AndyD Posted December 24, 2014 Share Posted December 24, 2014 I'm trying to make sure that my laptop will be able to VPN in but I have no way of really testing it besides trying to connect within my own network Link to comment Share on other sites More sharing options...
trek Posted December 24, 2014 Share Posted December 24, 2014 tether you cell phone Aergan 1 Share Link to comment Share on other sites More sharing options...
AndyD Posted December 24, 2014 Author Share Posted December 24, 2014 I can't I'm still on unlimited data with AT&T and would need to lose it to get tethering privileges Link to comment Share on other sites More sharing options...
sc302 Veteran Posted December 24, 2014 Veteran Share Posted December 24, 2014 try remotting into a friends or family members computer that is not on your network to be able to test. load up teamviewer and have at it. Link to comment Share on other sites More sharing options...
speed3okie Posted December 24, 2014 Share Posted December 24, 2014 Go a Starbucks or somewhere there is free wifi. Link to comment Share on other sites More sharing options...
AndyD Posted December 24, 2014 Author Share Posted December 24, 2014 s302 - good point. let me see if I can get a hold of my brother HockeyFan4Life - too late for that timing wise. I head out for vacation early tomorrow morning. If anything, I'll try from the airport Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 24, 2014 MVC Share Posted December 24, 2014 Doing a tv, and then vpn normally fails until you don't have default routing setup because once you create the vpn connection you break your TV connection, etc.. Best is just go to local wifi, be it mcdonalds, starbucks, etc.. Or just hop on some local wifi that is open or just wep that can be had in like 30 seconds What vpn did you setup, openvpn has clients for both ios and android phones. So you can just use your cell connection. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted December 24, 2014 Veteran Share Posted December 24, 2014 if you create a split tunnel it won't fail. fusi0n 1 Share Link to comment Share on other sites More sharing options...
AndyD Posted December 24, 2014 Author Share Posted December 24, 2014 sc302 - don't know much about that BudMan - I'm using a PPTP server on my ASUS router In the end, I had to port forward 1723 / 47 to get it work. I actually got the same error I was getting locally when I tried connecting from my brother's computer remotely. After port forwarding, got the VPN connection ( made sure that my ip address was showing up on his end when I checked for the IP ) I am a little confused though - I never had to port forward before. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 24, 2014 MVC Share Posted December 24, 2014 Why oh why would anyone be using a vpn protocol that has been deprecated for YEARS!! And no you didn't forward port 47, it uses protocol 47 (GRE) IF its on your router you wouldn't have to forward anything, unless your router was behind a nat? I am pretty sure your asus router supports openvpn.. This is more secure and easier to use than an antiquated pptp.. And you only need 1 port. fusi0n 1 Share Link to comment Share on other sites More sharing options...
AndyD Posted December 24, 2014 Author Share Posted December 24, 2014 The honest answer is that PPTP was simple to setup. I actually do want to switch to OpenVPN but I'll have to read about it some more on how to set it up And you're right about 47 - I just copied the setup of someone else online that was complaining about the same thing Link to comment Share on other sites More sharing options...
AndyD Posted December 24, 2014 Author Share Posted December 24, 2014 Do I have to pay for a service to use OpenVPN? For example, Private Internet Access or the like Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 24, 2014 MVC Share Posted December 24, 2014 No you don't have to pay fort openvpn, yes there is a commercial version "access server" that you could use that gives you 2 concurrent connections for free. I use this on my vps for example since it is so easy to setup, has a web gui to admin, etc.. And I only would ever need my connection to them. But there is also the community version that most routers and such would use that has unlimited use. From a quick look asus native does not have openvpn.. What specific router do you have, the dd-wrt has it, the merlin firmware has it, etc. Its really click to setup to be honest. Link to comment Share on other sites More sharing options...
xendrome Posted December 24, 2014 Share Posted December 24, 2014 Do you really need services on your home network, or can you just RDP/Teamviewer into a system at home? Link to comment Share on other sites More sharing options...
AndyD Posted December 24, 2014 Author Share Posted December 24, 2014 Xendrome - I used to use team viewer but had issues with it where I would find it locking up 30% of my cpu I also find it more convenient to connect to my router for vpn if say I'm using a public WiFi spot or if I want to wake one of my pcs on the network Budman - I have merlin on there. I plan reading up on it when I arrive Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 24, 2014 MVC Share Posted December 24, 2014 well there you go if you have merlin - click click openvpn server.. Which is more secure, and if you run it on 443 is pretty sure to be open from anywhere unlike pptp which uses protocols that are quite often blocked from hotspot type access, hotels, etc.. I have been playing with the UTM from sophos software version running on a vm vs my pfsense. Just got openvpn setup on my phone to it - took all of a couple of minutes. There is simple free openvpn client for android and ios, and windows and linux and os x, etc. So there is really little reason to continue to use such old tech as pptp. Since my phone already installed openvpn, just had to add the profile fro the utm setup. Which they have a little user portal where you can download client, profile for OS or phones, etc.. Have fun and if you have any questions - just ask! Link to comment Share on other sites More sharing options...
