, CPU Cooler: be quiet! Dark Rock Pro 3, Motherboard: MSI Z170a KRAIT GAMING, RAM: G.Skill Ripjaws 4 Series 4x4gb DDR4-2666 MHz, Storage: SanDisk SSD Plus 240gb + OCZ Vertex 180 480 GB + Western Digital Caviar Blue 1 TB 7200 RPM, Video Card: EVGA GTX 970 SSC, Case: Fractal Design Define S, Power Supply: Seasonic Focus+ Gold 650w Yay, Keyboard: Logitech G710+, Mouse: Logitech G502 Proteus Spectrum, Headphones: B&O H9i, Monitor: LG 29um67 (2560x1080 75hz freesync)

Home Server:

Spoiler

CPU: Pentium G4400, CPU Cooler: Stock, Motherboard: MSI h110l Pro Mini AC, RAM: Hyper X Fury DDR4 1x8gb 2133 MHz, Storage: PNY CS1311 120gb SSD + two Segate 4tb HDDs in RAID 1, Video Card: Does Intel Integrated Graphics count?, Case: Fractal Design Node 304, Power Supply: Seasonic 360w 80+ Gold, Keyboard+Mouse+Monitor: Does it matter?

Laptop (I use it for school):

Spoiler

Surface book 2 13" with an i7 8650u, 8gb RAM, 256 GB storage, and a GTX 1050

And if you're curious (or a stalker) I have a Just Black Pixel 2 XL 64gb

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
5 minutes ago, DocSwag said:

I'm not sure how to view logs on the server itself, but these are the ones I'm getting from my mac. Service openvpn status returns active.

  Reveal hidden contents

2017-08-24 13:47:06 *Tunnelblick: Established communication with OpenVPN

2017-08-24 13:47:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1338

2017-08-24 13:47:06 MANAGEMENT: CMD 'pid'

2017-08-24 13:47:06 MANAGEMENT: CMD 'state on'

2017-08-24 13:47:06 MANAGEMENT: CMD 'state'

2017-08-24 13:47:06 MANAGEMENT: CMD 'bytecount 1'

2017-08-24 13:47:06 MANAGEMENT: CMD 'hold release'

2017-08-24 13:47:06 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2017-08-24 13:47:06 PLUGIN_INIT: POST /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.17-openssl-1.0.2k/openvpn-down-root.so '[/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.17-openssl-1.0.2k/openvpn-down-root.so] [/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh] [-9] [-d] [-f] [-m] [-w] [-ptADGNWradsgnw]' intercepted=PLUGIN_UP|PLUGIN_DOWN 

2017-08-24 13:47:06 Socket Buffers: R=[196724->196724] S=[9216->9216]

2017-08-24 13:47:06 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay

2017-08-24 13:47:06 UDPv4 link local: [undef]

2017-08-24 13:47:06 UDPv4 link remote: [AF_INET]{IP Address of Server}:1194

2017-08-24 13:47:06 MANAGEMENT: >STATE:1503607626,WAIT,,,

2017-08-24 13:48:06 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

2017-08-24 13:48:06 TLS Error: TLS handshake failed

2017-08-24 13:48:06 SIGUSR1[soft,tls-error] received, process restarting

2017-08-24 13:48:06 MANAGEMENT: >STATE:1503607686,RECONNECTING,tls-error,,

2017-08-24 13:48:06 MANAGEMENT: CMD 'hold release'

2017-08-24 13:48:06 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2017-08-24 13:48:06 Socket Buffers: R=[196724->196724] S=[9216->9216]

2017-08-24 13:48:06 UDPv4 link local: [undef]

2017-08-24 13:48:06 UDPv4 link remote: [AF_INET]{IP Address of Server}:1194

2017-08-24 13:48:06 MANAGEMENT: >STATE:1503607686,WAIT,,,

I replaced the areas where it said the public IP of the server for obvious reasons.

If I can't figure this one out, I'll definitely check this out! Thanks

No I didn't, that would make sense as to why.

 

What would I be filling out in the router settings? For external start and end port do I put 1194 (port being used in all the openvpn stuff)? For local ip I would put the server's ip, right? What would I be putting for protocal, external IP, and internal start and end port?

