• 0

Home VPN using OpenVPN AS connectivity issues....HELP!


Go to solution Solved by BudMan,

Question

The Dark Knight

Hi guys

 

I want to be able to use my home internet connection while on the move for browsing as well as file access. I have downloaded and installed the VMWare appliance version of OpenVPN AS. Running it in VMWare Player on Windows Server 2012. I have created an account on DynDNS and got myself a domain to use with the VPN. Have also opened the required TCP and UDP ports on the built-in Windows Firewall and on my router.

 

However no matter what options I try, the client connectivity test ALWAYS fails! Really stuck here, don't know what to do!

Link to post
Share on other sites

Recommended Posts

  • 0
+BudMan

hey!!!

Host is up (0.29s latency).

PORT STATE SERVICE

443/tcp open https

why would you forward 443 to your server, you need to forward it to the IP of your VM running openvpn

edit: Looks like your up now

post-14624-0-03613900-1373809584.png

Link to post
Share on other sites
  • 0
+BudMan

And where are you testing from??

And vmplayer - what connection does your vm have to your physical network? Bridge or are you natting, I do believe nat is the default, which would be problematic in getting to work.

Link to post
Share on other sites
  • 0
The Dark Knight

Testing from within the OpenVPN Admin panel. VMWare Player set to Bridge mode.

Link to post
Share on other sites
  • 0
+BudMan

So your on the same network as your server.. Hitting your pubic IP (dns name) that is on the outside of your router just to be forwarded back inside?

This is called loopback forwarding or Nat reflection and is rarely a good test.. And quite often not even supported by most soho routers.

You need to test from OUTSIDE your network!!!

So your running this test?

post-14624-0-76681900-1373806933.png

Link to post
Share on other sites
  • 0
The Dark Knight

Ok, how do I do that? I have 2 internet connections at home from separate ISP's. So just tried pinging the public IP of the connection which has the server, request timed out.

 

Edit: Yup, that's the test I've been trying.

Link to post
Share on other sites
  • 0
+BudMan

Well ping is not same as the port forwards you created -- did you enable ping?? Again many routers default to this being off.

See my edit - this is the test your trying, and what does it show for your ip, your public your internal?

What ports are you running on? You sure your not behind a double nat already, ports are not blocked by your ISP? See the above test - this is what your running right? I edited my last post.

If you PM me your IP I would be happy to see if the ports are showing open or not, and ping, etc..

Link to post
Share on other sites
  • 0
The Dark Knight

Ok, where do I check whether ping is enabled or not? I have a Linksys WRT54G router running a fork of DD-WRT called Tomato if that helps.

 

Yeah, That's the test I've been trying with.

 

Using default ports, TCP 443 and UDP 1194. How do I check whether I have a double NAT ro not?

 

Sure, sent PM with IP.

Link to post
Share on other sites
  • 0
+BudMan

So on your tomato what does it show for your WAN/INTERNET IP - if its private 10.x.x.x, 192.168.x.x or 172.16-31.x.x then your behind a NAT.

Here is where you enable ping in tomato

post-14624-0-77706800-1373807488.png

Link to post
Share on other sites
  • 0
The Dark Knight

Just checked, showing public IP. Enabled ICMP ping option also, able to ping now from the other ISP.

Link to post
Share on other sites
  • 0
+BudMan

ok I show this

Ok let me try again with your ping -- but I show this

Nmap scan report for 27.snipped

Host is up.

All 1000 scanned ports on 27.snipped are filtered

Nmap done: 1 IP address (1 host up) scanned in 201.51 seconds

budman@ubuntu:~$

edit:

So I show you pinging now - but 443 is not open! Nor do I show any other ports open! Your forward is not right is what I would guess, or your ISP blocks the ports.

budman@ubuntu:~$ ping 27.snipped

PING 27.snipped (27.snipped) 56(84) bytes of data.

64 bytes from 27.snipped: icmp_req=1 ttl=43 time=284 ms

64 bytes from 27.snipped: icmp_req=2 ttl=43 time=285 ms

Link to post
Share on other sites
  • 0
The Dark Knight

Ok, what does that mean, my ISP is blocking/filtering everything?

