connections good on lan but not wan
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Dec 28, 2017 1:31 am
connections good on lan but not wan
I had a working server prior to changing out a router but replaced the router with same make/model and installed dd-wrt on new router (old router had dd-wrt also). Using a Samsung Galaxy S7 with OpenVPN Connect to test. Configs look the same as before, port forwarding on the router looks good, port scan from the WAN shows open|filtered for UDP for that port, logs show attempted connection from WAN but TLS negotiation fails. The client ovpn files seem to be OK and matches ciphers, etc - the ovpn must be correct since connections on the LAN side are good? I have 2 remote settings in the ovpn file (just like in the past), 1 for the LAN IP and one for the domain name (for the WAN side). It is my understanding that this is acceptable and it has worked in the past. Anyway, I remarked out the remote setting for the LAN for testing and was able to connect from the LAN using the DN as the remote server setting but when I turned off the wifi on the phone and used the cell data, I could not connect.
From client ovpn:
client
dev tun
proto udp
remote <LAN IP> <PORT>
remote someplace.com <PORT>
nobind
user nobody
group nogroup
persist-key
persist-tun
cipher ###
auth ###
verb 5
WAN connection attempt result:
20181017 10:21:32 N 174.217.22.243:3644 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20181017 10:21:32 N 174.217.22.243:3644 TLS Error: TLS handshake failed
20181017 10:21:32 174.217.22.243:3644 SIGUSR1[soft tls-error] received client-instance restarting
20181017 10:21:32 MULTI: multi_create_instance called
20181017 10:21:32 174.217.22.243:3629 Re-using SSL/TLS context
20181017 10:21:32 174.217.22.243:3629 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
20181017 10:21:32 174.217.22.243:3629 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
20181017 10:21:32 174.217.22.243:3629 Local Options String (VER=V4): 'V4 dev-type tun link-mtu 1601 tun-mtu 1500 proto UDPv4 cipher ### auth ### keysize ### key-method 2 tls-server'
20181017 10:21:32 174.217.22.243:3629 Expected Remote Options String (VER=V4): 'V4 dev-type tun link-mtu 1601 tun-mtu 1500 proto UDPv4 cipher ### auth ### keysize ### key-method 2 tls-client'
20181017 10:21:32 174.217.22.243:3629 TLS: Initial packet from [AF_INET]174.217.22.243:3629 sid=b9dfc3b7 c00d3585
20181017 10:21:42 N 174.217.22.243:3625 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20181017 10:21:42 N 174.217.22.243:3625 TLS Error: TLS handshake failed
20181017 10:21:42 174.217.22.243:3625 SIGUSR1[soft tls-error] received client-instance restarting
From client ovpn:
client
dev tun
proto udp
remote <LAN IP> <PORT>
remote someplace.com <PORT>
nobind
user nobody
group nogroup
persist-key
persist-tun
cipher ###
auth ###
verb 5
WAN connection attempt result:
20181017 10:21:32 N 174.217.22.243:3644 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20181017 10:21:32 N 174.217.22.243:3644 TLS Error: TLS handshake failed
20181017 10:21:32 174.217.22.243:3644 SIGUSR1[soft tls-error] received client-instance restarting
20181017 10:21:32 MULTI: multi_create_instance called
20181017 10:21:32 174.217.22.243:3629 Re-using SSL/TLS context
20181017 10:21:32 174.217.22.243:3629 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
20181017 10:21:32 174.217.22.243:3629 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
20181017 10:21:32 174.217.22.243:3629 Local Options String (VER=V4): 'V4 dev-type tun link-mtu 1601 tun-mtu 1500 proto UDPv4 cipher ### auth ### keysize ### key-method 2 tls-server'
20181017 10:21:32 174.217.22.243:3629 Expected Remote Options String (VER=V4): 'V4 dev-type tun link-mtu 1601 tun-mtu 1500 proto UDPv4 cipher ### auth ### keysize ### key-method 2 tls-client'
20181017 10:21:32 174.217.22.243:3629 TLS: Initial packet from [AF_INET]174.217.22.243:3629 sid=b9dfc3b7 c00d3585
20181017 10:21:42 N 174.217.22.243:3625 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20181017 10:21:42 N 174.217.22.243:3625 TLS Error: TLS handshake failed
20181017 10:21:42 174.217.22.243:3625 SIGUSR1[soft tls-error] received client-instance restarting
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Dec 28, 2017 1:31 am
Re: connections good on lan but not wan
I edited this since I noticed that another client on the LAN side was connected during testing.
