Basic VPN connections

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
flammeur
OpenVpn Newbie
Posts: 1
Joined: Sun Sep 13, 2020 9:51 am

Basic VPN connections

Post by flammeur » Sun Sep 13, 2020 9:59 am

Hello folks

I am completly stuck to connect my openvpn outside of my network:

I set up the openvpn with centos , i created a user and set the password on centos and on administration page openvpn

i redirect port on 943 and 1194 on tcp and udp from my box

When on local network i import profile it work i can connect to my machine, however outside my network i connect to the openvpn administration page import the profile but this time doesn't work

From the log looks like it doesn't go throught my public IP wich :

Code: Select all

 9/13/2020, 11:51:24 AM Connecting to [192.168.1.27]:1194 (192.168.1.27) via UDPv4
⏎9/13/2020, 11:51:28 AM Server poll timeout, trying next remote entry...
⏎9/13/2020, 11:51:28 AM EVENT: RECONNECTING ⏎9/13/2020, 11:51:28 AM EVENT: RESOLVE ⏎9/13/2020, 11:51:28 AM Contacting 192.168.1.27:1194 via UDP
⏎9/13/2020, 11:51:28 AM WinCommandAgent: transmitting bypass route to 192.168.1.27
{
	"host" : "192.168.1.27",
	"ipv6" : false
}

⏎9/13/2020, 11:51:28 AM EVENT: WAIT ⏎9/13/2020, 11:51:28 AM Connecting to [192.168.1.27]:1194 (192.168.1.27) via UDPv4
⏎9/13/2020, 11:51:32 AM EVENT: CONNECTION_TIMEOUT ⏎9/13/2020, 11:51:32 AM EVENT: DISCONNECTED ⏎
Last edited by Pippin on Sun Sep 13, 2020 10:04 am, edited 1 time in total.
Reason: Formatting

racole20m
OpenVpn Newbie
Posts: 1
Joined: Wed Feb 17, 2021 10:57 am

Re: Basic VPN connections

Post by racole20m » Wed Feb 17, 2021 10:59 am

This is the same problem I encounter. I still don't have the solutions for this one. Were you able to solve it? Mine also routes to private IP instead of the public IP

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Basic VPN connections

Post by openvpn_inc » Wed Feb 17, 2021 12:12 pm

Hello,

This is very simple to explain and resolve. When you setup your OpenVPN Access Server, you most likely did so on a system that had no public IP, but only a private IP. It then takes that IP as the basis for client VPN connection configurations. In your case that would be 192.168.1.27. That would work perfectly fine while you are in your private network, but would not work on the Internet obviously.

The best solution is to make sure you have some DNS record that points to your public IP, and configure Access Server to use that for client VPN connection configurations. After you configure this, you need to load a new copy of the connection profile into your VPN client. This is one of the few settings that does not get updated automatically on the VPN client side.

Technically you can also just do public IP, but the downside of that is that your public IP might change, and if it does, you would need to configure it again on your Access Server, and then VPN clients would need to get a new connection profile to get connected to the new public IP again. So I recommend using a DNS record that resolves to your public IP, and then configuring that in the Access Server, and then importing that profile into the VPN client.

The setting for this is in the web based admin UI under Network Settings. Put it in the 'Host name or IP address' field. Save settings and update running servers. Then import a new VPN connection profile into your VPN client and it should then try to connect to the DNS record that resolves to your public IP, go through your router, and reach your Access Server, and establish a connection.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

rokello
OpenVpn Newbie
Posts: 1
Joined: Thu Sep 23, 2021 8:13 am

Re: Basic VPN connections

Post by rokello » Thu Sep 23, 2021 8:18 am

I have input the public ip and it is still failing to connect to openvpnas. but through the mobile app, the VPN connection works. on a computer, it fails.

