Is it possible to tunnell openvpn server out from behind cgnat?

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
badmonkey
OpenVpn Newbie
Posts: 3
Joined: Tue Oct 29, 2019 12:35 am

Is it possible to tunnell openvpn server out from behind cgnat?

Post by badmonkey » Tue Oct 29, 2019 12:47 am

hello everybody its my first post, hopefuly somebody can help me understand my problem a little better.

So I have a ubuntu server with openvpn server working fine. I put it on a mobile data 4g connection which has carrier grade nat running so all ports are closed.

I found a tunelling service which helps get around this, its called ngrok im sure alot of people know it.

So basically ngrok is a reverse tunell this is how it works:
1 ubuntu server with openvpn connects to ngrok server through their app on port 80, forwards any local port from ubuntu server to external address going through ngrok server and giving "ngrok ip address+port"
2. any pc on the internet can connect to "ngrok ip address+port" and is translated into ubuntu server local port.

Now I confirmed this working with ssh server.
1. ssh server port 22 runnign on ubuntu server
2. ubuntu server connect to ngrok-> forward local port 22
3. ngrok generate static external address + port
4. connect from machine on Internet to ngrok external address + port
5. success successfully connected to ssh server on ubuntu server machine.

So I try doing same with openvpn server but it doesn't work.

I see on the logs there us EOF errors from the openvpn server.

it means the tunell is doing its job but not fully. Is this a limitation? am I wasting my time? has anybody attempted this before? I am kind of stuck now l, any help would be really appreciated

thank you in advance!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by TinCanTech » Tue Oct 29, 2019 2:06 pm

Logs please ..

Please see:
viewtopic.php?f=30&t=22603#p68963

badmonkey
OpenVpn Newbie
Posts: 3
Joined: Tue Oct 29, 2019 12:35 am

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by badmonkey » Wed Oct 30, 2019 7:39 am

Hi I actually figured this out on my own, it was user error.
1. I was doing tunnelling wrong with ssh but that is. easy enough to google so don't need to go into it
2. The Android openvpn app I tried using crashes ssh when attempting to connect so another problem

Setup confirmed and working on desktop tho, so non issue solved thanx

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by TinCanTech » Wed Oct 30, 2019 4:03 pm

So, is it possible to tunnell openvpn server out from behind cgnat?

We would like to know.

badmonkey
OpenVpn Newbie
Posts: 3
Joined: Tue Oct 29, 2019 12:35 am

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by badmonkey » Fri Nov 08, 2019 9:51 am

yes it is possible and working for me by doing everything I said in post number 1.

my issue was I was doing tunnelling wrong through ssh now that I create a local port on the host connection and point it at the lan ip of the open vpn server on the ssh host it works.

so it is possible to tunell and open vpn connection from behind a cgnat with the clause that a reverse tunell needs to be created to a tunelling service or a tunell server on a static open ip from the server behind the cgnat. In my case ngrok

edmoncu
OpenVPN User
Posts: 32
Joined: Fri Aug 07, 2020 4:30 pm

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by edmoncu » Wed Aug 12, 2020 5:37 pm

i am faced with the same situation. apparently. my post got deleted. would like help on how it can be done using ngrok. :(

*update*
fixed already!

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by Pippin » Wed Aug 12, 2020 9:06 pm

It was not deleted.
If you click your username you can find it.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

edmoncu
OpenVPN User
Posts: 32
Joined: Fri Aug 07, 2020 4:30 pm

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by edmoncu » Thu Aug 13, 2020 4:48 am

oh thanks a lot pippin! :) saw it and updated it with the fix.

LennieDH
OpenVpn Newbie
Posts: 1
Joined: Wed Sep 02, 2020 12:59 pm

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by LennieDH » Wed Sep 02, 2020 1:06 pm

badmonkey wrote:
Fri Nov 08, 2019 9:51 am
yes it is possible and working for me by doing everything I said in post number 1.

my issue was I was doing tunnelling wrong through ssh now that I create a local port on the host connection and point it at the lan ip of the open vpn server on the ssh host it works.

so it is possible to tunell and open vpn connection from behind a cgnat with the clause that a reverse tunell needs to be created to a tunelling service or a tunell server on a static open ip from the server behind the cgnat. In my case ngrok
Hi,
I'm on same situation.
Could you please explain your resolution in a bit more details?

My current setup:

Configured OpenVPN server in Ubuntu machine accepting connections over TCP Port 1491.
On the same machine I'm using ngrok to open TCP Port 1491.

On Android device using OpenVPN client I am able to connect when I am on the same local network of the Ubuntu OpenVPN server but not over the internet via ngrok tunnel. I get "Transport error, network Is unreachable" even if ngrok tunnel is properly connected.

Could someone help?

Thank you very much.

gandakoy
OpenVpn Newbie
Posts: 1
Joined: Thu Jan 14, 2021 8:57 am

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by gandakoy » Fri Jan 15, 2021 11:22 am

badmonkey wrote:
Fri Nov 08, 2019 9:51 am
yes it is possible and working for me by doing everything I said in post number 1.

my issue was I was doing tunnelling wrong through ssh now that I create a local port on the host connection and point it at the lan ip of the open vpn server on the ssh host it works.

so it is possible to tunell and open vpn connection from behind a cgnat with the clause that a reverse tunell needs to be created to a tunelling service or a tunell server on a static open ip from the server behind the cgnat. In my case ngrok
hello badmonkey ,
can you share your openvpn server and client config files

edmoncu
OpenVPN User
Posts: 32
Joined: Fri Aug 07, 2020 4:30 pm

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by edmoncu » Wed Nov 08, 2023 2:07 pm

Late update but was able to setup a vm and a raspberry pi 4 2gb with openvpnas under cgnat using ngrok : viewtopic.php?t=30787

Post Reply