Openvpn times out ONLY on one wifi network

[daveinlv]

I work from home and often on the road. My home router is an Asus RT-66U and am using the latest "freshtomato" firmware. I have the supplied Openvpn server configured on the router using a routed/tun connection and self-signed tls certs. The connection works perfectly on EVERY wifi connection I have used it on, and connects almost instantly EXCEPT for the ONE that I *try* to use the most, that being one our local public library branches. Viewed from the user standpoint, the KUbuntu network manager openvpn connector simply times out after a long wait. I see the same issue on a windows 10 laptop and the community openvpn client. Since the logs on both Linux and windows really don't tell me anything, I fired up wireshark with a capture filter of "port 1194" and see the following:

Code: Select all

No.	Time	Source	sport	Destination	dport	Protocol	Length	Info
1	0.000000000	library_ip	59136	home_ip	openvpn	OpenVPN	56	MessageType: P_CONTROL_HARD_RESET_CLIENT_V2
2	1.446415994	library_ip	59136	home_ip	openvpn	OpenVPN	56	MessageType: P_CONTROL_HARD_RESET_CLIENT_V2
3	6.467941392	library_ip	59136	home_ip	openvpn	OpenVPN	56	MessageType: P_CONTROL_HARD_RESET_CLIENT_V2
4	6.484131166	home_ip	openvpn	library_ip	59136	OpenVPN	64	MessageType: P_ACK_V1
5	14.713911576	library_ip	59136	home_ip	openvpn	OpenVPN	56	MessageType: P_CONTROL_HARD_RESET_CLIENT_V2
6	14.731153782	home_ip	openvpn	library_ip	59136	OpenVPN	64	MessageType: P_ACK_V1
7	30.534615049	library_ip	59136	home_ip	openvpn	OpenVPN	56	MessageType: P_CONTROL_HARD_RESET_CLIENT_V2

The wireshark capture ends and about 15 seconds later, the windows client or linux client pops up a "connection timed out"... The fact that the openvpn connection works EVERYWHERE else besides the library tells me that *something* the library infrastructure is doing is screwing
up my vpn. Any ideas? I'm not really hep on openvpn issues but figured a wireshark capture shown to the right people might give me some
ammo to use with whatever the library calls its "IT department"...

Thanks in advance
Dave

[TinCanTech]

whatever the library calls its "IT department"...

Just ask them if they allow or block VPNs on their network.

If they block them then try using TCP protocol and Port 443 for your VPN.

If they don't block them then post your server and client log at --verb 4.

[daveinlv]

Been out of town for a bit.. Still no word from their "IT" department, and just for drill, I tried connecting to my openvpn today, and wonder-of-wonders, it connected. So I tried connecting to one of my Linux boxes at home via ssh. Holy crap.. logging in was a nightmare, as the delay from my pressing a key and getting the key echo was horrible. I cannot even IMAGINE trying to do anything involved via ssh OR rdp via this connection. I tried doing an RDP session to a remote Windows server thru the vpn and it times out and does the reconnect thing.
I'm beginning to think the reason my attempts to connect to the vpn timeout is because they're prioritizing http/https and video protocols vs anything else, and today I was one of the only people in the library
I guess I'm just screwed..

[TinCanTech]

Still no word from their "IT" department

If you give me their IP address then I'll hack in and give them something to worry about