Link to post
Share on other sites
  • 0
The Dark Knight

Ok, this is how I have opened the ports, is it correct? Have also opened in Windows Firewall on the server.

 

post-58111-0-42209800-1373808310.jpg

Link to post
Share on other sites
  • 0
+BudMan

You can not forward a port to more than 1 address - you have .100 and .110 there

So your saying web gui at 42893 should be open and RD is what? Let me scan for those ports.. They are WAY high up and would not have tested for those most likely in default scan.

I don't show them up either

Host is up.

PORT STATE SERVICE

42893/tcp filtered unknown

PORT STATE SERVICE

41962/tcp filtered unknown

edit:

Hey turn off ping -- I want to verify it was not working before, etc. My ping probe did not work, but when I just pinged your address I get a reply - but turn if off and my pings should stop.

Also - you don't have any other routers behind what you sent in your PM showing your wan IP.. You don't have any other devices between your tomato box and your devices running vms.. lets do a real simple test.. On your workstation do a netstat -an, so for example

see how I am listening to 3389, remote desktop

C:\Windows\System32>netstat -an

Active Connections

Proto Local Address Foreign Address State

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING

TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING

Forward that on you router - and make sure you turn off your windows firewall and I will check for that.. If we can not get that to show good, then we got something else blocking us or wrong.

Don't leave it on long - just for test, PM post in thread when you have it forwarded and will do quick test.

edit: ok looks like your ping stopped.. You can turn it back on.

Link to post
Share on other sites
  • 0
The Dark Knight

Those are old ones, I don't even use it any more. WebUI was a config panel for something, uTorrent I think. RD is Remote Desktop. I opened those years ago and actually forgot about them.

 

Oh ok, didn't know it has to be for one address only. So which one do I choose here? 100 is Server 2012, and 110 is OpenVPN.


I deleted that WebUI port a few minutes back as I realised I wasn't using it any more. Added back again. If you don't mind, can you check that port once more?

 

Edit: Ok, ping is off now.

Link to post
Share on other sites
  • 0
The Dark Knight

Little confused with your last set of instructions. Ran command on server 2012. Showed a big list. PM sent.

Link to post
Share on other sites
  • 0
+BudMan

well yeah it would show a LONG list, every port its listening on - just wanted to verify it was listening on standard remote desktop port... See my last post, I hit your openvpn interface

If you send me creds can test for you.

Link to post
Share on other sites
  • 0
The Dark Knight

Oh ok.

 

Sure, sent via PM.

 

I also was able to connect and download the Connect client!! :D

Link to post
Share on other sites
  • 0
The Dark Knight

CONNECTED SUCCESSFULLY!!!! :D

 

Thanks a LOT BudMan for all your help!!  :)  (Y)

Link to post
Share on other sites
  • 0
+BudMan

NO dude its not working yet! I was just on your admin page, and sure you can get to the admin page

But want to point out some things

post-14624-0-70998700-1373810525.png

Your UDP is different that default, which is fine - but per what you sent me you were forwarding you are not forwarding that port.

Also you don't want your admin running on the same port as your service. So for example my admin runs on 943 and clients connect to 443 and 1194

Also yours running old version, I am on 1.8.4 yours is 1.6.1??

edit: Hmm shows your connected, but your test failed

5.5.8.2 708.81KB 6.20MB Sun Jul 14 19:30:06 2013

And did you set that vpn address.. Why would you have used 5.x.x.x ??

Link to post
Share on other sites
  • 0
The Dark Knight

Oh ok, but I am able to access the Admin panel just fine! Also connected successfully from the other internet plan.

 

Weird, the test feature STILL shows failures! :(

 

Ok, will change the Admin access details.

 

Yeah, it is 1.6.1. The download page for the appliance said there are some issues with providing the latest version out of the box. Any other way to update it?

 

5.5 range was the default, I didn't put that in.

Link to post
Share on other sites
  • 0
+BudMan

So why are you running 1.6.1, I just looked and 1.8.5 is what I show for vmware player current version.

edit: That was easy

Active Configuration

Access Server version: 1.8.5

I don't like using old versions of things ;)

Link to post
Share on other sites
  • 0
The Dark Knight

No idea. I just downloaded it and set it up, had 1.6.1 right from the start.