Logs:
9/23/2021, 11:37:15 AM EVENT: RESOLVE ⏎9/23/2021, 11:37:15 AM OpenVPN core 3.git::f225fcd0 win x86_64 64-bit PT_PROXY built on Mar 19 2020 21:16:20
⏎9/23/2021, 11:37:15 AM Frame=512/2048/512 mssfix-ctrl=1250
⏎9/23/2021, 11:37:15 AM UNUSED OPTIONS
4 [nobind]
18 [sndbuf] [0]
19 [rcvbuf] [0]
21 [verb] [3]
31 [CLI_PREF_ALLOW_WEB_IMPORT] [True]
32 [CLI_PREF_BASIC_CLIENT] [False]
33 [CLI_PREF_ENABLE_CONNECT] [False]
34 [CLI_PREF_ENABLE_XD_PROXY] [True]
35 [WSHOST] [x.x.x.x:443]
36 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- MIIDBjCCAe6gAwIBAgIEYUs/HjANBgkqhkiG...]
37 [IS_OPENVPN_WEB_CA] [1]
⏎9/23/2021, 11:37:15 AM Contacting x.x.x.x:1194 via UDP
⏎9/23/2021, 11:37:15 AM Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
⏎9/23/2021, 11:37:15 AM EVENT: WAIT ⏎9/23/2021, 11:37:15 AM EVENT: CONNECTING ⏎9/23/2021, 11:37:15 AM Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
⏎9/23/2021, 11:37:15 AM Creds: Username/PasswordEmpty
⏎9/23/2021, 11:37:15 AM Peer Info:
IV_GUI_VER=OCmacOS_3.1.3-713
IV_VER=3.git::f225fcd0
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
IV_HWADDR=b0:83:fe:56:45:db

⏎9/23/2021, 11:37:18 AM VERIFY OK : depth=1
cert. version : 3
serial number : 61:4B:3F:15
issuer name : CN=OpenVPN CA
subject name : CN=OpenVPN CA
issued on : 2021-09-15 14:35:01
expires on : 2031-09-20 14:35:01
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true

⏎9/23/2021, 11:37:18 AM VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : CN=OpenVPN CA
subject name : CN=OpenVPN Server
issued on : 2021-09-15 14:35:01
expires on : 2031-09-20 14:35:01
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
cert. type : SSL Server

⏎9/23/2021, 11:38:04 AM Session invalidated: KEEPALIVE_TIMEOUT
⏎9/23/2021, 11:38:04 AM Client terminated, restarting in 2000 ms...
⏎9/23/2021, 11:38:06 AM EVENT: RECONNECTING ⏎9/23/2021, 11:38:06 AM EVENT: RESOLVE ⏎9/23/2021, 11:38:06 AM Contacting x.x.x.x:1194 via UDP
⏎9/23/2021, 11:38:06 AM Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
⏎9/23/2021, 11:38:06 AM EVENT: WAIT ⏎9/23/2021, 11:38:11 AM EVENT: CONNECTING ⏎9/23/2021, 11:38:11 AM Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
⏎9/23/2021, 11:38:11 AM Creds: Username/PasswordEmpty
⏎9/23/2021, 11:38:11 AM Peer Info:
IV_GUI_VER=OCmacOS_3.1.3-713
IV_VER=3.git::f225fcd0
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
IV_HWADDR=b0:83:fe:56:45:db

⏎9/23/2021, 11:38:11 AM VERIFY OK : depth=1
cert. version : 3
serial number : 61:4B:3F:15
issuer name : CN=OpenVPN CA
subject name : CN=OpenVPN CA
issued on : 2021-09-15 14:35:01
expires on : 2031-09-20 14:35:01
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true

⏎9/23/2021, 11:38:11 AM VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : CN=OpenVPN CA
subject name : CN=OpenVPN Server
issued on : 2021-09-15 14:35:01
expires on : 2031-09-20 14:35:01
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
cert. type : SSL Server