The exact setup required depends on the router you've got.


What model of router are you using?

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
4 minutes ago, dalekphalm said:

The exact setup required depends on the router you've got.


What model of router are you using?

This guy

https://www.amazon.com/Motorola-Sbg6580-Surfboard-Extreme-Wireless/dp/B00LU5TRQ2

Make sure to quote me or tag me when responding to me, or I might not know you replied! Examples:

 

Do this:

Quote

And make sure you do it by hitting the quote button at the bottom left of my post, and not the one inside the editor!

Or this:

@DocSwag

 

Buy whatever product is best for you, not what product is "best" for the market.

 

Interested in computer architecture? Still in middle or high school? P.M. me!

 

I love computer hardware and feel free to ask me anything about that (or phones). I especially like SSDs. But please do not ask me anything about Networking, programming, command line stuff, or any relatively hard software stuff. I know next to nothing about that.

 

Compooters:

Spoiler

Desktop:

Spoiler

CPU: i7 6700k, CPU Cooler: be quiet! Dark Rock Pro 3, Motherboard: MSI Z170a KRAIT GAMING, RAM: G.Skill Ripjaws 4 Series 4x4gb DDR4-2666 MHz, Storage: SanDisk SSD Plus 240gb + OCZ Vertex 180 480 GB + Western Digital Caviar Blue 1 TB 7200 RPM, Video Card: EVGA GTX 970 SSC, Case: Fractal Design Define S, Power Supply: Seasonic Focus+ Gold 650w Yay, Keyboard: Logitech G710+, Mouse: Logitech G502 Proteus Spectrum, Headphones: B&O H9i, Monitor: LG 29um67 (2560x1080 75hz freesync)

Home Server:

Spoiler

CPU: Pentium G4400, CPU Cooler: Stock, Motherboard: MSI h110l Pro Mini AC, RAM: Hyper X Fury DDR4 1x8gb 2133 MHz, Storage: PNY CS1311 120gb SSD + two Segate 4tb HDDs in RAID 1, Video Card: Does Intel Integrated Graphics count?, Case: Fractal Design Node 304, Power Supply: Seasonic 360w 80+ Gold, Keyboard+Mouse+Monitor: Does it matter?

Laptop (I use it for school):

Spoiler

Surface book 2 13" with an i7 8650u, 8gb RAM, 256 GB storage, and a GTX 1050

And if you're curious (or a stalker) I have a Just Black Pixel 2 XL 64gb

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 minutes ago, DocSwag said:

This guy

https://www.amazon.com/Motorola-Sbg6580-Surfboard-Extreme-Wireless/dp/B00LU5TRQ2

Here is a great guide on the process:

https://portforward.com/arris/sbg6580/

 

Basically, under "External IP Address & Start/End Port", you leave IP Address as "0.0.0.0" - this allows your VPN connection to work regardless of what IP Address your client happens to be using. You set the External Start and End ports as the port (or ports) required for OpenVPN:

https://docs.openvpn.net/frequently-asked-questions/

 

Quote

Which ports does OpenVPN Access Server use?

Short answer: TCP 443, TCP 943, UDP 1194
Long answer: By default OpenVPN Access Server has 2 OpenVPN daemons running. One of them on UDP port 1194 and another on TCP 443. We recommend that you use the UDP port because this functions better for an OpenVPN tunnel. However, many public locations block all sorts of ports except very common ones like http, https, ftp, pop3, and so on. Therefore we also have TCP 443 as an option. TCP port 443 is the default port for https:// (SSL) traffic and so this is usually allowed through at the user's location.
TCP port 943 is the port where the web server interface is listening by default. You can either approach this directly using a URL like https://yourserverhostnamehere:943/ or by approaching it through the standard https:// port TCP 443, since the OpenVPN daemon will automatically internally route browser traffic to TCP 943 by default. (https://yourserverhostnamehere/).

 

Under the Internal IP/Port, you put the static LAN (Internal) IP Address of your OpenVPN Server, and the same port you entered under External. For protocol, you set TCP or UDP, as needed (or both if required, but it's better to only set the protocol needed).

