Can not connect, timeout, where to start?

kasheftin · Post by **kasheftin** » Wed Oct 18, 2023 9:10 pm

I've just installed openvpn on my ubuntu server using https://raw.githubusercontent.com/angri ... install.sh.
Different tools on the server-side (ss -lntp, nmap) tell that it works, but I could not connect using OpenVPN connect client program for Windows.

I tried to reinstall it several times with different options using the script above, I tried UDP and TCP versions. No luck.

OpenVPN Connect Log File:

Code: Select all

⏎[Oct 18, 2023, 20:03:19] EVENT: RESOLVE ⏎[Oct 18, 2023, 20:03:19] EVENT: WAIT ⏎[Oct 18, 2023, 20:03:19] WinCommandAgent: transmitting bypass route to 157.90.0.217
{
	"host" : "157.90.0.217",
	"ipv6" : false
}

⏎[Oct 18, 2023, 20:03:29] Server poll timeout, trying next remote entry...
⏎[Oct 18, 2023, 20:03:29] EVENT: RECONNECTING ⏎[Oct 18, 2023, 20:03:29] EVENT: RESOLVE ⏎[Oct 18, 2023, 20:03:29] EVENT: WAIT ⏎[Oct 18, 2023, 20:03:29] WinCommandAgent: transmitting bypass route to 157.90.0.217
{
	"host" : "157.90.0.217",
	"ipv6" : false
}

⏎[Oct 18, 2023, 20:03:39] Server poll timeout, trying next remote entry...

ss -lntp (server-side):

Code: Select all

# ss -ltnp | grep openvpn
LISTEN 0      32           0.0.0.0:1194       0.0.0.0:*    users:(("openvpn",pid=1799244,fd=7))

/etc/openvpn/server.conf:

server.conf

port 1194
proto tcp
dev tun
user openvpn
group openvpn
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_LzkU6MiZaTONwKz6.crt
key server_LzkU6MiZaTONwKz6.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3

/var/log/openvpn/status.log:

Code: Select all

OpenVPN CLIENT LIST
Updated,2023-10-18 23:40:07
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END

nmap 157.90.0.217 -p 1194 (server-side):

Code: Select all

Starting Nmap 7.80 ( https://nmap.org ) at 2023-10-18 23:41 EEST
Nmap scan report for mail.obzor.lt (157.90.0.217)
Host is up (0.000034s latency).

PORT     STATE SERVICE
1194/tcp open  openvpn

Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds

ufw show listening | grep openvpn (server-side)

Code: Select all

1194 * (openvpn)

nmap 157.90.0.217 -p 1194 (remotely):

Code: Select all

Starting Nmap 7.80 ( https://nmap.org ) at 2023-10-18 23:41 EEST
Nmap scan report for obzor.lt (157.90.0.217)
Host is up (0.0028s latency).

PORT     STATE      SERVICE
1194/tcp filtered  openvpn

Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds

tcp.ovpn (configuration passed to OpenVPN Connect):

tcp.ovpn

client
proto tcp-client
remote 157.90.0.217 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_LzkU6MiZaTONwKz6 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...

iptables -S:

Code: Select all

-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A INPUT -i enp35s0 -p tcp -m tcp --dport 1194 -j ACCEPT
...

ip -o link | grep "state UP":

Code: Select all

2: enp35s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\    link/ether

How to solve the issue, what should I start with?