Open VPN Server on Ubuntu 11.0 Cannot Connect from External
-
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Apr 12, 2012 2:43 pm
Open VPN Server on Ubuntu 11.0 Cannot Connect from External
Hello
I have installed Open Vpn on Ubuntu 11.0 and it is up and working fine, I count connect to the vpn server from my internal network (i.e) 192.168.1.3 to 192.168.1.252:1194, it works perfectly fine bu t when I use a static Internet IP say e.g 34.56.82.56 it says tls negotiation failed and retries. My configurations are as follows:
1. Server.conf
local 192.168.1.252
server 192.168.66.0 255.255.255.0
;up "/etc/openvpn/up.sh br0"
;down "/etc/openvpn/down.sh br0"
;up "/etc/openvpn/firewall.sh"
;tls-server
;proto tcp
proto udp
port 1194
dev tap0
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
;server-bridge 192.168.1.252 255.255.255.0 192.168.1.65 192.168.1.200
push "route 192.168.1.254 255.255.255.0"
ifconfig-pool-persist ipp.txt
;tls-auth toys.key 0 # This file is secret
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
user nobody
group nogroup
log openvpn.log
log-append openvpn.log.append
2. Client.conf
client
dev tap
#dev tun
#dev-node MyTap
proto udp
;proto tcp
remote 37.107.27.68 1194
;remote 192.168.1.252 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert mohammed.crt
key mohammed.key
comp-lzo
verb 3
mute 20
FIREWALL.SH
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
My router is Thomson TG585 v8 it has a game an application sharing port open to my loacl server 192.168.1.252 for port 1194
I persume that all my configurations are correct but still this doesn't work.
more over I have bricked a WRT54GL by installing tomatoe and openvpn for some reason it doestnot work.
kindly advice help with this problem of mine
Wizzy
I have installed Open Vpn on Ubuntu 11.0 and it is up and working fine, I count connect to the vpn server from my internal network (i.e) 192.168.1.3 to 192.168.1.252:1194, it works perfectly fine bu t when I use a static Internet IP say e.g 34.56.82.56 it says tls negotiation failed and retries. My configurations are as follows:
1. Server.conf
local 192.168.1.252
server 192.168.66.0 255.255.255.0
;up "/etc/openvpn/up.sh br0"
;down "/etc/openvpn/down.sh br0"
;up "/etc/openvpn/firewall.sh"
;tls-server
;proto tcp
proto udp
port 1194
dev tap0
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
;server-bridge 192.168.1.252 255.255.255.0 192.168.1.65 192.168.1.200
push "route 192.168.1.254 255.255.255.0"
ifconfig-pool-persist ipp.txt
;tls-auth toys.key 0 # This file is secret
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
user nobody
group nogroup
log openvpn.log
log-append openvpn.log.append
2. Client.conf
client
dev tap
#dev tun
#dev-node MyTap
proto udp
;proto tcp
remote 37.107.27.68 1194
;remote 192.168.1.252 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert mohammed.crt
key mohammed.key
comp-lzo
verb 3
mute 20
FIREWALL.SH
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
My router is Thomson TG585 v8 it has a game an application sharing port open to my loacl server 192.168.1.252 for port 1194
I persume that all my configurations are correct but still this doesn't work.
more over I have bricked a WRT54GL by installing tomatoe and openvpn for some reason it doestnot work.
kindly advice help with this problem of mine
Wizzy
-
- OpenVPN User
- Posts: 34
- Joined: Thu Apr 12, 2012 12:12 pm
Re: Open VPN Server on Ubuntu 11.0 Cannot Connect from Exter
Did you verify that you've port-forwarded 1194 UDP to your server on your router ? by default that thompson is on TCP.
Regards,
Frank
Regards,
Frank
Kind regards,
Frank Uittenbosch
Frank Uittenbosch
-
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Apr 12, 2012 2:43 pm
Re: Open VPN Server on Ubuntu 11.0 Cannot Connect from Exter
I have opend my port on thomson as bellow
TCP 1194
UDP 1194
Home > Toolbox > Game & Application Sharing > OpenVpn Overview
Game & Application Sharing
OpenVpn
Game or Application Definition
A game or application is made of one or more TCP/UDP port ranges. Each incoming port range can be translated into a different internal (local network) port range. Port ranges can be statically assigned to devices or dynamically assigned using an outgoing trigger.
Protocol Port Range Translate To ... Trigger Protocol Trigger Port
TCP 1194 - 1194 1194 - 1194 Any 1194
UDP 1194 - 1194 1194 - 1194 Any 1194
I have assigned this port to my VPN Server Also
I have forwarded it to my vpn server also but no luck
Thank you
Wizzy
TCP 1194
UDP 1194
Home > Toolbox > Game & Application Sharing > OpenVpn Overview
Game & Application Sharing
OpenVpn
Game or Application Definition
A game or application is made of one or more TCP/UDP port ranges. Each incoming port range can be translated into a different internal (local network) port range. Port ranges can be statically assigned to devices or dynamically assigned using an outgoing trigger.
