Trying to test my home vpn within my own network - not possible right?


Recommended Posts

s302 - good point.  let me see if I can get a hold of my brother

 

HockeyFan4Life - too late for that timing wise.  I head out for vacation early tomorrow morning.  If anything, I'll try from the airport

Link to comment
Share on other sites

Doing a tv, and then vpn normally fails until you don't have default routing setup because once you create the vpn connection you break your TV connection, etc..

Best is just go to local wifi, be it mcdonalds, starbucks, etc.. Or just hop on some local wifi that is open or just wep that can be had in like 30 seconds ;)

What vpn did you setup, openvpn has clients for both ios and android phones. So you can just use your cell connection.

Link to comment
Share on other sites

sc302 - don't know much about that

 

BudMan - I'm using a PPTP server on my ASUS router

 

In the end, I had to port forward 1723 / 47 to get it work.  I actually got the same error I was getting locally when I tried connecting from my brother's computer remotely.  After port forwarding, got the VPN connection ( made sure that my ip address was showing up on his end when I checked for the IP )

 

I am a little confused though - I never had to port forward before.

Link to comment
Share on other sites

Why oh why would anyone be using a vpn protocol that has been deprecated for YEARS!! And no you didn't forward port 47, it uses protocol 47 (GRE)

IF its on your router you wouldn't have to forward anything, unless your router was behind a nat? I am pretty sure your asus router supports openvpn.. This is more secure and easier to use than an antiquated pptp.. And you only need 1 port.

Link to comment
Share on other sites

The honest answer is that PPTP was simple to setup.  I actually do want to switch to OpenVPN but I'll have to read about it some more on how to set it up

 

And you're right about 47 - I just copied the setup of someone else online that was complaining about the same thing

Link to comment
Share on other sites

No you don't have to pay fort openvpn, yes there is a commercial version "access server" that you could use that gives you 2 concurrent connections for free. I use this on my vps for example since it is so easy to setup, has a web gui to admin, etc.. And I only would ever need my connection to them.

But there is also the community version that most routers and such would use that has unlimited use.

From a quick look asus native does not have openvpn.. What specific router do you have, the dd-wrt has it, the merlin firmware has it, etc. Its really click to setup to be honest.

Link to comment
Share on other sites

Xendrome - I used to use team viewer but had issues with it where I would find it locking up 30% of my cpu

I also find it more convenient to connect to my router for vpn if say I'm using a public WiFi spot or if I want to wake one of my pcs on the network

Budman - I have merlin on there. I plan reading up on it when I arrive

Link to comment
Share on other sites

well there you go if you have merlin - click click openvpn server.. Which is more secure, and if you run it on 443 is pretty sure to be open from anywhere unlike pptp which uses protocols that are quite often blocked from hotspot type access, hotels, etc..

I have been playing with the UTM from sophos software version running on a vm vs my pfsense. Just got openvpn setup on my phone to it - took all of a couple of minutes. There is simple free openvpn client for android and ios, and windows and linux and os x, etc. So there is really little reason to continue to use such old tech as pptp.

Since my phone already installed openvpn, just had to add the profile fro the utm setup. Which they have a little user portal where you can download client, profile for OS or phones, etc..

Have fun and if you have any questions - just ask!

Link to comment
Share on other sites

Thank  you.  I gave this a try - set it up using the tutorial on how to geek with some modifications due to the dated tutorial.  It seems like I have everything set up properly but when I try to connect to my router I get this error...

 

will try again in 5 seconds. Error 0x0000008a: The system tried to join a drive to a directory on a joined drive. 

 

Any ideas?

Link to comment
Share on other sites

Yeah I am and I actually went through those threads but didn't seem to help. Also, the second thread has a post at the end that it isn't an issue anymore. I'll have a look again

Link to comment
Share on other sites

What guide did you follow? Are you just grabbing the config files and installing the client from openvpn? Did you install the tap driver? Are you running as admin? Where is your box your trying to connect to the vpn - outside your network??

Link to comment
Share on other sites

This is the guide I used...