 

Edit: This is what is on their page....

 

Upgrading the Access Server Software on an AS to Version 1.8.5

The current virtual appliance is version 1.6.1

In order to upgrade from OpenVPN Access Server 1.6.1 to 1.8.5 you will need to do the following:

1. Download the Appliance at the top of this page and configure it. 

2. WARNING: DUE TO THE NEW RELEASE OF 1.8.5 IT IS NOT POSSIBLE TO UPGRADE TO 1.8.5 YET, WE ARE WORKING ON RELEASE A NEW VIRTUAL APPLIANCE.

Link to post
Share on other sites
  • 0
The Dark Knight

So you are also using the VMWare appliance of OpenVPN? How come yours is 1.8.5 then? Any way I can update mine?

 

Haha, yeah, I also use the very latest in everything. Beta and even alpha versions where avaiable! :)

Link to post
Share on other sites
  • 0
+BudMan

Well I am running it on ubuntu, so simple wget to get the new package and then just dpkg -i to upgrade it..

5 was your default really?? That seems odd, that is a valid netblock on the internet and should not be used for a tunnel network, etc. Hamachi use to the do the same thing - which was wrong from the get go!! You don't just grab valid netblocks and use them for your own ;) Technically you can, but its bad practice and can lead to issues -- for example if there was something actually on the 5.x.x.x network you might want to actually access ;)

So your tests still failing huh?? But you connected to it via your other isp connection and its working?

Link to post
Share on other sites
  • 0
The Dark Knight

Oh ok, looks like I am stuck to 1.6.1 then until they update it. :(

Yeah, 5.5.x.x was the default. Ok, so should I change it then or I can leave it?

 

Connectivity test is successful now!! :D Only thing, Reverse DNS shows unknown for both TCP and UDP. Not a problem right?

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By News Staff
      Save 69% off a lifetime subscription to Yodata VPN
      by Steven Parker

      Today's highlighted deal comes via our Apps + Software, VPN section of the Neowin Deals store, where you can save 69% off a lifetime subscription to Yodata VPN. With 2,500+ servers around the globe, this VPN guarantees superior browsing at blazing speed & industry-leading encryption.



      In today's digital age, it's absolutely essential to protect your browsing activity by using a VPN. yodata offers a simple privacy solution for all devices with military-grade encryption on Windows, Mac, iOS, Android, Smart TV, and your router. yodata VPN operates with 99.9% uptime and gives you access to high-speed servers around the globe. yodata VPN is extremely committed to your online security.

      Servers across 50 countries for blazing speed Unlimited traffic & bandwidth Industry-leading AES-256-GCM end-to-end encryption Yodata does not monitor, track, or store what you do online Seamless server switching without any impact on connection Kill switch allows you to cut all connections to your device Works with cutting-edge VPN protocols: OpenVPN, IKEv2, & more Dedicated24/7 support Good to know
      Device per license: unlimited Updates included License deadline: redeem within 30 days of purchase For terms, specifications, and license info please click here.

      Here's the deal:
      A a lifetime subscription to Yodata VPN normally costs* $59, but it can be yours for just $17.99 for a limited time, that's a saving of $41.01 (69%) off!

      >> Get this deal, or learn more about it <<
      See all of our current VPN deals. This is a limited-time sale!
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      If this offer doesn't interest you, why not check out the following offers:



      Home Gym Giveaway | Ultimate Gaming Giveaway (feat. PlayStation 5 & Xbox Series X) Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • By EVJOHN
      Having just moved house, I noticed the wifi in my study was patchy. I therefore invested in a TP Link Powerline (TL-WPA4220) to run from my router to my study.
       
      It works perfectly on all my personal devices (Windows, Apple, Android etc) with them all getting the full wifi speeds promised by my ISP (Vodafone), both over wifi and ethernet. 
       
      The main reason I installed this, however, was for a fast reliable connection to my work computer. But whether via wifi or ethernet I'm getting much slower speeds on my work laptop than my personal devices connected to the same powerline - even slower than before I installed it when I was working at the far edge of my router's range. I'll be getting 70mbps download and 25mbps upload speeds on my personal devices and 2mbps download and 5mbps upload on my work computer.
       
