The Dark Knight Posted July 14, 2013 Share Posted July 14, 2013 Hi guys I want to be able to use my home internet connection while on the move for browsing as well as file access. I have downloaded and installed the VMWare appliance version of OpenVPN AS. Running it in VMWare Player on Windows Server 2012. I have created an account on DynDNS and got myself a domain to use with the VPN. Have also opened the required TCP and UDP ports on the built-in Windows Firewall and on my router. However no matter what options I try, the client connectivity test ALWAYS fails! Really stuck here, don't know what to do! Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 14, 2013 MVC Share Posted July 14, 2013 And where are you testing from?? And vmplayer - what connection does your vm have to your physical network? Bridge or are you natting, I do believe nat is the default, which would be problematic in getting to work. Link to comment Share on other sites More sharing options...
The Dark Knight Posted July 14, 2013 Author Share Posted July 14, 2013 Testing from within the OpenVPN Admin panel. VMWare Player set to Bridge mode. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 14, 2013 MVC Share Posted July 14, 2013 So your on the same network as your server.. Hitting your pubic IP (dns name) that is on the outside of your router just to be forwarded back inside? This is called loopback forwarding or Nat reflection and is rarely a good test.. And quite often not even supported by most soho routers. You need to test from OUTSIDE your network!!! So your running this test? Link to comment Share on other sites More sharing options...
The Dark Knight Posted July 14, 2013 Author Share Posted July 14, 2013 Ok, how do I do that? I have 2 internet connections at home from separate ISP's. So just tried pinging the public IP of the connection which has the server, request timed out. Edit: Yup, that's the test I've been trying. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 14, 2013 MVC Share Posted July 14, 2013 Well ping is not same as the port forwards you created -- did you enable ping?? Again many routers default to this being off. See my edit - this is the test your trying, and what does it show for your ip, your public your internal? What ports are you running on? You sure your not behind a double nat already, ports are not blocked by your ISP? See the above test - this is what your running right? I edited my last post. If you PM me your IP I would be happy to see if the ports are showing open or not, and ping, etc.. Link to comment Share on other sites More sharing options...
The Dark Knight Posted July 14, 2013 Author Share Posted July 14, 2013 Ok, where do I check whether ping is enabled or not? I have a Linksys WRT54G router running a fork of DD-WRT called Tomato if that helps. Yeah, That's the test I've been trying with. Using default ports, TCP 443 and UDP 1194. How do I check whether I have a double NAT ro not? Sure, sent PM with IP. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 14, 2013 MVC Share Posted July 14, 2013 So on your tomato what does it show for your WAN/INTERNET IP - if its private 10.x.x.x, 192.168.x.x or 172.16-31.x.x then your behind a NAT. Here is where you enable ping in tomato Link to comment Share on other sites More sharing options...
The Dark Knight Posted July 14, 2013 Author Share Posted July 14, 2013 Just checked, showing public IP. Enabled ICMP ping option also, able to ping now from the other ISP. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 14, 2013 MVC Share Posted July 14, 2013 ok I show this Ok let me try again with your ping -- but I show this Nmap scan report for 27.snipped Host is up. All 1000 scanned ports on 27.snipped are filtered Nmap done: 1 IP address (1 host up) scanned in 201.51 seconds budman@ubuntu:~$ edit: So I show you pinging now - but 443 is not open! Nor do I show any other ports open! Your forward is not right is what I would guess, or your ISP blocks the ports. budman@ubuntu:~$ ping 27.snipped PING 27.snipped (27.snipped) 56(84) bytes of data. 64 bytes from 27.snipped: icmp_req=1 ttl=43 time=284 ms 64 bytes from 27.snipped: icmp_req=2 ttl=43 time=285 ms Link to comment Share on other sites More sharing options...
The Dark Knight Posted July 14, 2013 Author Share Posted July 14, 2013 Ok, what does that mean, my ISP is blocking/filtering everything? Link to comment Share on other sites More sharing options...
The Dark Knight Posted July 14, 2013 Author Share Posted July 14, 2013 Ok, this is how I have opened the ports, is it correct? Have also opened in Windows Firewall on the server. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 14, 2013 MVC Share Posted July 14, 2013 You can not forward a port to more than 1 address - you have .100 and .110 there So your saying web gui at 42893 should be open and RD is what? Let me scan for those ports.. They are WAY high up and would not have tested for those most likely in default scan. I don't show them up either Host is up. PORT STATE SERVICE 42893/tcp filtered unknown PORT STATE SERVICE 41962/tcp filtered unknown edit: Hey turn off ping -- I want to verify it was not working before, etc. My ping probe did not work, but when I just pinged your address I get a reply - but turn if off and my pings should stop. Also - you don't have any other routers behind what you sent in your PM showing your wan IP.. You don't have any other devices between your tomato box and your devices running vms.. lets do a real simple test.. On your workstation do a netstat -an, so for example see how I am listening to 3389, remote desktop C:\Windows\System32>netstat -an Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING Forward that on you router - and make sure you turn off your windows firewall and I will check for that.. If we can not get that to show good, then we got something else blocking us or wrong. Don't leave it on long - just for test, PM post in thread when you have it forwarded and will do quick test. edit: ok looks like your ping stopped.. You can turn it back on. Link to comment Share on other sites More sharing options...