Router openvpn server log time stamp is UTC while client log is local time stamp.
root@router:~# uname -a
Linux router 4.9.133 #504 SMP PREEMPT Mon Oct 15 17:40:08 CEST 2018 armv7l DD-WRT
root@router:~# ifconfig
ath0 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:12
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:51252 errors:0 dropped:0 overruns:0 frame:0
TX packets:105359 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:11521782 (10.9 MiB) TX bytes:98464563 (93.9 MiB)
ath0.sta1 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:12
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1955370 errors:0 dropped:0 overruns:0 frame:0
TX packets:4870496 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:288190623 (274.8 MiB) TX bytes:6707305385 (6.2 GiB)
ath0.sta2 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:12
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:173270 errors:0 dropped:0 overruns:0 frame:0
TX packets:197677 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:46560920 (44.4 MiB) TX bytes:29505325 (28.1 MiB)
ath0.sta3 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:12
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5076 errors:0 dropped:0 overruns:0 frame:0
TX packets:36768 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:307367 (300.1 KiB) TX bytes:55000272 (52.4 MiB)
ath1 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:13
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13071 errors:0 dropped:0 overruns:0 frame:0
TX packets:36775 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3165211 (3.0 MiB) TX bytes:6299688 (6.0 MiB)
br0 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:11 #LAN
inet addr:x.x.x.x Bcast:x.x.x.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3663913 errors:0 dropped:1317 overruns:0 frame:0
TX packets:3603910 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:331239230 (315.8 MiB) TX bytes:14781843750 (13.7 GiB)
br0:0 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:11
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:11 #WAN
inet addr:x.x.x.x Bcast:x.x.x.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10812723 errors:0 dropped:22082 overruns:0 frame:0
TX packets:3633295 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:15254249191 (14.2 GiB) TX bytes:375291140 (357.9 MiB)
Interrupt:36
eth1 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:11
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2135783 errors:0 dropped:0 overruns:0 frame:0
TX packets:1463943 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:170958836 (163.0 MiB) TX bytes:8323332776 (7.7 GiB)
Interrupt:37
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:65536 Metric:1
RX packets:481 errors:0 dropped:0 overruns:0 frame:0
TX packets:481 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:85249 (83.2 KiB) TX bytes:85249 (83.2 KiB)
tun2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:x.x.x.x P-t-P:x.x.x.x Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:2547 (2.4 KiB)
server config: (Linksys WRT3200ACM router running dd-wrt Firmware 37405)
dh /tmp/mnt/sda3/dh.pem
ca /tmp/mnt/sda3/ca.crt
cert /tmp/mnt/sda3/cert.pem
key /tmp/mnt/sda3/key.pem
keepalive 10 120
verb 5
mute 3
syslog
writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet
script-security 2
port 1197
proto udp4
cipher aes-256-cbc
auth sha512
client-connect /tmp/mnt/sda3/clcon.sh
client-disconnect /tmp/mnt/sda3/cldiscon.sh
client-config-dir /tmp/mnt/sda3/ccd
ifconfig-pool-persist /tmp/mnt/sda3/ip-pool 86400
client-to-client
push "redirect-gateway def1"
fast-io
tun-mtu 1500
mtu-disc yes
server x.x.x.x 255.255.255.0
dev tun2
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
server log:
Oct 19 18:14:20 router daemon.notice openvpn[13982]: MULTI: multi_create_instance called
Oct 19 18:14:20 router daemon.notice openvpn[13982]: 174.217.39.152:6180 Re-using SSL/TLS context
Oct 19 18:14:20 router daemon.notice openvpn[13982]: 174.217.39.152:6180 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Oct 19 18:14:20 router daemon.notice openvpn[13982]: 174.217.39.152:6180 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 19 18:14:20 router daemon.notice openvpn[13982]: 174.217.39.152:6180 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Oct 19 18:14:20 router daemon.notice openvpn[13982]: 174.217.39.152:6180 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Oct 19 18:14:20 router daemon.notice openvpn[13982]: 174.217.39.152:6180 TLS: Initial packet from [AF_INET]174.217.39.152:6180, sid=53617e86 706ab6df