 

Description is just an easily recognizeable name - I usually use Service + Port for name (Eg: "OpenVPN-TCP-943").

 

Finally, create a single rule for each port. Eg:

One rule for TCP 443, a second rule for TCP 943, and a third rule for UPD 1194.

 

Does that make sense?

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
8 minutes ago, dalekphalm said:

Here is a great guide on the process:

https://portforward.com/arris/sbg6580/

 

Basically, under "External IP Address & Start/End Port", you leave IP Address as "0.0.0.0" - this allows your VPN connection to work regardless of what IP Address your client happens to be using. You set the External Start and End ports as the port (or ports) required for OpenVPN:

https://docs.openvpn.net/frequently-asked-questions/

 

 

Under the Internal IP/Port, you put the static LAN (Internal) IP Address of your OpenVPN Server, and the same port you entered under External. For protocol, you set TCP or UDP, as needed (or both if required, but it's better to only set the protocol needed).

 

Description is just an easily recognizeable name - I usually use Service + Port for name (Eg: "OpenVPN-TCP-943").

 

Finally, create a single rule for each port. Eg:

One rule for TCP 443, a second rule for TCP 943, and a third rule for UPD 1194.

 

Does that make sense?

So I created a port forwarding thing for port 1194, and it's a bit weird but...

 

So I used the config file I last made and I got the same error as before. But when I went to use the config file I initially made (I set openvpn up and when it didn't work I reset it up so I had two sets of config files) it actually connected. So I think I screwed something up with the client config file the second time but the first one works. So yay?

 

It's working just using 1194, do I need to forward 443 and 943 as well? And if I do would that mean I also have to allow those ports in the firewall on the home server? (the guide I used told me to set up ufw as a firewall)

 

Also weird side note, it looks like the public ip of my mac and home server are the same? Not sure why that is...

Make sure to quote me or tag me when responding to me, or I might not know you replied! Examples:

 

Do this:

Quote

And make sure you do it by hitting the quote button at the bottom left of my post, and not the one inside the editor!

Or this:

@DocSwag

 

Buy whatever product is best for you, not what product is "best" for the market.

 

Interested in computer architecture? Still in middle or high school? P.M. me!

 

I love computer hardware and feel free to ask me anything about that (or phones). I especially like SSDs. But please do not ask me anything about Networking, programming, command line stuff, or any relatively hard software stuff. I know next to nothing about that.

 

Compooters:

Spoiler

Desktop:

Spoiler

CPU: i7 6700k, CPU Cooler: be quiet! Dark Rock Pro 3, Motherboard: MSI Z170a KRAIT GAMING, RAM: G.Skill Ripjaws 4 Series 4x4gb DDR4-2666 MHz, Storage: SanDisk SSD Plus 240gb + OCZ Vertex 180 480 GB + Western Digital Caviar Blue 1 TB 7200 RPM, Video Card: EVGA GTX 970 SSC, Case: Fractal Design Define S, Power Supply: Seasonic Focus+ Gold 650w Yay, Keyboard: Logitech G710+, Mouse: Logitech G502 Proteus Spectrum, Headphones: B&O H9i, Monitor: LG 29um67 (2560x1080 75hz freesync)

Home Server:

Spoiler

CPU: Pentium G4400, CPU Cooler: Stock, Motherboard: MSI h110l Pro Mini AC, RAM: Hyper X Fury DDR4 1x8gb 2133 MHz, Storage: PNY CS1311 120gb SSD + two Segate 4tb HDDs in RAID 1, Video Card: Does Intel Integrated Graphics count?, Case: Fractal Design Node 304, Power Supply: Seasonic 360w 80+ Gold, Keyboard+Mouse+Monitor: Does it matter?

Laptop (I use it for school):

Spoiler

Surface book 2 13" with an i7 8650u, 8gb RAM, 256 GB storage, and a GTX 1050

And if you're curious (or a stalker) I have a Just Black Pixel 2 XL 64gb

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, DocSwag said:

So I created a port forwarding thing for port 1194, and it's a bit weird but...