 

http://www.howtogeek.com/60774/connect-to-your-home-network-from-anywhere-with-openvpn-and-tomato/

 

As the guy that created the Merlin firmware modeled the OpenVPN page to be very much like the Tomato firmware

 

I followed the tutorial.  Created config files for both the server and client.  Applied the server files to the router.  I installed the TAP driver.  I changed the properties of both exes ( openvpn.exe and openvpngui.exe ) to open as adminstrator.

 

And yeah, I'm at my sister's house so trying to connect from an external network

Link to comment
Share on other sites

you need to run the gui as admin so it can create the routes. Lets see your configs?

why not this guide?

http://www.asus.com/us/support/FAQ/1008713

So what does the connection log say? Just that one error?

So for example here is log of my connecting to openvpn server from my pc..

If you want I can give you a config file and you can make sure that works fro your client..

Sat Dec 27 07:03:14 2014 OpenVPN 2.3.6 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [PKCS11] [iPv6] built on Dec 1 2014

Sat Dec 27 07:03:14 2014 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08

Enter Management Password:

Sat Dec 27 07:03:14 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340

Sat Dec 27 07:03:14 2014 Need hold release from management interface, waiting...

Sat Dec 27 07:03:15 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340

Sat Dec 27 07:03:15 2014 MANAGEMENT: CMD 'state on'

Sat Dec 27 07:03:15 2014 MANAGEMENT: CMD 'log all on'

Sat Dec 27 07:03:15 2014 MANAGEMENT: CMD 'hold off'

Sat Dec 27 07:03:15 2014 MANAGEMENT: CMD 'hold release'

Sat Dec 27 07:03:15 2014 Control Channel Authentication: tls-auth using INLINE static key file

Sat Dec 27 07:03:15 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Dec 27 07:03:15 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Dec 27 07:03:15 2014 Socket Buffers: R=[8192->100000] S=[8192->100000]

Sat Dec 27 07:03:15 2014 UDPv4 link local: [undef]

Sat Dec 27 07:03:15 2014 UDPv4 link remote: [AF_INET]209.141.xxx.xxx:1194

Sat Dec 27 07:03:15 2014 MANAGEMENT: >STATE:1419685395,WAIT,,,

Sat Dec 27 07:03:16 2014 MANAGEMENT: >STATE:1419685396,AUTH,,,

Sat Dec 27 07:03:16 2014 TLS: Initial packet from [AF_INET]209.141.xxx.xxx:1194, sid=c385c451 69fc5dd3

Sat Dec 27 07:03:16 2014 VERIFY OK: depth=1, CN=OpenVPN CA

Sat Dec 27 07:03:16 2014 VERIFY OK: nsCertType=SERVER

Sat Dec 27 07:03:16 2014 VERIFY OK: depth=0, CN=OpenVPN Server

Sat Dec 27 07:03:17 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Sat Dec 27 07:03:17 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Dec 27 07:03:17 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Sat Dec 27 07:03:17 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Dec 27 07:03:17 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Sat Dec 27 07:03:17 2014 [OpenVPN Server] Peer Connection Initiated with [AF_INET]209.141.xx.xx:1194

Sat Dec 27 07:03:18 2014 MANAGEMENT: >STATE:1419685398,GET_CONFIG,,,

Sat Dec 27 07:03:19 2014 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)

Sat Dec 27 07:03:19 2014 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 172.27.232.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 4.2.2.1,register-dns,block-ipv6,ifconfig 172.27.232.3 255.255.248.0'

Sat Dec 27 07:03:19 2014 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks

Sat Dec 27 07:03:19 2014 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:18: block-ipv6 (2.3.6)

Sat Dec 27 07:03:19 2014 OPTIONS IMPORT: timers and/or timeouts modified

Sat Dec 27 07:03:19 2014 OPTIONS IMPORT: explicit notify parm(s) modified

Sat Dec 27 07:03:19 2014 OPTIONS IMPORT: LZO parms modified

Sat Dec 27 07:03:19 2014 OPTIONS IMPORT: --ifconfig/up options modified

Sat Dec 27 07:03:19 2014 OPTIONS IMPORT: route options modified

Sat Dec 27 07:03:19 2014 OPTIONS IMPORT: route-related options modified

Sat Dec 27 07:03:19 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Sat Dec 27 07:03:19 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Sat Dec 27 07:03:19 2014 MANAGEMENT: >STATE:1419685399,ASSIGN_IP,,172.27.232.3,