Oct 19 18:14:30 router daemon.notice openvpn[13982]: MULTI: multi_create_instance called
Oct 19 18:14:30 router daemon.notice openvpn[13982]: 174.217.39.152:6194 Re-using SSL/TLS context
Oct 19 18:14:30 router daemon.notice openvpn[13982]: 174.217.39.152:6194 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Oct 19 18:14:30 router daemon.notice openvpn[13982]: 174.217.39.152:6194 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 19 18:14:30 router daemon.notice openvpn[13982]: 174.217.39.152:6194 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Oct 19 18:14:30 router daemon.notice openvpn[13982]: 174.217.39.152:6194 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Oct 19 18:14:30 router daemon.notice openvpn[13982]: 174.217.39.152:6194 TLS: Initial packet from [AF_INET]174.217.39.152:6194, sid=fd4f5105 915779ff
Oct 19 18:14:40 router daemon.notice openvpn[13982]: MULTI: multi_create_instance called
Oct 19 18:14:40 router daemon.notice openvpn[13982]: 174.217.39.152:6200 Re-using SSL/TLS context
Oct 19 18:14:40 router daemon.notice openvpn[13982]: 174.217.39.152:6200 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Oct 19 18:14:40 router daemon.notice openvpn[13982]: 174.217.39.152:6200 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 19 18:14:40 router daemon.notice openvpn[13982]: 174.217.39.152:6200 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Oct 19 18:14:40 router daemon.notice openvpn[13982]: 174.217.39.152:6200 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Oct 19 18:14:40 router daemon.notice openvpn[13982]: 174.217.39.152:6200 TLS: Initial packet from [AF_INET]174.217.39.152:6200, sid=4e561c45 da397450
Oct 19 18:14:50 router daemon.notice openvpn[13982]: MULTI: multi_create_instance called
Oct 19 18:14:50 router daemon.notice openvpn[13982]: 174.217.39.152:6176 Re-using SSL/TLS context
Oct 19 18:14:50 router daemon.notice openvpn[13982]: 174.217.39.152:6176 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Oct 19 18:14:50 router daemon.notice openvpn[13982]: 174.217.39.152:6176 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 19 18:14:50 router daemon.notice openvpn[13982]: 174.217.39.152:6176 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Oct 19 18:14:50 router daemon.notice openvpn[13982]: 174.217.39.152:6176 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Oct 19 18:14:50 router daemon.notice openvpn[13982]: 174.217.39.152:6176 TLS: Initial packet from [AF_INET]174.217.39.152:6176, sid=185773e4 b01c9a48
Oct 19 18:15:00 router daemon.notice openvpn[13982]: MULTI: multi_create_instance called
Oct 19 18:15:00 router daemon.notice openvpn[13982]: 174.217.39.152:6201 Re-using SSL/TLS context
Oct 19 18:15:00 router daemon.notice openvpn[13982]: 174.217.39.152:6201 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Oct 19 18:15:00 router daemon.notice openvpn[13982]: 174.217.39.152:6201 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 19 18:15:00 router daemon.notice openvpn[13982]: 174.217.39.152:6201 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Oct 19 18:15:00 router daemon.notice openvpn[13982]: 174.217.39.152:6201 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Oct 19 18:15:00 router daemon.notice openvpn[13982]: 174.217.39.152:6201 TLS: Initial packet from [AF_INET]174.217.39.152:6201, sid=c1b2fa35 a7a63800
client config: (Samsung Galaxy S7 running OpenVPN Connect)
client
dev tun
proto udp4
remote somewhere.com 1197
nobind
user nobody
group nogroup
persist-key
persist-tun
cipher AES-256-CBC
auth sha512
verb 5
<ca>
</ca>
<key>
</key>
<cert>
</cert>
client log:
12:14:18.874 -- ----- OpenVPN Start -----
12:14:18.880 -- EVENT: CORE_THREAD_ACTIVE
12:14:18.928 -- Frame=512/2048/512 mssfix-ctrl=1250
12:14:18.929 -- UNUSED OPTIONS
4 [nobind]
5 [user] [nobody]
6 [group] [nogroup]
7 [persist-key]
8 [persist-tun]
11 [verb] [5]
12:14:18.930 -- EVENT: RESOLVE
12:14:19.229 -- Contacting x.x.x.x:1197 via UDP
12:14:19.230 -- EVENT: WAIT
12:14:19.260 -- Connecting to [somewhere.com]:1197 (x.x.x.x) via UDPv4
12:14:28.883 -- Server poll timeout, trying next remote entry...