 

So I used the config file I last made and I got the same error as before. But when I went to use the config file I initially made (I set openvpn up and when it didn't work I reset it up so I had two sets of config files) it actually connected. So I think I screwed something up with the client config file the second time but the first one works. So yay?

 

It's working just using 1194, do I need to forward 443 and 943 as well? And if I do would that mean I also have to allow those ports in the firewall on the home server? (the guide I used told me to set up ufw as a firewall)

 

Also weird side note, it looks like the public ip of my mac and home server are the same? Not sure why that is...

Yep probably a configuration issue - I would maybe redo the configuration for the client and go through it more carefully to make sure you don't make any errors - but if all else fails, at least you have one working config now.

 

As for the additional ports: As per the quote I pasted above from the OpenVPN website, the TCP ports are actually not required - they're secondary ports in case UDP 1194 is blocked by your ISP or by your Network Administrator (Eg: If you're at work, trying to VPN home, and they block UDP 1194 traffic in both directions).

 

So most likely, just using UDP 1194 will be totally fine.

 

As for the Public IP: Are your Mac and Home Server located in the same building? Because your Public IP is the IP Address of your Modem, specifically. Any devices connecting to the Internet via that modem are, of course, using and sharing the same Public (WAN - Wide Area Network) IP Address.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
1 minute ago, dalekphalm said:

Yep probably a configuration issue - I would maybe redo the configuration for the client and go through it more carefully to make sure you don't make any errors - but if all else fails, at least you have one working config now.

 

As for the additional ports: As per the quote I pasted above from the OpenVPN website, the TCP ports are actually not required - they're secondary ports in case UDP 1194 is blocked by your ISP or by your Network Administrator (Eg: If you're at work, trying to VPN home, and they block UDP 1194 traffic in both directions).

 

So most likely, just using UDP 1194 will be totally fine.

 

As for the Public IP: Are your Mac and Home Server located in the same building? Because your Public IP is the IP Address of your Modem, specifically. Any devices connecting to the Internet via that modem are, of course, using and sharing the same Public (WAN - Wide Area Network) IP Address.

OK I'll probably do that later.

 

If that's the case I'll probably set those ports up. Just because.

 

Yes, they are. I tested doing a mobile hotspot on my phone and now my mac is reading as a different ip so yeah that's the reason. On a side note though, I switched to the mobile hotspot and now I can't connect to the vpn, it just says waiting for server response. Not sure if that's because the internet is super slow (I'm throttled to 128 kbps since I passed my data limit) but that shouldn't affect it that much right? (been waiting 3 minutes now...

Make sure to quote me or tag me when responding to me, or I might not know you replied! Examples:

 

Do this:

Quote

And make sure you do it by hitting the quote button at the bottom left of my post, and not the one inside the editor!

Or this:

@DocSwag

 

Buy whatever product is best for you, not what product is "best" for the market.

 

Interested in computer architecture? Still in middle or high school? P.M. me!

 

I love computer hardware and feel free to ask me anything about that (or phones). I especially like SSDs. But please do not ask me anything about Networking, programming, command line stuff, or any relatively hard software stuff. I know next to nothing about that.

 

Compooters:

Spoiler

Desktop:

Spoiler

CPU: i7 6700k, CPU Cooler: be quiet! Dark Rock Pro 3, Motherboard: MSI Z170a KRAIT GAMING, RAM: G.Skill Ripjaws 4 Series 4x4gb DDR4-2666 MHz, Storage: SanDisk SSD Plus 240gb + OCZ Vertex 180 480 GB + Western Digital Caviar Blue 1 TB 7200 RPM, Video Card: EVGA GTX 970 SSC, Case: Fractal Design Define S, Power Supply: Seasonic Focus+ Gold 650w Yay, Keyboard: Logitech G710+, Mouse: Logitech G502 Proteus Spectrum, Headphones: B&O H9i, Monitor: LG 29um67 (2560x1080 75hz freesync)

Home Server:

Spoiler

CPU: Pentium G4400, CPU Cooler: Stock, Motherboard: MSI h110l Pro Mini AC, RAM: Hyper X Fury DDR4 1x8gb 2133 MHz, Storage: PNY CS1311 120gb SSD + two Segate 4tb HDDs in RAID 1, Video Card: Does Intel Integrated Graphics count?, Case: Fractal Design Node 304, Power Supply: Seasonic 360w 80+ Gold, Keyboard+Mouse+Monitor: Does it matter?

