Can only connect to OpenVPN server from LAN

[swv]

I have an openvpn server installed on a centos7 machine behind my home router (netgear r6300) and I'm trying to connect from a windows machine. I have them both configured such that I can succesfully connect when I specify the openvpn server's LAN IP (192.168.1.10), but I cannot connect when specifying my external domain name, e.g. mydomain.com,. I have my home router configured to forward port 1194 to the openvpn server, and from the docs, it seems that this should be the only port required. Also, mydomain.com resolves to the right IP, but I'm obviously doing something wrong and I'm not sure how to further troubleshoot this. I basically followed the directions listed here - https://www.unixmen.com/install-openvpn-centos-7/.

help?

here is the client's log:

Code: Select all

Wed Jul 20 11:47:42 2016 OpenVPN 2.3.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Nov  7 2014
Wed Jul 20 11:47:42 2016 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05
Wed Jul 20 11:47:42 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25344
Wed Jul 20 11:47:42 2016 Need hold release from management interface, waiting...
Wed Jul 20 11:47:43 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25344
Wed Jul 20 11:47:43 2016 MANAGEMENT: CMD 'state on'
Wed Jul 20 11:47:43 2016 MANAGEMENT: CMD 'log all on'
Wed Jul 20 11:47:43 2016 MANAGEMENT: CMD 'hold off'
Wed Jul 20 11:47:43 2016 MANAGEMENT: CMD 'hold release'
Wed Jul 20 11:47:43 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 20 11:47:43 2016 MANAGEMENT: >STATE:1469029663,RESOLVE,,,
Wed Jul 20 11:47:43 2016 UDPv4 link local: [undef]
Wed Jul 20 11:47:43 2016 UDPv4 link remote: [AF_INET]1.2.3.4:1194
Wed Jul 20 11:47:43 2016 MANAGEMENT: >STATE:1469029663,WAIT,,,
Wed Jul 20 11:48:43 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jul 20 11:48:43 2016 TLS Error: TLS handshake failed
Wed Jul 20 11:48:43 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 20 11:48:43 2016 MANAGEMENT: >STATE:1469029723,RECONNECTING,tls-error,,
Wed Jul 20 11:48:43 2016 Restart pause, 2 second(s)
Wed Jul 20 11:48:45 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 20 11:48:45 2016 MANAGEMENT: >STATE:1469029725,RESOLVE,,,
Wed Jul 20 11:48:45 2016 UDPv4 link local: [undef]
Wed Jul 20 11:48:45 2016 UDPv4 link remote: [AF_INET]1.2.3.4:1194
Wed Jul 20 11:48:45 2016 MANAGEMENT: >STATE:1469029725,WAIT,,,

[TinCanTech]

A lot of routers will not allow you to connect to an external port from the LAN side. Go to another location and try again.

[swv]

to restate the problem with a little more info. Would the tcpdump" prove that the 1194 port isn't the problem?

I have an openvpn server installed on a centos7 machine behind my home router and I'm trying to connect from a windows machine. I have them both configured such that I can succesfully connect when I specify the openvpn server's LAN IP (192.168.1.10), but I cannot connect when specifying my external domain name, mydomain.com,. I have my home router (netgear r6300) configured to forward port 1194 to the openvpn server, and from the docs, it seems that this should be the only port required. mydomain.com resolves to the right IP, and I can see what appears to be communication from the internet via

Code: Select all

tcpdump -i eth1 udp port 1194

(shown below), but I'm obviously doing somethign wrong and I'm not sure how to further troubleshoot this. i basically followed the directions listed here - https://www.unixmen.com/install-openvpn-centos-7/.

help?

here is the client's log:

Code: Select all

Wed Jul 20 11:47:42 2016 OpenVPN 2.3.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Nov  7 2014
Wed Jul 20 11:47:42 2016 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05
Wed Jul 20 11:47:42 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25344
Wed Jul 20 11:47:42 2016 Need hold release from management interface, waiting...
Wed Jul 20 11:47:43 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25344
Wed Jul 20 11:47:43 2016 MANAGEMENT: CMD 'state on'
Wed Jul 20 11:47:43 2016 MANAGEMENT: CMD 'log all on'
Wed Jul 20 11:47:43 2016 MANAGEMENT: CMD 'hold off'
Wed Jul 20 11:47:43 2016 MANAGEMENT: CMD 'hold release'
Wed Jul 20 11:47:43 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 20 11:47:43 2016 MANAGEMENT: >STATE:1469029663,RESOLVE,,,
Wed Jul 20 11:47:43 2016 UDPv4 link local: [undef]
Wed Jul 20 11:47:43 2016 UDPv4 link remote: [AF_INET]1.2.3.4:1194
Wed Jul 20 11:47:43 2016 MANAGEMENT: >STATE:1469029663,WAIT,,,
Wed Jul 20 11:48:43 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jul 20 11:48:43 2016 TLS Error: TLS handshake failed
Wed Jul 20 11:48:43 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 20 11:48:43 2016 MANAGEMENT: >STATE:1469029723,RECONNECTING,tls-error,,
Wed Jul 20 11:48:43 2016 Restart pause, 2 second(s)
Wed Jul 20 11:48:45 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 20 11:48:45 2016 MANAGEMENT: >STATE:1469029725,RESOLVE,,,
Wed Jul 20 11:48:45 2016 UDPv4 link local: [undef]
Wed Jul 20 11:48:45 2016 UDPv4 link remote: [AF_INET]1.2.3.4:1194
Wed Jul 20 11:48:45 2016 MANAGEMENT: >STATE:1469029725,WAIT,,,

From running

Code: Select all

tcpdump -i eth1 udp port 1194

i can see the following:

Code: Select all

19:18:07.067447 IP 1.75-193-32.my.com.9386 > centos7-openvpn.openvpn: UDP, length 14
19:18:09.136528 IP 1.75-193-32.my.com.9386 > centos7-openvpn.openvpn: UDP, length 14
19:18:13.168118 IP 1.75-193-32.my.com.9386 > centos7-openvpn.openvpn: UDP, length 14
19:18:21.305293 IP 1.75-193-32.my.com.9386 > centos7-openvpn.openvpn: UDP, length 14
19:18:37.261954 IP 1.75-193-32.my.com.9386 > centos7-openvpn.openvpn: UDP, length 14
...