OpenVPN server on a Raspberry Pi 3

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
utzachaka
OpenVpn Newbie
Posts: 2
Joined: Sun Jun 25, 2017 5:39 pm

OpenVPN server on a Raspberry Pi 3

Post by utzachaka » Sun Jun 25, 2017 5:59 pm

Hi guys,
I set up a raspberry pi 3 using raspbian as OpenVPN server.

I have DDNS and my router is configured to forward udp port 1194 to my RasPi.

I followed this guide (it's in German): https://hosting.1und1.de/digitalguide/s ... d-openvpn/

Problem: When I try to connect to my vpn server using "OpenVPN Connect" android app it always says "Waiting for server" and then "OpenVPN Connection Timeout".



Here is my config:
ifconfig
eth0 Link encap:Ethernet HWaddr b8:27:eb:6e:6d:3d
inet addr:192.168.178.201 Bcast:192.168.178.255 Mask:255.255.255.0
inet6 addr: fe80::ba27:ebff:fe6e:6d3d/64 Scope:Link
inet6 addr: 2003:62:444e:1700:ba27:ebff:fe6e:6d3d/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5107 errors:0 dropped:2057 overruns:0 frame:0
TX packets:1996 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:573680 (560.2 KiB) TX bytes:246221 (240.4 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:132 errors:0 dropped:0 overruns:0 frame:0
TX packets:132 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:11088 (10.8 KiB) TX bytes:11088 (10.8 KiB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.1.1 P-t-P:172.16.1.2 Mask:255.255.255.255
inet6 addr: fe80::6e67:8ec1:b179:1149/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:576 (576.0 B)

wlan0 Link encap:Ethernet HWaddr b8:27:eb:3b:38:68
inet6 addr: fe80::ba27:ebff:fe3b:3868/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.178.1 0.0.0.0 UG 202 0 0 eth0
172.16.1.0 172.16.1.2 255.255.255.0 UG 0 0 0 tun0
172.16.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.178.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
openvpn.conf
dev tun
proto udp
port 1194


ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem


server 172.16.1.0 255.255.255.0


push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn


persist-key
persist-tun
user nobody
group nogroup
status /var/log/openvpn-status.log
verb 3
client-to-client
comp-lzo
rpivpn
#! /bin/sh
### BEGIN INIT INFO
# Provides: rpivpn
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: VPN initialization script
### END INIT INFO


echo 'echo "1" > /proc/sys/net/ipv4/ip_forward' | sudo -s


iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -o eth0 -j MASQUERADE
client1.ovpn
dev tun
client
proto udp
remote x.x.x.x 1194 <-- I inserted my DDNS domain here
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert laptop.crt
key laptop.key
comp-lzo
verb 3

Here's the output from logs:
openvpn
Sun Jun 25 17:10:42 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6$
Sun Jun 25 17:10:42 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Sun Jun 25 17:10:42 2017 WARNING: --keepalive option is missing from server config
Sun Jun 25 17:10:42 2017 Diffie-Hellman initialized with 2048 bit key
Sun Jun 25 17:10:42 2017 Socket Buffers: R=[163840->131072] S=[163840->131072]
Sun Jun 25 17:10:42 2017 ROUTE_GATEWAY 192.168.178.1/255.255.255.0 IFACE=eth0 HWADDR=b8:27:eb:6e:6d:3d
Sun Jun 25 17:10:42 2017 TUN/TAP device tun0 opened
Sun Jun 25 17:10:42 2017 TUN/TAP TX queue length set to 100
Sun Jun 25 17:10:42 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Jun 25 17:10:42 2017 /sbin/ip link set dev tun0 up mtu 1500
Sun Jun 25 17:10:42 2017 /sbin/ip addr add dev tun0 local 172.16.1.1 peer 172.16.1.2
Sun Jun 25 17:10:42 2017 /sbin/ip route add 172.16.1.0/24 via 172.16.1.2
Sun Jun 25 17:10:42 2017 GID set to nogroup
Sun Jun 25 17:10:42 2017 UID set to nobody
Sun Jun 25 17:10:42 2017 UDPv4 link local (bound): [undef]
Sun Jun 25 17:10:42 2017 UDPv4 link remote: [undef]
Sun Jun 25 17:10:42 2017 MULTI: multi_init called, r=256 v=256
Sun Jun 25 17:10:42 2017 IFCONFIG POOL: base=172.16.1.4 size=62, ipv6=0
Sun Jun 25 17:10:42 2017 Initialization Sequence Completed
openvpn-status.log
OpenVPN CLIENT LIST
Updated,Sun Jun 25 19:52:46 2017
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END

Please let me know, if you need further information.
Thanks in advance for any help!

utzachaka
OpenVpn Newbie
Posts: 2
Joined: Sun Jun 25, 2017 5:39 pm

Re: OpenVPN server on a Raspberry Pi 3

Post by utzachaka » Sun Jun 25, 2017 8:42 pm

Sometimes it really helps to tell someone about the problem.
I found the solution. My OpenVPN config is correct but I set my router to forward udp port 1194 to my RasPi and later I changed its ip address. I didn't forget that, but my router automatically recognized the RasPi's new ip address and so I was sure the forwarded port still works. Obviously it didn't. Reconfiguring that solved my Problem.
Thanks for reading anyway :)

Post Reply