• 0

Home VPN using OpenVPN AS connectivity issues....HELP!


Go to solution Solved by BudMan,

Question

The Dark Knight

Hi guys

 

I want to be able to use my home internet connection while on the move for browsing as well as file access. I have downloaded and installed the VMWare appliance version of OpenVPN AS. Running it in VMWare Player on Windows Server 2012. I have created an account on DynDNS and got myself a domain to use with the VPN. Have also opened the required TCP and UDP ports on the built-in Windows Firewall and on my router.

 

However no matter what options I try, the client connectivity test ALWAYS fails! Really stuck here, don't know what to do!

Link to post
Share on other sites

Recommended Posts

  • 0
+BudMan

And where are you testing from??

And vmplayer - what connection does your vm have to your physical network? Bridge or are you natting, I do believe nat is the default, which would be problematic in getting to work.

Link to post
Share on other sites
  • 0
The Dark Knight

Testing from within the OpenVPN Admin panel. VMWare Player set to Bridge mode.

Link to post
Share on other sites
  • 0
+BudMan

So your on the same network as your server.. Hitting your pubic IP (dns name) that is on the outside of your router just to be forwarded back inside?

This is called loopback forwarding or Nat reflection and is rarely a good test.. And quite often not even supported by most soho routers.

You need to test from OUTSIDE your network!!!

So your running this test?

post-14624-0-76681900-1373806933.png

Link to post
Share on other sites
  • 0
The Dark Knight

Ok, how do I do that? I have 2 internet connections at home from separate ISP's. So just tried pinging the public IP of the connection which has the server, request timed out.

 

Edit: Yup, that's the test I've been trying.

Link to post
Share on other sites
  • 0
+BudMan

Well ping is not same as the port forwards you created -- did you enable ping?? Again many routers default to this being off.

See my edit - this is the test your trying, and what does it show for your ip, your public your internal?

What ports are you running on? You sure your not behind a double nat already, ports are not blocked by your ISP? See the above test - this is what your running right? I edited my last post.

If you PM me your IP I would be happy to see if the ports are showing open or not, and ping, etc..

Link to post
Share on other sites
  • 0
The Dark Knight

Ok, where do I check whether ping is enabled or not? I have a Linksys WRT54G router running a fork of DD-WRT called Tomato if that helps.

 

Yeah, That's the test I've been trying with.

 

Using default ports, TCP 443 and UDP 1194. How do I check whether I have a double NAT ro not?

 

Sure, sent PM with IP.

Link to post
Share on other sites
  • 0
+BudMan

So on your tomato what does it show for your WAN/INTERNET IP - if its private 10.x.x.x, 192.168.x.x or 172.16-31.x.x then your behind a NAT.

Here is where you enable ping in tomato

post-14624-0-77706800-1373807488.png

Link to post
Share on other sites
  • 0
The Dark Knight

Just checked, showing public IP. Enabled ICMP ping option also, able to ping now from the other ISP.

Link to post
Share on other sites
  • 0
+BudMan

ok I show this

Ok let me try again with your ping -- but I show this

Nmap scan report for 27.snipped

Host is up.

All 1000 scanned ports on 27.snipped are filtered

Nmap done: 1 IP address (1 host up) scanned in 201.51 seconds

budman@ubuntu:~$

edit:

So I show you pinging now - but 443 is not open! Nor do I show any other ports open! Your forward is not right is what I would guess, or your ISP blocks the ports.

budman@ubuntu:~$ ping 27.snipped

PING 27.snipped (27.snipped) 56(84) bytes of data.

64 bytes from 27.snipped: icmp_req=1 ttl=43 time=284 ms

64 bytes from 27.snipped: icmp_req=2 ttl=43 time=285 ms

Link to post
Share on other sites
  • 0
The Dark Knight

Ok, what does that mean, my ISP is blocking/filtering everything?

Link to post
Share on other sites
  • 0
The Dark Knight

Ok, this is how I have opened the ports, is it correct? Have also opened in Windows Firewall on the server.

 

post-58111-0-42209800-1373808310.jpg

Link to post
Share on other sites
  • 0
+BudMan

You can not forward a port to more than 1 address - you have .100 and .110 there

So your saying web gui at 42893 should be open and RD is what? Let me scan for those ports.. They are WAY high up and would not have tested for those most likely in default scan.

