I've recently switched to the latest BT Smart Hub 2 and since then I cannot connect to my openVPN using UDPv4
I've added in port forwarding rules to my router but no joy, even wiped my raspberry pi SD and started from scratch but still nothing
I have 3 scenarios
Using public/external ip (via dns) - using UDPv4 - fails
Using public/external ip (via dns) - using UDPv6 - succeeds
Using internal IP - using UDPv4 - succeeds (this one obviously means I can only connect to VPN when on internal network)
my server conf is as follows
Code: Select all
dev tun
proto udp
port 2604
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_QuHiUytVSmlC2iAx.crt
key /etc/openvpn/easy-rsa/pki/private/server_QuHiUytVSmlC2iAx.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 4
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io
server log file - only successful connections are logged
so when udpv4 is being used nothing is logged
Client Configuration
Code: Select all
client
dev tun
proto udp
remote [DNS] 2604
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_QuHiUytVSmlC2iAx name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 4
Public IP - UDPv4 - Fail
Code: Select all
13:48:31.329 -- ----- OpenVPN Start -----
13:48:31.329 -- EVENT: CORE_THREAD_ACTIVE
13:48:31.330 -- Frame=512/2048/512 mssfix-ctrl=1250
13:48:31.331 -- UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
11 [verify-x509-name] [server_QuHiUytVSmlC2iAx] [name]
14 [auth-nocache]
15 [verb] [4]
13:48:31.331 -- EVENT: RESOLVE
13:48:31.389 -- Contacting [ExternalIP]:2604 via UDP
13:48:31.390 -- EVENT: WAIT
13:48:31.393 -- Connecting to [DNS]:2604 (ExternalIP) via UDPv4
13:48:41.331 -- Server poll timeout, trying next remote entry...
13:48:41.331 -- EVENT: RECONNECTING
13:48:41.336 -- EVENT: RESOLVE
13:48:41.340 -- Contacting ExternalIP:2604 via UDP
13:48:41.340 -- EVENT: WAIT
13:48:41.342 -- Connecting to [DNS]:2604 (ExternalIP) via UDPv4
13:48:43.656 -- EVENT: DISCONNECTED
13:48:43.658 -- EVENT: CORE_THREAD_INACTIVE
13:48:43.659 -- Tunnel bytes per CPU second: 0
13:48:43.659 -- ----- OpenVPN Stop -----
Code: Select all
13:50:24.254 -- ----- OpenVPN Start -----
13:50:24.254 -- EVENT: CORE_THREAD_ACTIVE
13:50:24.259 -- Frame=512/2048/512 mssfix-ctrl=1250
13:50:24.261 -- UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
11 [verify-x509-name] [server_QuHiUytVSmlC2iAx] [name]
14 [auth-nocache]
15 [verb] [4]
13:50:24.261 -- EVENT: RESOLVE
13:50:24.391 -- Contacting [IPv6]:2604 via UDP
13:50:24.391 -- EVENT: WAIT
13:50:24.393 -- Connecting to [DNS]:2604 (IPv6) via UDPv6
13:50:24.442 -- EVENT: CONNECTING
13:50:24.444 -- Tunnel Options:V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client
13:50:24.445 -- Creds: UsernameEmpty/PasswordEmpty
13:50:24.445 -- Peer Info:
IV_GUI_VER=OC30Android
IV_VER=3.2
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_IPv6=1
IV_AUTO_SESS=1
13:50:24.595 -- VERIFY OK : depth=1
cert. version : 3
serial number : BE:A4:36:6B:32:47:1A:31
issuer name : CN=ChangeMe
subject name : CN=ChangeMe
issued on : 2019-01-14 10:15:35
expires on : 2029-01-11 10:15:35
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
13:50:24.596 -- VERIFY OK : depth=0
cert. version : 3
serial number : B8:B9:10:53:F9:2C:31:CC:F2:2D:38:5C:FF:B3:67:36
issuer name : CN=ChangeMe
subject name : CN=server_QuHiUytVSmlC2iAx
issued on : 2019-01-14 10:15:40
expires on : 2029-01-11 10:15:40
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : server_QuHiUytVSmlC2iAx
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
13:50:24.866 -- SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
13:50:24.867 -- Session is ACTIVE
13:50:24.867 -- EVENT: GET_CONFIG
13:50:24.869 -- Sending PUSH_REQUEST to server...
13:50:24.927 -- OPTIONS:
0 [dhcp-option] [DNS] [8.8.8.8]
1 [dhcp-option] [DNS] [8.8.4.4]
2 [block-outside-dns]
3 [redirect-gateway] [def1]
4 [route-gateway] [10.8.0.1]
5 [topology] [subnet]
6 [ping] [1800]
7 [ping-restart] [3600]
8 [ifconfig] [10.8.0.2] [255.255.255.0]
9 [peer-id] [0]
10 [cipher] [AES-256-GCM]
13:50:24.928 -- PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA256
compress: NONE
peer ID: 0
13:50:24.928 -- EVENT: ASSIGN_IP
13:50:24.941 -- Connected via tun
13:50:24.943 -- EVENT: CONNECTED info='@DNS:2604 (IPv6) via /UDPv6 on tun/10.8.0.2/ gw=[10.8.0.1/]' trans=TO_CONNECTED