only 1 LAN client can connect to vpn server

[ki7rw4]

This is weird, one of my client machines on the LAN can connect to the vpn server (openvpn) using the server's LAN address (19#.###.###.1) while all other clients have to use my domain name ("whatever.com") to connect. All clients have a unique CN and are currently LAN attached for testing OpenVPN. I'm currently using the Ubuntu Linux 14.04 (64 bit) Network Connection manager for setting up the VPN connections. I tried launching openvpn on the CLI using /etc/openvpn/client.conf on each machine with the same results. I'm using the Ubuntu openvpn package version 2.3.2 on all clients. All my clients are Ubuntu Linux 14.04 except for my Samsung Galaxy S4 which is running Lollipop and OpenVPN Connect. I have to use the domain name on the Samsung GS4 to get it to connect to the vpn server, also. Why can't all my LAN attached clients connect to the vpn server address - not just one?

[Traffic]

Are you trying to use (something like):

Code: Select all

remote 192.168.1.1

in your client config ?

[ki7rw4]

No.

remote 192.168.1.1 1194

[Traffic]

The machines that can not connect to your server using:

Code: Select all

client
remote 192.168.1.1 1194
{other options below .. }

are not connected to 192.168.1.0/24 LAN ..
Have you accidentally connected to your neighbours' wifi ?

[ki7rw4]

Not unless they're using the same SSID that I'm using. Besides, some of my clients are wired - not wireless. I'm using wired clients for testing only. Anyway, I turned off my router WAP and ran a wifi scan (iwlist wlan0 scan) and there wasn't any AP's out there with my SSID. And, I'm using static IP's on my LAN that aren't the default (i.e. my subnet isn't 192.168.1.0/24).

[Traffic]

Are you trying to use (something like):
Code:
remote 192.168.1.1
in your client config ?

No.

remote 192.168.1.1 1194

excuse me ?

Port 1194 is the default, it does not need to be specified
ie: both commands are the same ..

I'm using static IP's on my LAN that aren't the default (i.e. my subnet isn't 192.168.1.0/24).

what is your clients LAN IP ?

You do understand CIDR notation ?

[ki7rw4]

The 1194 is what the docs said to put in client.conf.

As far as my understanding of network notation, 192.168.1.0/24 represents addresses from 192.168.1.1 to 192.168.1.255. (the same as specifying a 255.255.255.0 mask)

As for my LAN addressing, why do you need that? It doesn't conflict with any other private nets that I've encountered in my travels. Anyway, I mentioned it as a possible reason why I'm not connected to my neighbors network.

In server.conf, the format of my VPN addressing is 192.###.###.### 255.255.255.0. The VPN address pool is different than my physical addressing.

[Traffic]

As for my LAN addressing, why do you need that?

My intuition tells me that you are using two (possibly three) different networks and doing so incorrectly. The reason I am listening to my intuition is because I have no other details to work with ...

For your information:

• What ever your private LAN IPs are, they are of no interest to me other than to help you solve your openvpn problem. Also, they are probably protected behind your ISP provided network router. Even if they are not very well protected, if they conform to RFC1918 standard, they cannot [edit: ought not] be routed over the internet.

I leave it to you to decide what details you are prepared to share .. perhaps you should read some other posts on this forum to see what other people share.

Pro tip:

• Use google to search using googles' own site feature .. eg:
  
  • | site:forums.openvpn.net "TLS Handshake failed" |

[ki7rw4]

As for my LAN addressing, why do you need that?

My intuition tells me that you are using two (possibly three) different networks and doing so incorrectly. The reason I am listening to my intuition is because I have no other details to work with ...

I'm probably doing something wrong. That's why I'm in this forum to find out what's wrong. The interesting thing is that I can use my DN to connect to the vpn server even though I'm connected to the LAN - not WAN. When I do that, I get a solid connection with a proper address from the vpn pool of IP's. My guess is that the router is looping me back into my network. Anyway, on the LAN side, I'm using a different set of IP's for the physical addressing and a different set of IP's for the virtual addresses. i.e. the physical addresses are in the 192.168.1.0/24 subnet while the virtual addresses are in the 192.168.2.0/24 subnet. I suppose there's a way to set up the addressing so that I'm assigning addresses from the same pool for both physical and virtual interfaces?