Laptop (I use it for school):

Spoiler

Surface book 2 13" with an i7 8650u, 8gb RAM, 256 GB storage, and a GTX 1050

And if you're curious (or a stalker) I have a Just Black Pixel 2 XL 64gb

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
Just now, DocSwag said:

OK I'll probably do that later.

 

If that's the case I'll probably set those ports up. Just because.

 

Yes, they are. I tested doing a mobile hotspot on my phone and now my mac is reading as a different ip so yeah that's the reason. On a side note though, I switched to the mobile hotspot and now I can't connect to the vpn, it just says waiting for server response. Not sure if that's because the internet is super slow (I'm throttled to 128 kbps since I passed my data limit) but that shouldn't affect it that much right? (been waiting 3 minutes now...

A VPN initiation should only take a few seconds, regardless of what connection speed you're using.

 

At worst, it might take up to, say, 30 seconds. If it's not connecting after like 10 seconds, it's probably not going to work.

 

You need to check to see if the UDP 1194 port is actually open.

 

Go to a port checker website (There are dozens, here's the top Google hit):

http://www.yougetsignal.com/tools/open-ports/

 

It should detect your WAN/Public IP Automatically. Enter in 1194 into the port number field and hit check.

 

If it returns as Open, then the port is successfully being forwarded, and the issue may be something else. If the port is Closed (or times out, etc), then something is still blocking the port.

 

Also, yes, you DO need to open these ports in whatever Firewall applications you are running too - so if there is a Firewall on the OpenVPN Server, you need to open up UDP 1194 there too (And the other ports listed above, if you intend on having the backup ports running).

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
4 minutes ago, dalekphalm said:

A VPN initiation should only take a few seconds, regardless of what connection speed you're using.

 

At worst, it might take up to, say, 30 seconds. If it's not connecting after like 10 seconds, it's probably not going to work.

 

You need to check to see if the UDP 1194 port is actually open.

 

Go to a port checker website (There are dozens, here's the top Google hit):

http://www.yougetsignal.com/tools/open-ports/

 

It should detect your WAN/Public IP Automatically. Enter in 1194 into the port number field and hit check.

 

If it returns as Open, then the port is successfully being forwarded, and the issue may be something else. If the port is Closed (or times out, etc), then something is still blocking the port.

 

Also, yes, you DO need to open these ports in whatever Firewall applications you are running too - so if there is a Firewall on the OpenVPN Server, you need to open up UDP 1194 there too (And the other ports listed above, if you intend on having the backup ports running).

I tried it and it's saying connection timeout. Also, it turns out I actually disabled UFW earlier so... That wasn't the issue. I also just went and enabled those other ports.

 

Side note, how would I set it up in the client config file to also use those ports as backup?

 

I'm looking at this part and I'm not sure how I would do it... Would I add more lines except changing the port? Or something else?

Quote

First, edit the line starting with remote. Change my-server-1 to your_server_ip.

/etc/openvpn/easy-rsa/keys/client.ovpn 

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote your_server_ip 1194

Next, find the area shown below and uncomment user nobody and group nogroup, just like we did in server.conf in Step 1. Note: This doesn't apply to Windows so you can skip it. It should look like this when done:

 

Make sure to quote me or tag me when responding to me, or I might not know you replied! Examples:

 

Do this:

Quote

And make sure you do it by hitting the quote button at the bottom left of my post, and not the one inside the editor!

Or this:

@DocSwag

 

Buy whatever product is best for you, not what product is "best" for the market.

 

Interested in computer architecture? Still in middle or high school? P.M. me!

 

I love computer hardware and feel free to ask me anything about that (or phones). I especially like SSDs. But please do not ask me anything about Networking, programming, command line stuff, or any relatively hard software stuff. I know next to nothing about that.