      I called my work IT, they suggested my ISP was throttling my use (when testing the connection on my work laptop we found that when I connected to my ISPs network / server the speed was as expected, but any other server was very slugglish, which led them to think this).
       
      I contacted by ISP who insist they're not throttling my use and it must be something to do with my employer's IT policy. They did give me a static IP address suggesting this might help (but it hasn't).
       
      Any ideas why this might be happening?My main suspicoion is that it's something to do with the VPN on my work laptop (zscaler), although when I tried installing a VPN on my own persional laptop it had no effect on speeds. How could my laptop / VPN even recognise that my internet is coming from a different source? Are there any known issues with powerlines accessing secure VPN networks?
       
      I'm being bounced around to different people none of whom have a clue, so any advice would be gratefully received!
    • By News Staff
      Save 76% off a 1-year subscription to VyprVPN (+3 free months!)
      by Steven Parker

      Today's highlighted deal comes via our Apps + Software section of the Neowin Deals store, where for only a limited time, you can save 76% off a 1-year subscription to VyprVPN. Personal, no-log VPN with advanced WireGuard® protocol for internet privacy, security, and freedom.



      VyprVPN is a fast, no-log personal VPN that encrypts your Internet connection to provide online privacy and security. VyprVPN allows you to enjoy a completely private online experience, whether you’re browsing, streaming or sharing files. It allows you to bypass censorship or geographically imposed blocks to access a free and open internet from any location around the world. Using WireGuard, the most advanced VPN protocol, it increases connection speeds dramatically. VyprVPN is a no-log VPN provider, as certified by an independent audit. Unlike most VPN providers, VyprVPN operates without any third parties. VyprVPN writes 100% of the software, manages the network and owns the hardware for total user privacy.

      Hide your IP address & secure your internet connection, including unsecured Wi-Fi Protect your online activity & data from third parties, hackers and snoops, and ISPs Bypass restrictions including geo-blocks & governmental censorship Secure your connection while P2P file sharing Quickly connect to 300,000+ dynamic IP addresses No-log VPN verified through an independent audit with results publicly posted All servers & hardware company-owned with no third parties WireGuard® for cutting-edge encryption & ultra-fast speeds Automatic Kill Switch keeps your data protected even if VPN disconnects NAT firewall for an added layer of security Company incorporated in Switzerland with favorable privacy laws Innovative Chameleon™ protocol to defeat censorship & VPN blocking VyprDNS, an exclusive encrypted DNS with no third parties 24x7x365 VPN service support & live chat Good to know:
      Length of access: 15 months (users will get additional 3 months free) This plan is only available to new users Redemption deadline: redeem your code within 30 days of purchase For terms, specifications, and license info please click here.

      Here's the deal:
      A 1-year subscription to VyprVPN normally costs $194, but it can be yours for just $44.99, a saving of $149.01 (76%) off!

      There's also a discounted 2-year subscription offer for an additional $15.

      >> Get this deal, or learn more about it <<
      See all of our current Apps + Software and VPN deals. This is a time limited deal.
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      That's OK, there are other deals on offer you can check out here, but be aware that these are all time-limited offers. If you are uncomfortable sharing your details with a third-party sponsor, we understand. Check out the Neowin Store for our preferred partners.



      The Win Your Dream 2020 Tesla Model 3 Giveaway Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off +3 months for free! Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • By News Staff
      Save 60% off the Premium Privacy Bundle Ft. ZenMate VPN & StartMail
      by Steven Parker

      Today's highlighted deal comes via our Apps + Software section of the Neowin Deals store, where you can save 60% off the Premium Privacy Bundle Ft. ZenMate VPN & StartMail. Stay protected online and access the content you love with this Award-Winning security solution.



      ZenMate VPN: 1-Yr Subscription
      ZenMate is one of the fastest-growing, top-rated VPNs for good reason. Used by over 41 million users, ZenMate lets you access the web securely, anonymously, and without restriction. It employs top-level encryption to keep your passwords and banking information safe, letting you browse the web securely on any public or private Wi-Fi connection. Plus, ZenMate hides your IP address and encrypts your traffic, so no entity—even the government or your ISP—can track what websites you visit. Download the browser extension today, and you can even easily switch between proxy locations to access any content you want, wherever you want. You'll say goodbye to location-based content restrictions, and finally forge your own private path online.

