OpenVPN - company routers/network issue

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
sky59
OpenVpn Newbie
Posts: 6
Joined: Sat Apr 27, 2019 8:12 pm

OpenVPN - company routers/network issue

Post by sky59 » Sat Apr 27, 2019 8:21 pm

After executing half million of tests I finally found out where the problem is but do not know what is the problem. So please if you know help me to solve this mysterious problem.

SYSTEM DESCRIPTION:

I run SE server on OrangePiZero, OpwnWrt 15.05.1 linux. I can connect it with two different options to ISP having of course static IP.

1- using USB 3G dongle with SIM card, IP address is 78.xx.xx.xx
2- using company LAN connection, then server is visible as 62.xx.xx.xx
our IT specialists set up all routers from ISP down to my place with port forwarding for SE required ports

When I use SE bridge to connect to SE server everyting works perfect, so I believe port forwarding is OK, I can also see all forwarded ports
with some tools when I start SE server.

BUT

I want to connect to SE server also from Android device wit OpenVPN apk. SE server is set up for this option, of course.

If I use option 1 for SE server ISP connection everything works perfect.
If I use option 2 for SE server ISP, then it does not work!!!?

I made also most expanded log on OpenVPN apk on Android. Here it is below.
Look at line with MANAGEMENT: >STATE:1556262418,WAIT

It seems that for some reason authorization fails with company network.


internet connection 78.xx.xx.xx SIM card

2019-04-26 09:21:10 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:21:11 TCP connection established with [AF_INET]78.xx.xx.xx:443
2019-04-26 09:21:11 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:21:11 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:21:11 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:21:11 TCP_CLIENT link local: (not bound)
2019-04-26 09:21:11 TCP_CLIENT link remote: [AF_INET]78.xx.xx.xx:443
2019-04-26 09:21:11 MANAGEMENT: >STATE:1556263271,WAIT,,,,,,
2019-04-26 09:21:11 New OpenVPN Status (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2019-04-26 09:21:11 New OpenVPN Status (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2019-04-26 09:21:11 MANAGEMENT: >STATE:1556263271,AUTH,,,,,,
2019-04-26 09:21:11 TLS: Initial packet from [AF_INET]78.xx.xx.xx:443, sid=f2a32f89 228083c9
2019-04-26 09:21:11 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2019-04-26 09:21:11 VERIFY OK: depth=0, CN=vpn123456789.softether.net, O=vpn123456789.softether.net, OU=vpn123456789.softether.net, C=US
2019-04-26 09:21:11 Control Channel: TLSv1.2, cipher SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2019-04-26 09:21:11 [vpn123456789.softether.net] Peer Connection Initiated with [AF_INET]78.xx.xx.xx:443
2019-04-26 09:21:13 MANAGEMENT: >STATE:1556263273,GET_CONFIG,,,,,,
2019-04-26 09:21:13 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2019-04-26 09:21:13 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,



internet connection 62.xx.xx.xx company LAN with port forwarding

2019-04-26 09:06:57 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:06:58 TCP connection established with [AF_INET]62.xx.xx.xx:443
2019-04-26 09:06:58 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:06:58 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:06:58 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:06:58 TCP_CLIENT link local: (not bound)
2019-04-26 09:06:58 TCP_CLIENT link remote: [AF_INET]62.xx.xx.xx:443
2019-04-26 09:06:58 MANAGEMENT: >STATE:1556262418,WAIT,,,,,,
2019-04-26 09:06:59 Connection reset, restarting [0]
2019-04-26 09:06:59 New OpenVPN Status (RECONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): connection-reset,,,,,
2019-04-26 09:06:59 New OpenVPN Status (RECONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): connection-reset,,,,,
2019-04-26 09:06:59 New OpenVPN Status (CONNECTRETRY->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): 10
2019-04-26 09:06:59 New OpenVPN Status (CONNECTRETRY->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): 10
2019-04-26 09:06:59 Waiting 10s seconds between connection attempt
2019-04-26 09:06:59 TCP/UDP: Closing socket
2019-04-26 09:06:59 SIGUSR1[soft,connection-reset] received, process restarting
2019-04-26 09:06:59 MANAGEMENT: >STATE:1556262419,RECONNECTING,connection-reset,,,,,
2019-04-26 09:07:09 MANAGEMENT: CMD 'hold release'
2019-04-26 09:07:09 MANAGEMENT: CMD 'bytecount 2'
2019-04-26 09:07:09 MANAGEMENT: CMD 'state on'
2019-04-26 09:07:09 MANAGEMENT: CMD 'proxy NONE'
2019-04-26 09:07:10 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.