 

Compooters:

Spoiler

Desktop:

Spoiler

CPU: i7 6700k, CPU Cooler: be quiet! Dark Rock Pro 3, Motherboard: MSI Z170a KRAIT GAMING, RAM: G.Skill Ripjaws 4 Series 4x4gb DDR4-2666 MHz, Storage: SanDisk SSD Plus 240gb + OCZ Vertex 180 480 GB + Western Digital Caviar Blue 1 TB 7200 RPM, Video Card: EVGA GTX 970 SSC, Case: Fractal Design Define S, Power Supply: Seasonic Focus+ Gold 650w Yay, Keyboard: Logitech G710+, Mouse: Logitech G502 Proteus Spectrum, Headphones: B&O H9i, Monitor: LG 29um67 (2560x1080 75hz freesync)

Home Server:

Spoiler

CPU: Pentium G4400, CPU Cooler: Stock, Motherboard: MSI h110l Pro Mini AC, RAM: Hyper X Fury DDR4 1x8gb 2133 MHz, Storage: PNY CS1311 120gb SSD + two Segate 4tb HDDs in RAID 1, Video Card: Does Intel Integrated Graphics count?, Case: Fractal Design Node 304, Power Supply: Seasonic 360w 80+ Gold, Keyboard+Mouse+Monitor: Does it matter?

Laptop (I use it for school):

Spoiler

Surface book 2 13" with an i7 8650u, 8gb RAM, 256 GB storage, and a GTX 1050

And if you're curious (or a stalker) I have a Just Black Pixel 2 XL 64gb

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
Just now, DocSwag said:

I tried it and it's saying connection timeout. Also, it turns out I actually disabled UFW earlier so... That wasn't the issue. I also just went and enabled those other ports.

 

Side note, how would I set it up in the client config file to also use those ports as backup?

 

I'm looking at this part and I'm not sure how I would do it... Would I add more lines except changing the port? Or something else?

 

I'm no OpenVPN expert, but I would assume, reading the comments in the config, just enter multiple lines where it says "remote your_server_ip 1194", and for each line, replace the port with a different one.

 

So for example:

remote your_server_ip 1194

remote your_server_ip 943

remote your_server_ip 443

 

In each line, replace "your_server_ip" with your Public IP Address.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
6 minutes ago, dalekphalm said:

I'm no OpenVPN expert, but I would assume, reading the comments in the config, just enter multiple lines where it says "remote your_server_ip 1194", and for each line, replace the port with a different one.

 

So for example:

remote your_server_ip 1194

remote your_server_ip 943

remote your_server_ip 443

 

In each line, replace "your_server_ip" with your Public IP Address.

Yeah all I'm getting in the logs is this spammed over and over again

2017-08-24 14:55:54 write UDPv4: Can't assign requested address (code=49)

 

BTW, that's regardless of whether or not I have 943 and 443 in the config file. As long as I'm not on my home wifi network I'm getting that error spammed about once per 1-2 seconds.

Make sure to quote me or tag me when responding to me, or I might not know you replied! Examples:

 

Do this:

Quote

And make sure you do it by hitting the quote button at the bottom left of my post, and not the one inside the editor!

Or this:

@DocSwag

 

Buy whatever product is best for you, not what product is "best" for the market.

 

Interested in computer architecture? Still in middle or high school? P.M. me!

 

I love computer hardware and feel free to ask me anything about that (or phones). I especially like SSDs. But please do not ask me anything about Networking, programming, command line stuff, or any relatively hard software stuff. I know next to nothing about that.