      Encrypts your browser traffic to safeguard your data Includes a browser extension to easily switch locations Protects you & your data while using public Wi-Fi hotspots (or at home!) Unblocks restricted sites like streaming services, news publications & social media Unblocks restricted YouTube videos Hides your IP by changing your location Secures all your devices with desktop clients & mobile apps Includes your choice of 30 countries: Germany, Romania, Hong Kong, United States, France, United Kingdom, Switzerland, Canada, Singapore, Netherlands & Spain Delivers turbo-speed Internet connections Blocks malicious sites

      StartMail Private Email Service: 1-Yr Subscription
      StartMail is a total solution for protecting your email privacy that includes features like extra-secure data storage, unlimited alias email addresses, and an ownership that will resist unwarranted intrusion. It has easy‐to‐use 'one‐click' encryption, and a very clear privacy policy. Using state-of-the-art technical and organizational security, StartMail effectively protects your personal data. It's ad-free too! Never worry about your data being collected for advertisements or tracking purposes. StartMail is based in The Netherlands and complies with the EU GDPR, the strictest privacy laws in the world.

      Never reads your email Create unlimited aliases on the fly Use it with your favorite email programs, like Outlook, Thunderbird, & Apple Mail Complies with EU GDPR privacy laws 10GB storage; more space than you will ever need to store all of your sensitive communications No software to download & no installation needed Best in class, dedicated 24/7 support team Good to know:
      Length of access: 1 year This plan is only available to new users Redemption deadline: redeem your code within 30 days of purchase For terms, specifications, and license info please click here.

      Here's the deal:
      This Premium Privacy Bundle Ft. ZenMate VPN & StartMail normally costs $119, but it can be yours for just $44.99, a saving of $75.01 (60%) off!

      >> Get this deal, or learn more about it <<
      See all of our current Apps + Software and VPN deals. This is a time limited deal.
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      If this offer doesn't interest you, why not check out the following offers:



      The Win Your Dream 2020 Tesla Model 3 Giveaway Ivacy VPN - 5 year subscription for just $0.99 per month NordVPN - 2 year subscription at up to 68% off +3 months for free! Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • By News Staff
      Save 94% off this Internet Privacy & Security lifetime subscription bundle
      by Steven Parker

      Today's highlighted deal comes from our Apps & Software section of the Neowin Deals store, where you can save 94% off this Internet Privacy & Security Lifetime Subscription Bundle. Stay private online and keep your passwords organized and protected with these highly reviewed, top of the line apps.



      This bundle consists of the following items:

      Ivacy VPN: Lifetime Subscription
      Give Yourself Complete Online Protection Without Slowing Your Browsing Down Password Boss Premium: Lifetime Subscription
      Total Organization, Total Security: One Master Password to Rule Them All ThunderDrive Personal Plan: Lifetime Subscription
      Safely & Easily Manage Your Files with a Cloud Service That's 6x Faster Than Amazon Storage AdGuard: Lifetime Subscription
      Get Rid of Annoying, Intrusive Ads and Protect Your Device from Malware with This Advanced Ad Blocking App Timelinr Personal Plan: Lifetime Subscription
      Rapid Road Maps & Smart Timelines Make for the Ultimate Collaboration Tool Good to know
      Length of access: lifetime Updates included Redemption deadline: redeem your code within 30 days of purchase For specifications per item and license info please click here.

      What's the benefit?
      This Internet Privacy & Security Lifetime Subscription Bundle normally costs $1,738, but it can be yours for just $89 for a limited time, that's a saving of $1,649 (94%) off for you!

      >> Get this deal, or learn more about it here <<
      See all of our current Apps & Software and VPN deals This is a time-limited deal.
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      That's OK, there are other deals on offer you can check out here, but be aware that these are all time-limited offers. If you are uncomfortable sharing your details with a third-party sponsor, we understand. Check out the Neowin Store for our preferred partners.



      The Win Your Dream 2020 Tesla Model 3 Giveaway Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2-year plan 68% off +3 months for free (total of 27 months) Private Internet Access VPN - 3 year plan at 86% off ($2.19/month) Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.