12:14:28.884 -- EVENT: RECONNECTING
12:14:28.894 -- EVENT: RESOLVE
12:14:28.904 -- Contacting x.x.x.x:1197 via UDP
12:14:28.905 -- EVENT: WAIT
12:14:28.953 -- Connecting to [somewhere.com]:1197 (x.x.x.x) via UDPv4
12:14:38.890 -- Server poll timeout, trying next remote entry...
12:14:38.892 -- EVENT: RECONNECTING
12:14:38.910 -- EVENT: RESOLVE
12:14:38.927 -- Contacting x.x.x.x:1197 via UDP
12:14:38.929 -- EVENT: WAIT
12:14:38.961 -- Connecting to [somewhere.com]:1197 (x.x.x.x) via UDPv4
12:14:48.898 -- Server poll timeout, trying next remote entry...
12:14:48.901 -- EVENT: RECONNECTING
12:14:48.915 -- EVENT: RESOLVE
12:14:48.931 -- Contacting x.x.x.x:1197 via UDP
12:14:48.932 -- EVENT: WAIT
12:14:48.945 -- Connecting to [somewhere.com]:1197 (x.x.x.x) via UDPv4
12:14:58.902 -- Server poll timeout, trying next remote entry...
12:14:58.905 -- EVENT: RECONNECTING
12:14:58.918 -- EVENT: RESOLVE
12:14:58.951 -- Contacting x.x.x.x:1197 via UDP
12:14:58.952 -- EVENT: WAIT
12:14:58.977 -- Connecting to [somewhere.com]:1197 (x.x.x.x) via UDPv4
12:15:00.791 -- EVENT: DISCONNECTED
12:15:00.798 -- EVENT: CORE_THREAD_INACTIVE
12:15:00.799 -- Tunnel bytes per CPU second: 0
12:15:00.800 -- ----- OpenVPN Stop -----
Router openvpn server log time stamp is UTC while client log is local time stamp.
root@router:~# uname -a
Linux router 4.9.133 #504 SMP PREEMPT Mon Oct 15 17:40:08 CEST 2018 armv7l DD-WRT
root@router:~# ifconfig
ath0 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:12
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:51252 errors:0 dropped:0 overruns:0 frame:0
TX packets:105359 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:11521782 (10.9 MiB) TX bytes:98464563 (93.9 MiB)
ath0.sta1 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:12
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1955370 errors:0 dropped:0 overruns:0 frame:0
TX packets:4870496 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:288190623 (274.8 MiB) TX bytes:6707305385 (6.2 GiB)
ath0.sta2 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:12
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:173270 errors:0 dropped:0 overruns:0 frame:0
TX packets:197677 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:46560920 (44.4 MiB) TX bytes:29505325 (28.1 MiB)
ath0.sta3 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:12
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5076 errors:0 dropped:0 overruns:0 frame:0
TX packets:36768 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:307367 (300.1 KiB) TX bytes:55000272 (52.4 MiB)
ath1 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:13
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13071 errors:0 dropped:0 overruns:0 frame:0
TX packets:36775 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3165211 (3.0 MiB) TX bytes:6299688 (6.0 MiB)
br0 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:11 #LAN
inet addr:x.x.x.x Bcast:x.x.x.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3663913 errors:0 dropped:1317 overruns:0 frame:0
TX packets:3603910 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:331239230 (315.8 MiB) TX bytes:14781843750 (13.7 GiB)
br0:0 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:11
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:11 #WAN
inet addr:x.x.x.x Bcast:x.x.x.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10812723 errors:0 dropped:22082 overruns:0 frame:0
TX packets:3633295 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:15254249191 (14.2 GiB) TX bytes:375291140 (357.9 MiB)
Interrupt:36
eth1 Link encap:Ethernet HWaddr 60:38:E0:BE:6A:11
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2135783 errors:0 dropped:0 overruns:0 frame:0