 

Compooters:

Spoiler

Desktop:

Spoiler

CPU: i7 6700k, CPU Cooler: be quiet! Dark Rock Pro 3, Motherboard: MSI Z170a KRAIT GAMING, RAM: G.Skill Ripjaws 4 Series 4x4gb DDR4-2666 MHz, Storage: SanDisk SSD Plus 240gb + OCZ Vertex 180 480 GB + Western Digital Caviar Blue 1 TB 7200 RPM, Video Card: EVGA GTX 970 SSC, Case: Fractal Design Define S, Power Supply: Seasonic Focus+ Gold 650w Yay, Keyboard: Logitech G710+, Mouse: Logitech G502 Proteus Spectrum, Headphones: B&O H9i, Monitor: LG 29um67 (2560x1080 75hz freesync)

Home Server:

Spoiler

CPU: Pentium G4400, CPU Cooler: Stock, Motherboard: MSI h110l Pro Mini AC, RAM: Hyper X Fury DDR4 1x8gb 2133 MHz, Storage: PNY CS1311 120gb SSD + two Segate 4tb HDDs in RAID 1, Video Card: Does Intel Integrated Graphics count?, Case: Fractal Design Node 304, Power Supply: Seasonic 360w 80+ Gold, Keyboard+Mouse+Monitor: Does it matter?

Laptop (I use it for school):

Spoiler

Surface book 2 13" with an i7 8650u, 8gb RAM, 256 GB storage, and a GTX 1050

And if you're curious (or a stalker) I have a Just Black Pixel 2 XL 64gb

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

@dalekphalmNevermind, I fixed it!

 

Turns out it's some sort of a problem within OS X derp. 

https://support.vpnsecure.me/articles/frequently-asked-questions/osx-openvpn-error-write-udpv4-can-t-assign-requested-address-code-49

 

Did steps mentioned went back and it worked, checked my ip address and yup, it worked.

 

Thanks a lot! You've been a big help!

Make sure to quote me or tag me when responding to me, or I might not know you replied! Examples:

 

Do this:

Quote

And make sure you do it by hitting the quote button at the bottom left of my post, and not the one inside the editor!

Or this:

@DocSwag

 

Buy whatever product is best for you, not what product is "best" for the market.

 

Interested in computer architecture? Still in middle or high school? P.M. me!

 

I love computer hardware and feel free to ask me anything about that (or phones). I especially like SSDs. But please do not ask me anything about Networking, programming, command line stuff, or any relatively hard software stuff. I know next to nothing about that.

 

Compooters:

Spoiler

Desktop:

Spoiler

CPU: i7 6700k, CPU Cooler: be quiet! Dark Rock Pro 3, Motherboard: MSI Z170a KRAIT GAMING, RAM: G.Skill Ripjaws 4 Series 4x4gb DDR4-2666 MHz, Storage: SanDisk SSD Plus 240gb + OCZ Vertex 180 480 GB + Western Digital Caviar Blue 1 TB 7200 RPM, Video Card: EVGA GTX 970 SSC, Case: Fractal Design Define S, Power Supply: Seasonic Focus+ Gold 650w Yay, Keyboard: Logitech G710+, Mouse: Logitech G502 Proteus Spectrum, Headphones: B&O H9i, Monitor: LG 29um67 (2560x1080 75hz freesync)

Home Server:

Spoiler

CPU: Pentium G4400, CPU Cooler: Stock, Motherboard: MSI h110l Pro Mini AC, RAM: Hyper X Fury DDR4 1x8gb 2133 MHz, Storage: PNY CS1311 120gb SSD + two Segate 4tb HDDs in RAID 1, Video Card: Does Intel Integrated Graphics count?, Case: Fractal Design Node 304, Power Supply: Seasonic 360w 80+ Gold, Keyboard+Mouse+Monitor: Does it matter?

Laptop (I use it for school):

Spoiler

Surface book 2 13" with an i7 8650u, 8gb RAM, 256 GB storage, and a GTX 1050

And if you're curious (or a stalker) I have a Just Black Pixel 2 XL 64gb

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, DocSwag said:

@dalekphalmNevermind, I fixed it!

 

Turns out it's some sort of a problem within OS X derp. 

https://support.vpnsecure.me/articles/frequently-asked-questions/osx-openvpn-error-write-udpv4-can-t-assign-requested-address-code-49

 

Did steps mentioned went back and it worked, checked my ip address and yup, it worked.

 

Thanks a lot! You've been a big help!

Great - good to hear.

 

One of these days I might get OpenVPN setup on my own server. Haven't had a need yet, so it would be a curiosity only.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Servers, NAS, and Home Lab

×