I don't show them up either

Host is up.

PORT STATE SERVICE

42893/tcp filtered unknown

PORT STATE SERVICE

41962/tcp filtered unknown

edit:

Hey turn off ping -- I want to verify it was not working before, etc. My ping probe did not work, but when I just pinged your address I get a reply - but turn if off and my pings should stop.

Also - you don't have any other routers behind what you sent in your PM showing your wan IP.. You don't have any other devices between your tomato box and your devices running vms.. lets do a real simple test.. On your workstation do a netstat -an, so for example

see how I am listening to 3389, remote desktop

C:\Windows\System32>netstat -an

Active Connections

Proto Local Address Foreign Address State

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING

TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING

Forward that on you router - and make sure you turn off your windows firewall and I will check for that.. If we can not get that to show good, then we got something else blocking us or wrong.

Don't leave it on long - just for test, PM post in thread when you have it forwarded and will do quick test.

edit: ok looks like your ping stopped.. You can turn it back on.

Link to post
Share on other sites
  • 0
The Dark Knight

Those are old ones, I don't even use it any more. WebUI was a config panel for something, uTorrent I think. RD is Remote Desktop. I opened those years ago and actually forgot about them.

 

Oh ok, didn't know it has to be for one address only. So which one do I choose here? 100 is Server 2012, and 110 is OpenVPN.


I deleted that WebUI port a few minutes back as I realised I wasn't using it any more. Added back again. If you don't mind, can you check that port once more?

 

Edit: Ok, ping is off now.

Link to post
Share on other sites
  • 0
+BudMan

hey!!!

Host is up (0.29s latency).

PORT STATE SERVICE

443/tcp open https

why would you forward 443 to your server, you need to forward it to the IP of your VM running openvpn

edit: Looks like your up now

post-14624-0-03613900-1373809584.png

Link to post
Share on other sites
  • 0
The Dark Knight

Little confused with your last set of instructions. Ran command on server 2012. Showed a big list. PM sent.

Link to post
Share on other sites
  • 0
+BudMan

well yeah it would show a LONG list, every port its listening on - just wanted to verify it was listening on standard remote desktop port... See my last post, I hit your openvpn interface

If you send me creds can test for you.

Link to post
Share on other sites
  • 0
The Dark Knight

Oh ok.

 

Sure, sent via PM.

 

I also was able to connect and download the Connect client!! :D

Link to post
Share on other sites
  • 0
The Dark Knight

CONNECTED SUCCESSFULLY!!!! :D

 

Thanks a LOT BudMan for all your help!!  :)  (Y)

Link to post
Share on other sites
  • 0
+BudMan

NO dude its not working yet! I was just on your admin page, and sure you can get to the admin page

But want to point out some things

post-14624-0-70998700-1373810525.png

Your UDP is different that default, which is fine - but per what you sent me you were forwarding you are not forwarding that port.

Also you don't want your admin running on the same port as your service. So for example my admin runs on 943 and clients connect to 443 and 1194

Also yours running old version, I am on 1.8.4 yours is 1.6.1??

edit: Hmm shows your connected, but your test failed

5.5.8.2 708.81KB 6.20MB Sun Jul 14 19:30:06 2013

And did you set that vpn address.. Why would you have used 5.x.x.x ??

Link to post
Share on other sites
  • 0
The Dark Knight

Oh ok, but I am able to access the Admin panel just fine! Also connected successfully from the other internet plan.

 

Weird, the test feature STILL shows failures! :(

 

Ok, will change the Admin access details.

 

Yeah, it is 1.6.1. The download page for the appliance said there are some issues with providing the latest version out of the box. Any other way to update it?

 

5.5 range was the default, I didn't put that in.

Link to post
Share on other sites
  • 0
+BudMan

So why are you running 1.6.1, I just looked and 1.8.5 is what I show for vmware player current version.

edit: That was easy

Active Configuration

Access Server version: 1.8.5

I don't like using old versions of things ;)

Link to post
Share on other sites
  • 0
The Dark Knight

No idea. I just downloaded it and set it up, had 1.6.1 right from the start.