AndyD Posted December 26, 2014 Author Share Posted December 26, 2014 Thank you. I gave this a try - set it up using the tutorial on how to geek with some modifications due to the dated tutorial. It seems like I have everything set up properly but when I try to connect to my router I get this error... will try again in 5 seconds. Error 0x0000008a: The system tried to join a drive to a directory on a joined drive. Any ideas? Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted December 26, 2014 Veteran Share Posted December 26, 2014 Are you using Windows 8? https://forums.openvpn.net/topic11667.html https://forums.openvpn.net/topic10013-15.html#p27258 (this might solve it) Link to comment Share on other sites More sharing options...
AndyD Posted December 26, 2014 Author Share Posted December 26, 2014 Yeah I am and I actually went through those threads but didn't seem to help. Also, the second thread has a post at the end that it isn't an issue anymore. I'll have a look again Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 26, 2014 MVC Share Posted December 26, 2014 What guide did you follow? Are you just grabbing the config files and installing the client from openvpn? Did you install the tap driver? Are you running as admin? Where is your box your trying to connect to the vpn - outside your network?? Link to comment Share on other sites More sharing options...
AndyD Posted December 27, 2014 Author Share Posted December 27, 2014 This is the guide I used... http://www.howtogeek.com/60774/connect-to-your-home-network-from-anywhere-with-openvpn-and-tomato/ As the guy that created the Merlin firmware modeled the OpenVPN page to be very much like the Tomato firmware I followed the tutorial. Created config files for both the server and client. Applied the server files to the router. I installed the TAP driver. I changed the properties of both exes ( openvpn.exe and openvpngui.exe ) to open as adminstrator. And yeah, I'm at my sister's house so trying to connect from an external network Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 27, 2014 MVC Share Posted December 27, 2014 you need to run the gui as admin so it can create the routes. Lets see your configs? why not this guide? http://www.asus.com/us/support/FAQ/1008713 So what does the connection log say? Just that one error? So for example here is log of my connecting to openvpn server from my pc.. If you want I can give you a config file and you can make sure that works fro your client.. Sat Dec 27 07:03:14 2014 OpenVPN 2.3.6 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [PKCS11] [iPv6] built on Dec 1 2014 Sat Dec 27 07:03:14 2014 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08 Enter Management Password: Sat Dec 27 07:03:14 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Sat Dec 27 07:03:14 2014 Need hold release from management interface, waiting... Sat Dec 27 07:03:15 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 Sat Dec 27 07:03:15 2014 MANAGEMENT: CMD 'state on' Sat Dec 27 07:03:15 2014 MANAGEMENT: CMD 'log all on' Sat Dec 27 07:03:15 2014 MANAGEMENT: CMD 'hold off' Sat Dec 27 07:03:15 2014 MANAGEMENT: CMD 'hold release' Sat Dec 27 07:03:15 2014 Control Channel Authentication: tls-auth using INLINE static key file Sat Dec 27 07:03:15 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Dec 27 07:03:15 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Dec 27 07:03:15 2014 Socket Buffers: R=[8192->100000] S=[8192->100000] Sat Dec 27 07:03:15 2014 UDPv4 link local: [undef] Sat Dec 27 07:03:15 2014 UDPv4 link remote: [AF_INET]209.141.xxx.xxx:1194 Sat Dec 27 07:03:15 2014 MANAGEMENT: >STATE:1419685395,WAIT,,, Sat Dec 27 07:03:16 2014 MANAGEMENT: >STATE:1419685396,AUTH,,, Sat Dec 27 07:03:16 2014 TLS: Initial packet from [AF_INET]209.141.xxx.xxx:1194, sid=c385c451 69fc5dd3 Sat Dec 27 07:03:16 2014 VERIFY OK: depth=1, CN=OpenVPN CA Sat Dec 27 07:03:16 2014 VERIFY OK: nsCertType=SERVER Sat Dec 27 07:03:16 2014 VERIFY OK: depth=0, CN=OpenVPN Server Sat Dec 27 07:03:17 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Dec 27 07:03:17 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Dec 27 07:03:17 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Dec 27 07:03:17 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Dec 27 07:03:17 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Sat Dec 27 07:03:17 2014 [OpenVPN Server] Peer Connection Initiated with [AF_INET]209.141.xx.xx:1194 Sat Dec 27 07:03:18 2014 MANAGEMENT: >STATE:1419685398,GET_CONFIG,,, Sat Dec 27 07:03:19 2014 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1) Sat Dec 27 07:03:19 2014 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 172.27.232.