Sat Dec 27 07:03:19 2014 open_tun, tt->ipv6=0

Sat Dec 27 07:03:19 2014 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{19F69CDF-2289-4B22-8271-7E1D5C60CF33}.tap

Sat Dec 27 07:03:19 2014 TAP-Windows Driver Version 9.21

Sat Dec 27 07:03:19 2014 Set TAP-Windows TUN subnet mode network/local/netmask = 172.27.232.0/172.27.232.3/255.255.248.0 [sUCCEEDED]

Sat Dec 27 07:03:19 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.27.232.3/255.255.248.0 on interface {19F69CDF-2289-4B22-8271-7E1D5C60CF33} [DHCP-serv: 172.27.239.254, lease-time: 31536000]

Sat Dec 27 07:03:19 2014 Successful ARP Flush on interface [13] {19F69CDF-2289-4B22-8271-7E1D5C60CF33}

Sat Dec 27 07:03:19 2014 NOTE: Release of DHCP-assigned IP address lease on TAP-Windows adapter failed: An address has not yet been associated with the network endpoint. (code=1228)

Sat Dec 27 07:03:22 2014 TAP: DHCP address renewal succeeded

Sat Dec 27 07:03:27 2014 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up

Sat Dec 27 07:03:27 2014 C:\Windows\system32\route.exe ADD 209.141.xx.xx MASK 255.255.255.255 192.168.1.253

Sat Dec 27 07:03:27 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4

Sat Dec 27 07:03:27 2014 Route addition via IPAPI succeeded [adaptive]

Sat Dec 27 07:03:27 2014 C:\Windows\system32\route.exe ADD 192.168.1.253 MASK 255.255.255.255 192.168.1.253 IF 12

Sat Dec 27 07:03:27 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4

Sat Dec 27 07:03:27 2014 Route addition via IPAPI succeeded [adaptive]

Sat Dec 27 07:03:27 2014 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.232.1

Sat Dec 27 07:03:27 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4

Sat Dec 27 07:03:27 2014 Route addition via IPAPI succeeded [adaptive]

Sat Dec 27 07:03:27 2014 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.232.1

Sat Dec 27 07:03:27 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4

Sat Dec 27 07:03:27 2014 Route addition via IPAPI succeeded [adaptive]

Sat Dec 27 07:03:27 2014 Initialization Sequence Completed

Sat Dec 27 07:03:27 2014 MANAGEMENT: >STATE:1419685407,CONNECTED,SUCCESS,172.27.232.3,209.141.xx.xx

Sat Dec 27 07:03:28 2014 Start net commands...

Sat Dec 27 07:03:28 2014 C:\Windows\system32\net.exe stop dnscache

Sat Dec 27 07:03:30 2014 C:\Windows\system32\net.exe start dnscache

Sat Dec 27 07:03:32 2014 C:\Windows\system32\ipconfig.exe /flushdns

Sat Dec 27 07:03:32 2014 C:\Windows\system32\ipconfig.exe /registerdns

Let me know if you want me to create you a test config to connect to one of my actually 5 different vpn servers.. I have 3 different vps in the US, west, east coast and dallas. Have on in the NL, and my house as well.

Link to comment
Share on other sites

I actually noticed two issues - a missing line in my client config and that my router was set to UDP instead of TCP.  I get around the error above but now the connection keeps restarting.  I'm looking into it


And thanks!  If you don't mind sharing a config, that would be great since it'll prove that openvpn works in general

Link to comment
Share on other sites

Thank you.  I looked through the logs...could this be the reason?

 

Sat Dec 27 08:33:06 2014 us=821514 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1559', remote='link-mtu 1544'
Sat Dec 27 08:33:06 2014 us=821514 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
 
Not sure why the setup would be any different between the client and remote but trying to see how I can change remote to be consistent
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.