 

Edit: This is what is on their page....

 

Upgrading the Access Server Software on an AS to Version 1.8.5

The current virtual appliance is version 1.6.1

In order to upgrade from OpenVPN Access Server 1.6.1 to 1.8.5 you will need to do the following:

1. Download the Appliance at the top of this page and configure it. 

2. WARNING: DUE TO THE NEW RELEASE OF 1.8.5 IT IS NOT POSSIBLE TO UPGRADE TO 1.8.5 YET, WE ARE WORKING ON RELEASE A NEW VIRTUAL APPLIANCE.

Link to post
Share on other sites
  • 0
The Dark Knight

So you are also using the VMWare appliance of OpenVPN? How come yours is 1.8.5 then? Any way I can update mine?

 

Haha, yeah, I also use the very latest in everything. Beta and even alpha versions where avaiable! :)

Link to post
Share on other sites
  • 0
+BudMan

Well I am running it on ubuntu, so simple wget to get the new package and then just dpkg -i to upgrade it..

5 was your default really?? That seems odd, that is a valid netblock on the internet and should not be used for a tunnel network, etc. Hamachi use to the do the same thing - which was wrong from the get go!! You don't just grab valid netblocks and use them for your own ;) Technically you can, but its bad practice and can lead to issues -- for example if there was something actually on the 5.x.x.x network you might want to actually access ;)

So your tests still failing huh?? But you connected to it via your other isp connection and its working?

Link to post
Share on other sites
  • 0
The Dark Knight

Oh ok, looks like I am stuck to 1.6.1 then until they update it. :(

Yeah, 5.5.x.x was the default. Ok, so should I change it then or I can leave it?

 

Connectivity test is successful now!! :D Only thing, Reverse DNS shows unknown for both TCP and UDP. Not a problem right?

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By News Staff
      Get two lifetime subscriptions to iProVPN for only $59.99
      by Steven Parker



      Today's highlighted deal comes via our Apps + Software, VPN section of the Neowin Deals store, where you can save 95% off two lifetime subscriptions to iProVPN. Split tunneling, kill switch, ad blocker and more — enjoy the highest-level symmetric encryption for secure online communication.

      If you want to protect your personal data and internet activity from getting exposed online, iProVPN is what you need. iProVPN has several privacy and security features that ensure protected usage of the internet such as the following: AES 256-bit encryption, unlimited bandwidth, split tunneling, Simultaneous connections, internet kill switch, an AdBlocker. iProVPN matters as it accesses blocked websites, bypasses government censorship and geo-restrictions, prevent IP/DNS leaks, block malicious domains and ads, and lets you stay anonymous with zero-logs. With iProVPN, you can switch between servers instantly, download P2P-friendly servers, and set-up in a router and use VPN on any device. This VPN is used in 20+ counties and 250+ servers and can be connected to up to 10 devices.

      AES 256-bit Encryption. Scrambles data to prevent third-party intervention Unlimited Bandwidth. Download or stream movies in the highest quality without worrying about hitting data limit Split Tunneling. Continue accessing native content while only selecting traffic passes through the VPN server Simultaneous Connections. Connect up to 10 devices & enjoy VPN protection Internet Kill Switch. Stops activities from leaking if the VPN connection is disrupted AdBlocker. Block unwanted ads that are intrusive to your web browsing experience Bypass Restrictions. Access US Netflix, Amazon Prime, Disney+, Hulu, BBC iPlayer, Hot Star & more A dual lifetime subscription to iProVPN normally costs $1,200, but this can be yours for just $59.99 for a limited time, that's a saving of $1,140.01off! For terms, specifications, and license info please click the link below.

      Get two lifetime subscriptions to iProVPN for just $59.99
      Not for you?
      That's OK, there are other free eBooks on offer you can check out here.



      Enter giveaways: Polycade Home Arcade | $5K in cash | $10K in Crypto Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: A valid email address is required to fulfill your request. Complete and verifiable information is required in order to receive this offer. By submitting a request, your information is subject to TradePub.com's Privacy Policy.