Protocol Port Range Translate To ... Trigger Protocol Trigger Port
TCP 1194 - 1194 1194 - 1194 Any 1194
UDP 1194 - 1194 1194 - 1194 Any 1194
I have assigned this port to my VPN Server Also
I have forwarded it to my vpn server also but no luck
Thank you
Wizzy
-
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Apr 12, 2012 2:43 pm
Re: Open VPN Server on Ubuntu 11.0 Cannot Connect from Exter
My client connection now says
push "route 192.168.1.254 255.255.255.0"
route not in same netmask
route dropped
advice
push "route 192.168.1.254 255.255.255.0"
route not in same netmask
route dropped
advice
-
- OpenVpn Newbie
- Posts: 14
- Joined: Sun Apr 15, 2012 6:01 pm
Re: Open VPN Server on Ubuntu 11.0 Cannot Connect from Exter
If you're able to access it from your internal network, then I'd definitely reexamine the port forwarding configuration in your router. I know that many consumer routers often have multiple ways to configure port forwarding (D-Link is one of them). I'm not famiilar with the Thompson router, but with Dlinks they have a "virtual server" section which is basically port forwarding, and then another more generic port forwarding section. Since I've had issues with the virtual server stuff, I usually just stick with generic port forwarding. You may dig around and try and find a more generic port fowarding option in the router rather than using their "game or application" interface.
Once again, I have no idea if this is possible in the Thompson router, but thought I'd mention it.
Once again, I have no idea if this is possible in the Thompson router, but thought I'd mention it.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Apr 12, 2012 2:43 pm
Re: Open VPN Server on Ubuntu 11.0 Cannot Connect from Exter
Thank you verymuch for your response
It was actually the thomson router problem, thomson routers dont port forward udp not I got it up and working fine
now after connect I have a problem my clonputers beyond the openvpn server would'nt respond to my ping commands eventhough I hve iptables set as below
My Network
access server - 192.168.1.252
sub 255.255.255.0
gateway 192.168.1.1
dns 192.168.1.1
Client Side
System 192.168.0.2
sub 255.255.255.0
gateway 192.168.0.1
dns 192.168.0.1
ip address assigned by Openvpn Server 192.168.66.1 client 192.168.66.2
I have a sql server which I have to connect to by odbc which is on address 192.168.1.45
from 192.168.0.2 i am not able to ping 192.168.1.45
my iptables are as follows
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
What do I do to ping
advice
Wizzy
It was actually the thomson router problem, thomson routers dont port forward udp not I got it up and working fine
now after connect I have a problem my clonputers beyond the openvpn server would'nt respond to my ping commands eventhough I hve iptables set as below
My Network
access server - 192.168.1.252
sub 255.255.255.0
gateway 192.168.1.1
dns 192.168.1.1
Client Side
System 192.168.0.2
sub 255.255.255.0
gateway 192.168.0.1
dns 192.168.0.1
ip address assigned by Openvpn Server 192.168.66.1 client 192.168.66.2
I have a sql server which I have to connect to by odbc which is on address 192.168.1.45
from 192.168.0.2 i am not able to ping 192.168.1.45
my iptables are as follows
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
What do I do to ping
advice
Wizzy
-
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Apr 12, 2012 2:43 pm
Re: Open VPN Server on Ubuntu 11.0 Cannot Connect from Exter
Thank you verymuch for your response
It was actually the thomson router problem, thomson routers dont port forward udp not I got it up and working fine
now after connect I have a problem my clonputers beyond the openvpn server would'nt respond to my ping commands eventhough I hve iptables set as below
My Network
access server - 192.168.1.252
sub 255.255.255.0
gateway 192.168.1.1
dns 192.168.1.1
Client Side
System 192.168.0.2
sub 255.255.255.0
gateway 192.168.0.1
dns 192.168.0.1
ip address assigned by Openvpn Server 192.168.66.1 client 192.168.66.2
I have a sql server which I have to connect to by odbc which is on address 192.168.1.45
from 192.168.0.2 i am not able to ping 192.168.1.45
my iptables are as follows
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
What do I do to ping
advice
Wizzy
It was actually the thomson router problem, thomson routers dont port forward udp not I got it up and working fine
now after connect I have a problem my clonputers beyond the openvpn server would'nt respond to my ping commands eventhough I hve iptables set as below
My Network
access server - 192.168.1.252
sub 255.255.255.0
gateway 192.168.1.1
dns 192.168.1.1
Client Side
System 192.168.0.2
sub 255.255.255.0
gateway 192.168.0.1
dns 192.168.0.1
ip address assigned by Openvpn Server 192.168.66.1 client 192.168.66.2
I have a sql server which I have to connect to by odbc which is on address 192.168.1.45
from 192.168.0.2 i am not able to ping 192.168.1.45
my iptables are as follows
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
What do I do to ping
advice
Wizzy
-
- OpenVpn Newbie
- Posts: 14
- Joined: Sun Apr 15, 2012 6:01 pm
Re: Open VPN Server on Ubuntu 11.0 Cannot Connect from Exter
My first guess is that the rest of the computers on your network are not aware of the OpenVPN subnet which you have indicated is on the 192.168.66.0/24 subnet. If you have not either configured a route to the VPN network in your default gateway for the 192.168.1.0/24 network (or something along those lines), then you are going to have a problem.