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 4.2.2.1,register-dns,block-ipv6,ifconfig 172.27.232.3 255.255.248.0' Sat Dec 27 07:03:19 2014 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks Sat Dec 27 07:03:19 2014 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:18: block-ipv6 (2.3.6) Sat Dec 27 07:03:19 2014 OPTIONS IMPORT: timers and/or timeouts modified Sat Dec 27 07:03:19 2014 OPTIONS IMPORT: explicit notify parm(s) modified Sat Dec 27 07:03:19 2014 OPTIONS IMPORT: LZO parms modified Sat Dec 27 07:03:19 2014 OPTIONS IMPORT: --ifconfig/up options modified Sat Dec 27 07:03:19 2014 OPTIONS IMPORT: route options modified Sat Dec 27 07:03:19 2014 OPTIONS IMPORT: route-related options modified Sat Dec 27 07:03:19 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sat Dec 27 07:03:19 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Sat Dec 27 07:03:19 2014 MANAGEMENT: >STATE:1419685399,ASSIGN_IP,,172.27.232.3, Sat Dec 27 07:03:19 2014 open_tun, tt->ipv6=0 Sat Dec 27 07:03:19 2014 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{19F69CDF-2289-4B22-8271-7E1D5C60CF33}.tap Sat Dec 27 07:03:19 2014 TAP-Windows Driver Version 9.21 Sat Dec 27 07:03:19 2014 Set TAP-Windows TUN subnet mode network/local/netmask = 172.27.232.0/172.27.232.3/255.255.248.0 [sUCCEEDED] Sat Dec 27 07:03:19 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.27.232.3/255.255.248.0 on interface {19F69CDF-2289-4B22-8271-7E1D5C60CF33} [DHCP-serv: 172.27.239.254, lease-time: 31536000] Sat Dec 27 07:03:19 2014 Successful ARP Flush on interface [13] {19F69CDF-2289-4B22-8271-7E1D5C60CF33} Sat Dec 27 07:03:19 2014 NOTE: Release of DHCP-assigned IP address lease on TAP-Windows adapter failed: An address has not yet been associated with the network endpoint. (code=1228) Sat Dec 27 07:03:22 2014 TAP: DHCP address renewal succeeded Sat Dec 27 07:03:27 2014 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up Sat Dec 27 07:03:27 2014 C:\Windows\system32\route.exe ADD 209.141.xx.xx MASK 255.255.255.255 192.168.1.253 Sat Dec 27 07:03:27 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4 Sat Dec 27 07:03:27 2014 Route addition via IPAPI succeeded [adaptive] Sat Dec 27 07:03:27 2014 C:\Windows\system32\route.exe ADD 192.168.1.253 MASK 255.255.255.255 192.168.1.253 IF 12 Sat Dec 27 07:03:27 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4 Sat Dec 27 07:03:27 2014 Route addition via IPAPI succeeded [adaptive] Sat Dec 27 07:03:27 2014 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.232.1 Sat Dec 27 07:03:27 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 Sat Dec 27 07:03:27 2014 Route addition via IPAPI succeeded [adaptive] Sat Dec 27 07:03:27 2014 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.232.1 Sat Dec 27 07:03:27 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 Sat Dec 27 07:03:27 2014 Route addition via IPAPI succeeded [adaptive] Sat Dec 27 07:03:27 2014 Initialization Sequence Completed Sat Dec 27 07:03:27 2014 MANAGEMENT: >STATE:1419685407,CONNECTED,SUCCESS,172.27.232.3,209.141.xx.xx Sat Dec 27 07:03:28 2014 Start net commands... Sat Dec 27 07:03:28 2014 C:\Windows\system32\net.exe stop dnscache Sat Dec 27 07:03:30 2014 C:\Windows\system32\net.exe start dnscache Sat Dec 27 07:03:32 2014 C:\Windows\system32\ipconfig.exe /flushdns Sat Dec 27 07:03:32 2014 C:\Windows\system32\ipconfig.exe /registerdns Let me know if you want me to create you a test config to connect to one of my actually 5 different vpn servers.. I have 3 different vps in the US, west, east coast and dallas. Have on in the NL, and my house as well. Link to comment Share on other sites More sharing options...
AndyD Posted December 27, 2014 Author Share Posted December 27, 2014 I actually noticed two issues - a missing line in my client config and that my router was set to UDP instead of TCP. I get around the error above but now the connection keeps restarting. I'm looking into it And thanks! If you don't mind sharing a config, that would be great since it'll prove that openvpn works in general Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 27, 2014 MVC Share Posted December 27, 2014 let me setup an account and will pm it to you. Link to comment Share on other sites More sharing options...
AndyD Posted December 27, 2014 Author Share Posted December 27, 2014 Thank you. I looked through the logs...could this be the reason? Sat Dec 27 08:33:06 2014 us=821514 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1559', remote='link-mtu 1544' Sat Dec 27 08:33:06 2014 us=821514 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC' Not sure why the setup would be any different between the client and remote but trying to see how I can change remote to be consistent Link to comment Share on other sites More sharing options...
Recommended Posts