The Dark Knight Posted July 14, 2013 Author Share Posted July 14, 2013 Those are old ones, I don't even use it any more. WebUI was a config panel for something, uTorrent I think. RD is Remote Desktop. I opened those years ago and actually forgot about them. Oh ok, didn't know it has to be for one address only. So which one do I choose here? 100 is Server 2012, and 110 is OpenVPN. I deleted that WebUI port a few minutes back as I realised I wasn't using it any more. Added back again. If you don't mind, can you check that port once more? Edit: Ok, ping is off now. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 14, 2013 MVC Share Posted July 14, 2013 hey!!! Host is up (0.29s latency). PORT STATE SERVICE 443/tcp open https why would you forward 443 to your server, you need to forward it to the IP of your VM running openvpn edit: Looks like your up now Link to comment Share on other sites More sharing options...
The Dark Knight Posted July 14, 2013 Author Share Posted July 14, 2013 Little confused with your last set of instructions. Ran command on server 2012. Showed a big list. PM sent. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 14, 2013 MVC Share Posted July 14, 2013 well yeah it would show a LONG list, every port its listening on - just wanted to verify it was listening on standard remote desktop port... See my last post, I hit your openvpn interface If you send me creds can test for you. Link to comment Share on other sites More sharing options...
The Dark Knight Posted July 14, 2013 Author Share Posted July 14, 2013 Oh ok. Sure, sent via PM. I also was able to connect and download the Connect client!! :D Link to comment Share on other sites More sharing options...
The Dark Knight Posted July 14, 2013 Author Share Posted July 14, 2013 CONNECTED SUCCESSFULLY!!!! :D Thanks a LOT BudMan for all your help!! :) (Y) Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 14, 2013 MVC Share Posted July 14, 2013 NO dude its not working yet! I was just on your admin page, and sure you can get to the admin page But want to point out some things Your UDP is different that default, which is fine - but per what you sent me you were forwarding you are not forwarding that port. Also you don't want your admin running on the same port as your service. So for example my admin runs on 943 and clients connect to 443 and 1194 Also yours running old version, I am on 1.8.4 yours is 1.6.1?? edit: Hmm shows your connected, but your test failed 5.5.8.2 708.81KB 6.20MB Sun Jul 14 19:30:06 2013 And did you set that vpn address.. Why would you have used 5.x.x.x ?? Link to comment Share on other sites More sharing options...
The Dark Knight Posted July 14, 2013 Author Share Posted July 14, 2013 Oh ok, but I am able to access the Admin panel just fine! Also connected successfully from the other internet plan. Weird, the test feature STILL shows failures! :( Ok, will change the Admin access details. Yeah, it is 1.6.1. The download page for the appliance said there are some issues with providing the latest version out of the box. Any other way to update it? 5.5 range was the default, I didn't put that in. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 14, 2013 MVC Share Posted July 14, 2013 So why are you running 1.6.1, I just looked and 1.8.5 is what I show for vmware player current version. edit: That was easy Active Configuration Access Server version: 1.8.5 I don't like using old versions of things ;) Link to comment Share on other sites More sharing options...
The Dark Knight Posted July 14, 2013 Author Share Posted July 14, 2013 No idea. I just downloaded it and set it up, had 1.6.1 right from the start. Edit: This is what is on their page.... Upgrading the Access Server Software on an AS to Version 1.8.5The current virtual appliance is version 1.6.1 In order to upgrade from OpenVPN Access Server 1.6.1 to 1.8.5 you will need to do the following:1. Download the Appliance at the top of this page and configure it. 2. WARNING: DUE TO THE NEW RELEASE OF 1.8.5 IT IS NOT POSSIBLE TO UPGRADE TO 1.8.5 YET, WE ARE WORKING ON RELEASE A NEW VIRTUAL APPLIANCE. Link to comment Share on other sites More sharing options...
The Dark Knight Posted July 14, 2013 Author Share Posted July 14, 2013 So you are also using the VMWare appliance of OpenVPN? How come yours is 1.8.5 then? Any way I can update mine? Haha, yeah, I also use the very latest in everything. Beta and even alpha versions where avaiable! :) Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 14, 2013 MVC Share Posted July 14, 2013 Well I am running it on ubuntu, so simple wget to get the new package and then just dpkg -i to upgrade it.. 5 was your default really?? That seems odd, that is a valid netblock on the internet and should not be used for a tunnel network, etc. Hamachi use to the do the same thing - which was wrong from the get go!! You don't just grab valid netblocks and use them for your own ;) Technically you can, but its bad practice and can lead to issues -- for example if there was something actually on the 5.x.x.x network you might want to actually access ;) So your tests still failing huh?? But you connected to it via your other isp connection and its working? Link to comment Share on other sites More sharing options...
Recommended Posts