    • By News Staff
      Get two years of Private Internet Access VPN for only $69.95
      by Steven Parker

      Today's highlighted deal comes via our Apps + Software section of the Neowin Deals store, where you can save 72% off a two-year plan to Private Internet Access VPN. Named one of the best VPN services of 2021! Say goodbye to internet censorship and enjoy instant online privacy with unlimited bandwidth



      Private Internet Access allows you to browse privately, secure your data, and access restricted content from anywhere in the world. With over a decade of expertise in the Virtual Private Network industry, Private Internet Access is one of the best-reviewed and highest-rated VPN services in existence. Private Internet Access employs a strict no-logs policy that has pioneered true privacy and anonymity online, paired with the world’s largest global server network so you never have to trade speed for security. Enjoy all the advantages of using the world’s leading no-logs VPN — security, privacy, and freedom — at the most affordable prices. And, with one subscription that allows you to connect 10 devices simultaneously, it’s no mystery why Private Internet Access has won awards from the likes of PCMag, Lifehacker, and Tom’s Guide.

      Bypass censored & geographically blocked websites, apps and services Protect your identity by masking your location & IP address Strict no-logs policy so you’re totally anonymous all the time Trusted open-source VPN protocols for full transparency 10+ years of expertise as the world’s leading VPN 24/7 live customer support 35,000+ servers around the world for the fastest possible speeds. Check list of servers here One subscription covers 10 devices simultaneously with unlimited bandwidth Block ads, trackers & malware with the new MACE feature Simple, intuitive, & robust user experience via the new VPN client Good to know
      Length of access: 2 years This plan is only available to new users Redemption deadline: redeem your code within 30 days of purchase Device per license: 10 Updates included For full terms and license info please click here.

      Here's the deal
      A two-year plan to Private Internet Access VPN normally costs $258, but you can bag this deal for only $69.95, that's a saving of $188.05 (or 72%) off the full price.

      Get this deal, or learn more about it here
      See all of our current Apps + Software. This is a time-limited deal.
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      That's OK, there are other deals on offer you can check out here.



      Enter giveaways: Polycade Home Arcade | $5K in cash | $10K in Crypto Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • By News Staff
      Save 92% off 5 lifetime subscriptions to KeepSolid VPN Unlimited
      by Steven Parker

      Today's highlighted deal comes from our Apps & Software section of the Neowin Deals store, where you can save 92% off 5 lifetime subscriptions to KeepSolid VPN Unlimited. Grab one for yourself and four lifetime VPN accounts to share with your family and friends! Experience the bliss of online freedom and security.



      Whether you're using a private internet connection or public Wi-Fi, your online privacy and security are far from guaranteed. With top-rated solution VPN Unlimited, you can regain control over your digital life with full security and anonymity online. There are no speed or bandwidth limits, so you'll still enjoy full browsing speeds, without the dangers of leaving your data exposed or the geographic restrictions set on websites abroad.

      More than 10 million customers globally have entrusted their online protection to KeepSolid VPN Unlimited, and the reviews speak for themselves. Add it to your cybersecurity toolkit, and enjoy a massive selection of servers worldwide, a rich variety of VPN protocols, and much more to keep hackers out of your sensitive data!

      Reliably protect your data on any public WiFi Surf with no speed or bandwidth limits Access 500+ VPN servers with 80+ locations globally, including the USA, the UK, Canada, Australia & Hong Kong. Check the list here Surf on a variety of VPN protocols, like IKEv2, OpenVPN, L2TP/IPSec & KeepSolid Wise Access servers for US Netflix, BBC iPlayer, Hulu, ESPN+ & HBO Now Enjoy a better browsing experience with handy features, like Trusted Networks, Ping Tests & Favorite Servers Easily configure your VPN connection on your router Convenient management of connected devices Includes torrent (P2P) servers Includes kill switch on iOS, macOS, Android, and Windows platforms Military-grade AES 256-bit encryption Zero log policy Proprietary apps for all platforms Unlimited traffic and connection speed 24/7 customer support Good to know
      Length of access: lifetime Codes cannot be stacked to give access to 15 devices and must be used for FIVE individual accounts. This would be great for gifting (buy one for you, and one to another user) Each account user must have their own individual email address to redeem. One email address cannot redeem all 5 accounts Updates included License deadline: redeem within 30 days of purchase For terms, specifications, and license info please click here.