⏎9/23/2021, 11:38:12 AM SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
⏎9/23/2021, 11:38:12 AM Session is ACTIVE
⏎9/23/2021, 11:38:12 AM Sending PUSH_REQUEST to server...
⏎9/23/2021, 11:38:12 AM EVENT: GET_CONFIG ⏎9/23/2021, 11:38:12 AM OPTIONS:
0 [explicit-exit-notify]
1 [topology] [subnet]
2 [route-delay] [5] [30]
3 [dhcp-pre-release]
4 [dhcp-renew]
5 [dhcp-release]
6 [route-metric] [101]
7 [ping] [12]
8 [ping-restart] [50]
9 [compress] [stub-v2]
10 [redirect-gateway] [def1]
11 [redirect-gateway] [bypass-dhcp]
12 [redirect-gateway] [autolocal]
13 [route-gateway] [172.27.232.1]
14 [dhcp-option] [DNS] [192.168.2.2]
15 [dhcp-option] [DNS] [192.168.2.195]
16 [register-dns]
17 [block-ipv6]
18 [ifconfig] [172.27.232.5] [255.255.248.0]
19 [peer-id] [1]
20 [auth-token] ...
21 [cipher] [AES-256-GCM]

⏎9/23/2021, 11:38:12 AM Session token: [redacted]
⏎9/23/2021, 11:38:12 AM Server has pushed compressor COMP_STUBv2, but client has disabled compression, switching to asymmetric
⏎9/23/2021, 11:38:12 AM PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA1
compress: COMP_STUBv2
peer ID: 1
⏎9/23/2021, 11:38:12 AM CAPTURED OPTIONS:
Session Name: x.x.x.x
Layer: OSI_LAYER_3
Remote Address: x.x.x.x
Tunnel Addresses:
172.27.232.5/21 -> 172.27.232.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW AUTO_LOCAL DEF1 BYPASS_DHCP IPv4 ]
Block IPv6: yes
Route Metric Default: 101
Add Routes:
Exclude Routes:
DNS Servers:
192.168.2.2
192.168.2.195
Search Domains:

⏎9/23/2021, 11:38:12 AM SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
"confirm_event" : "d003000000000000",
"destroy_event" : "7403000000000000",
"tun" :
{
"adapter_domain_suffix" : "",
"block_ipv6" : true,
"dns_servers" :
[
{
"address" : "192.168.2.2",
"ipv6" : false
},
{
"address" : "192.168.2.195",
"ipv6" : false
}
],
"layer" : 3,
"mtu" : 0,
"remote_address" :
{
"address" : "x.x.x.x",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 315,
"ipv4" : true,
"ipv6" : false
},
"route_metric_default" : 101,
"session_name" : "x.x.x.x",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "172.27.232.5",
"gateway" : "172.27.232.1",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 21
}
]
}
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 400 Bad Request
TAP ADAPTERS:
guid='{80D3067C-E41A-4BF3-A1D0-A7844C9C9ACD}' index=16 name='Local Area Connection 2'
Open TAP device "" PATH="" FAILED
Destroyed previous TAP instance due to exception
cannot acquire TAP handle
⏎9/23/2021, 11:38:12 AM TUN Error: ovpnagent: request error
⏎9/23/2021, 11:38:12 AM Client exception in transport_recv: tun_exception: not connected
⏎9/23/2021, 11:38:12 AM EVENT: ASSIGN_IP ⏎9/23/2021, 11:38:12 AM EVENT: TUN_SETUP_FAILED ovpnagent: request error⏎9/23/2021, 11:38:12 AM EVENT: DISCONNECTED ⏎

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Basic VPN connections

Post by openvpn_inc » Thu Sep 23, 2021 11:10 am

Hello rokello,

That's a different unrelated problem. See here:
> Destroyed previous TAP instance due to exception
> cannot acquire TAP handle

Looks like something's broken in your installation. The driver needed to make the connection doesn't seem to be there. This might be an issue with installation of the driver (operating system perhaps missing necessary package for SHA256 signed drivers?). Might also be related to you using a very old client (built on Mar 19 2020 21:16:20). Might also be related to an antivirus or other type of protection program that's preventing the driver from installing.

I would suggest you ensure that your operating system is up-to-date and that your OpenVPN Connect client is latest version. And try uninstalling and reinstalling the program. If that doesn't help either try removing whatever protective program you have (antivirus or such?) temporarily to see if then an uninstall/reinstall of the program will work.

In any case, this is unrelated to the topic in this ticket.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply