After executing half million of tests I finally found out where the problem is but do not know what is the problem. So please if you know help me to solve this mysterious problem.
SYSTEM DESCRIPTION:
I run SE server on OrangePiZero, OpwnWrt 15.05.1 linux. I can connect it with two different options to ISP having of course static IP.
1- using USB 3G dongle with SIM card, IP address is 78.xx.xx.xx
2- using company LAN connection, then server is visible as 62.xx.xx.xx
our IT specialists set up all routers from ISP down to my place with port forwarding for SE required ports
When I use SE bridge to connect to SE server everyting works perfect, so I believe port forwarding is OK, I can also see all forwarded ports
with some tools when I start SE server.
BUT
I want to connect to SE server also from Android device wit OpenVPN apk. SE server is set up for this option, of course.
If I use option 1 for SE server ISP connection everything works perfect.
If I use option 2 for SE server ISP, then it does not work!!!?
I made also most expanded log on OpenVPN apk on Android. Here it is below.
Look at line with MANAGEMENT: >STATE:1556262418,WAIT
It seems that for some reason authorization fails with company network.
internet connection 78.xx.xx.xx SIM card
2019-04-26 09:21:10 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:21:11 TCP connection established with [AF_INET]78.xx.xx.xx:443
2019-04-26 09:21:11 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:21:11 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:21:11 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:21:11 TCP_CLIENT link local: (not bound)
2019-04-26 09:21:11 TCP_CLIENT link remote: [AF_INET]78.xx.xx.xx:443
2019-04-26 09:21:11 MANAGEMENT: >STATE:1556263271,WAIT,,,,,,
2019-04-26 09:21:11 New OpenVPN Status (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2019-04-26 09:21:11 New OpenVPN Status (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2019-04-26 09:21:11 MANAGEMENT: >STATE:1556263271,AUTH,,,,,,
2019-04-26 09:21:11 TLS: Initial packet from [AF_INET]78.xx.xx.xx:443, sid=f2a32f89 228083c9
2019-04-26 09:21:11 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2019-04-26 09:21:11 VERIFY OK: depth=0, CN=vpn123456789.softether.net, O=vpn123456789.softether.net, OU=vpn123456789.softether.net, C=US
2019-04-26 09:21:11 Control Channel: TLSv1.2, cipher SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2019-04-26 09:21:11 [vpn123456789.softether.net] Peer Connection Initiated with [AF_INET]78.xx.xx.xx:443
2019-04-26 09:21:13 MANAGEMENT: >STATE:1556263273,GET_CONFIG,,,,,,
2019-04-26 09:21:13 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2019-04-26 09:21:13 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
internet connection 62.xx.xx.xx company LAN with port forwarding
2019-04-26 09:06:57 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:06:58 TCP connection established with [AF_INET]62.xx.xx.xx:443
2019-04-26 09:06:58 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:06:58 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:06:58 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:06:58 TCP_CLIENT link local: (not bound)
2019-04-26 09:06:58 TCP_CLIENT link remote: [AF_INET]62.xx.xx.xx:443
2019-04-26 09:06:58 MANAGEMENT: >STATE:1556262418,WAIT,,,,,,
2019-04-26 09:06:59 Connection reset, restarting [0]
2019-04-26 09:06:59 New OpenVPN Status (RECONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): connection-reset,,,,,
2019-04-26 09:06:59 New OpenVPN Status (RECONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): connection-reset,,,,,
2019-04-26 09:06:59 New OpenVPN Status (CONNECTRETRY->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): 10
2019-04-26 09:06:59 New OpenVPN Status (CONNECTRETRY->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): 10
2019-04-26 09:06:59 Waiting 10s seconds between connection attempt
2019-04-26 09:06:59 TCP/UDP: Closing socket
2019-04-26 09:06:59 SIGUSR1[soft,connection-reset] received, process restarting
2019-04-26 09:06:59 MANAGEMENT: >STATE:1556262419,RECONNECTING,connection-reset,,,,,
2019-04-26 09:07:09 MANAGEMENT: CMD 'hold release'
2019-04-26 09:07:09 MANAGEMENT: CMD 'bytecount 2'
2019-04-26 09:07:09 MANAGEMENT: CMD 'state on'
2019-04-26 09:07:09 MANAGEMENT: CMD 'proxy NONE'
2019-04-26 09:07:10 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
I have no access to company routers/servers/IT infrastructure. Any idea what can be problem with setting of these routers?
What "more" requires OpenVPN comparing to SE bridge? Is there any way as to identifiy what exactly is not passing through?
OpenVPN - company routers/network issue
-
- OpenVpn Newbie
- Posts: 6
- Joined: Sat Apr 27, 2019 8:12 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 6
- Joined: Sat Apr 27, 2019 8:12 pm
Re: OpenVPN - company routers/network issue
I use in android version 0.7.5 apk
SoftEther server is version 4.25
I made a lot of test to identify as close as possible the problem
Connection from SoftEther client works under any conditions, SE server can use both way to connect to internet
But
From android it works only if SE server uses 3G sim card connection, not working over company LAN
Question is if OpenVPN uses any hidden port? I use 443 tcp. Or does OVPN needs excessive length for MTU? Or can routers in
company somehow identify OVPN packets and block them?
I already provided most expanded log from android /above/ but unfortunately it does not say too much, just 'connection reset', why?
Or any other idea?
SoftEther server is version 4.25
I made a lot of test to identify as close as possible the problem
Connection from SoftEther client works under any conditions, SE server can use both way to connect to internet
But
From android it works only if SE server uses 3G sim card connection, not working over company LAN
Question is if OpenVPN uses any hidden port? I use 443 tcp. Or does OVPN needs excessive length for MTU? Or can routers in
company somehow identify OVPN packets and block them?
I already provided most expanded log from android /above/ but unfortunately it does not say too much, just 'connection reset', why?
Or any other idea?
-
- OpenVpn Newbie
- Posts: 6
- Joined: Sat Apr 27, 2019 8:12 pm
Re: OpenVPN - company routers/network issue
One idea more:
Instead of getting 'replied' on authorization it resets connection
How is the authorization different between SoftEther client and OVPN android apk? Does anybody know both systems?
Why then authorization for OVPN works over 3G internet but not over company LAN?
Authorization for SoftEther client works always even over company LAN
Instead of getting 'replied' on authorization it resets connection
How is the authorization different between SoftEther client and OVPN android apk? Does anybody know both systems?
Why then authorization for OVPN works over 3G internet but not over company LAN?
Authorization for SoftEther client works always even over company LAN
-
- OpenVpn Newbie
- Posts: 6
- Joined: Sat Apr 27, 2019 8:12 pm
Re: OpenVPN - company routers/network issue
As log from OpenVPN is not sufficient I ask developers if they are willing to try to connect to my server?
I can create "test" hub and provide *.ovpn configuration file.
I repeat: what is different in OpenVPN protocol versus SoftEther protocol? With existing hardware SE can connect but OVPN no!?
The problem is some routers in company - they work with SE client but not with OVPN client.
I tested OVPN client also on Windows machine and the same problem!?
Can anybody provide information what are the requirements for OVPN to work? Ports? MTU size? What else??
I can create "test" hub and provide *.ovpn configuration file.
I repeat: what is different in OpenVPN protocol versus SoftEther protocol? With existing hardware SE can connect but OVPN no!?
The problem is some routers in company - they work with SE client but not with OVPN client.
I tested OVPN client also on Windows machine and the same problem!?
Can anybody provide information what are the requirements for OVPN to work? Ports? MTU size? What else??
-
- OpenVpn Newbie
- Posts: 6
- Joined: Sat Apr 27, 2019 8:12 pm
Re: OpenVPN - company routers/network issue
I found answer on my own:
All VPNs are worthless and useless except softether.
Every router can block vpn protocols, see for instsnce Linksys.
But softeteher uses Eternet over HTTPS - no routers firewall can block it. If it would be blocked = no internet
Softether is the best!
All VPNs are worthless and useless except softether.
Every router can block vpn protocols, see for instsnce Linksys.
But softeteher uses Eternet over HTTPS - no routers firewall can block it. If it would be blocked = no internet
Softether is the best!