      Here's the deal:
      Lifetime subscriptions to five KeepSolid VPN Unlimited plans normally cost $995, but they can be yours for just $79 for a limited time, that's a saving of $916 (92%) off!

      Learn more, or get this deal now
      See all of our current VPN deals. This is a limited-time sale!
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      That's OK, there are other deals on offer you can check out here.



      Enter giveaways: Polycade Home Arcade | $5K in cash | $10K in Crypto Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • By Steven P.
      NordVPN extends Easter Special with a month or year gifted on top of a two-year plan
      by Steven Parker

      Until Thursday, April 15, you can still claim a gift along with a two-year plan to NordVPN in the Easter Special that was scheduled to end today.



      NordVPN is extending itstheir Easter Special Sale by a few days so that when you select a two year deal with the link below, you will be invited to choose a gift that will add either one month, or one year free added on top of the 24 months.

      Don’t fall victim to Internet hackers while using public Wi-Fi, protect your data and browse anonymously with NordVPN. Say goodbye to Internet browsing restrictions, and hello to private unrestricted access.

      All data sent through NordVPN’s private tunnels is double encrypted (double data SSL-based 2048-bit encryption), keeping you anonymous and hiding your information Secures any Internet connection: public Wi-Fi hotspots, cellular networks & more Bypass content restrictions and stay anonymous Strict no-log policy: your activity is not recorded anywhere 5400 NordVPN server locations in 59 different countries for online access anywhere High-speed connections for streaming video and content access Easy to use and set up; custom versions for each specific device Automatic kill switch as soon as the VPN connection drops, so no data is revealed All DNS queries stay secure and protected Secret notes that auto-destroy & encrypted chat function Connect two devices simultaneously P2P allowed No limit on data Web proxy extension for Google Chrome and Firefox Get a two-year subscription at $3.71/mo (€2.97/£2.74) 68% discount (89.04 USD total)

      Users will have to check their email or log in to their account to find out how much extra they have snatched onto their two-year plan. Please note, this offer ends on April 15.

    • By News Staff
      Save $1,000 off on a 10-Year Plan to VPN.asia
      by Steven Parker

      Today's highlighted deal comes from our Apps & Software section of the Neowin Deals store, where you can save 92% off 10-Year Plan to VPN.asia. The fastest-growing VPN in Asia giving you unrestricted online access worldwide, military-grade security and wide device compatibility.



      With a single click, you can protect yourself and free yourself while surfing the web. VPN.asia creates a tunnel that is completely secure running from your computer and every website or application that enables you to remain anonymous so you can appear to be anywhere you want. Using high-strength 256-bit encryption, VPN.asia protects your data from those trying to steal your information. You can use Wi-Fi hotspots to surf the web and not be worried about being monitored or tracked. VPN.asia does its job in the background, meaning it won't slow down your internet speed. A single VPN.asia subscription comes with easy-to-use apps for every device you own.

      Unrestricted. Defeats content restrictions & censorship on sites worldwide Anonymous. Effectively hides your location & your IP Encrypted. 256-bit encryption protects your data from those trying to steal your information Fast, simple, unlimited. No need to worry about the software slowing your internet down All devices. Easy-to-use apps for Mac, Windows, iPhone, Android, Android TV, Amazon Firestick, routers, & so much more Good to know
      Length of access: 10 years This plan is only available to new users Redemption deadline: redeem your code within 30 days of purchase Device per license: 10 Access options: desktop & mobile Software version: 2.4.0 Updates included For terms, specifications, and license info please click here.

      Here's the deal:
      A 10-Year Plan to VPN.asia normally costs $1,080, but it can be yours for just $79.99 for a limited time, that's a saving of $1,000.01 (80%) off!

      Learn more, or get this deal now
      See all of our current VPN deals. This is a limited-time sale!
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      That's OK, there are other free eBooks on offer you can check out here.



      Giveaways: Home Arcade Polycade | Complete Home Gym | $10K in Crypto currency Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: A valid email address is required to fulfill your request. Complete and verifiable information is required in order to receive this offer. By submitting a request, your information is subject to TradePub.com's Privacy Policy.