Typically if there is no route set up, then the following will occur:
1. You connect successfully to the OpenVPN network (192.168.66.0/24) from your client-side network (192.168.0.0/24) and are able to ping the server on both it's VPN IP (192.168.66.1) and remote private network IP (192.168.1.252)
2. You then attempt to ping another machine on the remote network, for example your SQL server (192.168.1.45).
3. The SQL server (192.168.1.45) receives the ICMP 'ping' request from your VPN IP (192.168.66.2) and attempts to respond.
4. Because the remote PC subnet (192.168.66.0/24) is not on the same subnet as the SQL server (192.168.1.0/24) it instead routes it to the default gateway (192.168.1.1)
5. Since the gateway doesn't have a route configured for your VPN network (192.168.66.0/24) it will then forward it on to the WAN port default gateway, which leads out to the internet. Since you obviously won't be able to locate your 192.168.66.0/24 network from the raw internet, then your ping response from the SQL server never makes it back to your VPN client.
The bottom line is, you need to configure a static route in your default gateway on the 192.168.1.0/24 network so that any packets destined for the 192.168.66.0/24 network will be routed to the Access Server IP that is accessible from the 192.168.1.0/24 network, in this case that would be 192.168.1.252. Once you do that, then any ping responses (or any other TCP/IP response) destined for your VPN subnet will correctly route to the Access Server and back to your client.
Make sense?
Typically if there is no route set up, then the following will occur:
1. You connect successfully to the OpenVPN network (192.168.66.0/24) from your client-side network (192.168.0.0/24) and are able to ping the server on both it's VPN IP (192.168.66.1) and remote private network IP (192.168.1.252)
2. You then attempt to ping another machine on the remote network, for example your SQL server (192.168.1.45).
3. The SQL server (192.168.1.45) receives the ICMP 'ping' request from your VPN IP (192.168.66.2) and attempts to respond.
4. Because the remote PC subnet (192.168.66.0/24) is not on the same subnet as the SQL server (192.168.1.0/24) it instead routes it to the default gateway (192.168.1.1)
5. Since the gateway doesn't have a route configured for your VPN network (192.168.66.0/24) it will then forward it on to the WAN port default gateway, which leads out to the internet. Since you obviously won't be able to locate your 192.168.66.0/24 network from the raw internet, then your ping response from the SQL server never makes it back to your VPN client.
The bottom line is, you need to configure a static route in your default gateway on the 192.168.1.0/24 network so that any packets destined for the 192.168.66.0/24 network will be routed to the Access Server IP that is accessible from the 192.168.1.0/24 network, in this case that would be 192.168.1.252. Once you do that, then any ping responses (or any other TCP/IP response) destined for your VPN subnet will correctly route to the Access Server and back to your client.
Make sense?
-
- OpenVPN User
- Posts: 34
- Joined: Thu Apr 12, 2012 12:12 pm
Re: Open VPN Server on Ubuntu 11.0 Cannot Connect from Exter
Did you do:
On your vpn server ? that enables forwarding of traffic on the server.
(be sure to be root when you run this)
Good luck,
Kind regards,
Frank Uittenbosch
Code: Select all
echo 1 > /proc/sys/net/ipv4/ip_forward
(be sure to be root when you run this)
Good luck,
Kind regards,
Frank Uittenbosch
Kind regards,
Frank Uittenbosch
Frank Uittenbosch
-
- OpenVpn Newbie
- Posts: 14
- Joined: Sun Apr 15, 2012 6:01 pm
Re: Open VPN Server on Ubuntu 11.0 Cannot Connect from Exter
Yeah, excellent point there. Since this is the Access Server forum I assumed you were using that, but now that I look closer it looks like you're using a stock Ubuntu install with OpenVPN. If you're not using an AS image, then you'll definitely need to enable ip forwarding as well, i addition to ensuring a route has been setup per my previous post.