I have no access to company routers/servers/IT infrastructure. Any idea what can be problem with setting of these routers?
What "more" requires OpenVPN comparing to SE bridge? Is there any way as to identifiy what exactly is not passing through?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN - company routers/network issue

Post by TinCanTech » Sat Apr 27, 2019 11:11 pm

sky59 wrote:
Sat Apr 27, 2019 8:21 pm
After executing half million of tests
sky59 wrote:
Sat Apr 27, 2019 8:21 pm
2- using company LAN connection
sky59 wrote:
Sat Apr 27, 2019 8:21 pm
our IT specialists set up all routers from ISP down to my place
sky59 wrote:
Sat Apr 27, 2019 8:21 pm
BUT

I want to connect to SE server also from Android device
Please see:
viewtopic.php?f=30&t=22603

sky59
OpenVpn Newbie
Posts: 6
Joined: Sat Apr 27, 2019 8:12 pm

Re: OpenVPN - company routers/network issue

Post by sky59 » Sun Apr 28, 2019 5:16 am

I use in android version 0.7.5 apk

SoftEther server is version 4.25

I made a lot of test to identify as close as possible the problem

Connection from SoftEther client works under any conditions, SE server can use both way to connect to internet

But

From android it works only if SE server uses 3G sim card connection, not working over company LAN

Question is if OpenVPN uses any hidden port? I use 443 tcp. Or does OVPN needs excessive length for MTU? Or can routers in
company somehow identify OVPN packets and block them?

I already provided most expanded log from android /above/ but unfortunately it does not say too much, just 'connection reset', why?

Or any other idea?

sky59
OpenVpn Newbie
Posts: 6
Joined: Sat Apr 27, 2019 8:12 pm

Re: OpenVPN - company routers/network issue

Post by sky59 » Sun Apr 28, 2019 5:24 am

One idea more:
Instead of getting 'replied' on authorization it resets connection

How is the authorization different between SoftEther client and OVPN android apk? Does anybody know both systems?

Why then authorization for OVPN works over 3G internet but not over company LAN?

Authorization for SoftEther client works always even over company LAN

sky59
OpenVpn Newbie
Posts: 6
Joined: Sat Apr 27, 2019 8:12 pm

Re: OpenVPN - company routers/network issue

Post by sky59 » Mon Apr 29, 2019 8:10 am

As log from OpenVPN is not sufficient I ask developers if they are willing to try to connect to my server?

I can create "test" hub and provide *.ovpn configuration file.

I repeat: what is different in OpenVPN protocol versus SoftEther protocol? With existing hardware SE can connect but OVPN no!?

The problem is some routers in company - they work with SE client but not with OVPN client.

I tested OVPN client also on Windows machine and the same problem!?

Can anybody provide information what are the requirements for OVPN to work? Ports? MTU size? What else??

sky59
OpenVpn Newbie
Posts: 6
Joined: Sat Apr 27, 2019 8:12 pm

Re: OpenVPN - company routers/network issue

Post by sky59 » Tue Apr 30, 2019 7:58 pm

I found answer on my own:

All VPNs are worthless and useless except softether.

Every router can block vpn protocols, see for instsnce Linksys.

But softeteher uses Eternet over HTTPS - no routers firewall can block it. If it would be blocked = no internet :)

Softether is the best!

Post Reply