TX packets:1463943 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:170958836 (163.0 MiB) TX bytes:8323332776 (7.7 GiB)
Interrupt:37
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:65536 Metric:1
RX packets:481 errors:0 dropped:0 overruns:0 frame:0
TX packets:481 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:85249 (83.2 KiB) TX bytes:85249 (83.2 KiB)
tun2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:x.x.x.x P-t-P:x.x.x.x Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:2547 (2.4 KiB)
server config: (Linksys WRT3200ACM router running dd-wrt Firmware 37405)
dh /tmp/mnt/sda3/dh.pem
ca /tmp/mnt/sda3/ca.crt
cert /tmp/mnt/sda3/cert.pem
key /tmp/mnt/sda3/key.pem
keepalive 10 120
verb 5
mute 3
syslog
writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet
script-security 2
port 1197
proto udp4
cipher aes-256-cbc
auth sha512
client-connect /tmp/mnt/sda3/clcon.sh
client-disconnect /tmp/mnt/sda3/cldiscon.sh
client-config-dir /tmp/mnt/sda3/ccd
ifconfig-pool-persist /tmp/mnt/sda3/ip-pool 86400
client-to-client
push "redirect-gateway def1"
fast-io
tun-mtu 1500
mtu-disc yes
server x.x.x.x 255.255.255.0
dev tun2
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
server log:
Oct 19 18:14:20 router daemon.notice openvpn[13982]: MULTI: multi_create_instance called
Oct 19 18:14:20 router daemon.notice openvpn[13982]: 174.217.39.152:6180 Re-using SSL/TLS context
Oct 19 18:14:20 router daemon.notice openvpn[13982]: 174.217.39.152:6180 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Oct 19 18:14:20 router daemon.notice openvpn[13982]: 174.217.39.152:6180 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 19 18:14:20 router daemon.notice openvpn[13982]: 174.217.39.152:6180 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Oct 19 18:14:20 router daemon.notice openvpn[13982]: 174.217.39.152:6180 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Oct 19 18:14:20 router daemon.notice openvpn[13982]: 174.217.39.152:6180 TLS: Initial packet from [AF_INET]174.217.39.152:6180, sid=53617e86 706ab6df
Oct 19 18:14:30 router daemon.notice openvpn[13982]: MULTI: multi_create_instance called
Oct 19 18:14:30 router daemon.notice openvpn[13982]: 174.217.39.152:6194 Re-using SSL/TLS context
Oct 19 18:14:30 router daemon.notice openvpn[13982]: 174.217.39.152:6194 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Oct 19 18:14:30 router daemon.notice openvpn[13982]: 174.217.39.152:6194 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 19 18:14:30 router daemon.notice openvpn[13982]: 174.217.39.152:6194 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Oct 19 18:14:30 router daemon.notice openvpn[13982]: 174.217.39.152:6194 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Oct 19 18:14:30 router daemon.notice openvpn[13982]: 174.217.39.152:6194 TLS: Initial packet from [AF_INET]174.217.39.152:6194, sid=fd4f5105 915779ff
Oct 19 18:14:40 router daemon.notice openvpn[13982]: MULTI: multi_create_instance called
Oct 19 18:14:40 router daemon.notice openvpn[13982]: 174.217.39.152:6200 Re-using SSL/TLS context
Oct 19 18:14:40 router daemon.notice openvpn[13982]: 174.217.39.152:6200 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Oct 19 18:14:40 router daemon.notice openvpn[13982]: 174.217.39.152:6200 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 19 18:14:40 router daemon.notice openvpn[13982]: 174.217.39.152:6200 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Oct 19 18:14:40 router daemon.notice openvpn[13982]: 174.217.39.152:6200 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Oct 19 18:14:40 router daemon.notice openvpn[13982]: 174.217.39.152:6200 TLS: Initial packet from [AF_INET]174.217.39.152:6200, sid=4e561c45 da397450
Oct 19 18:14:50 router daemon.notice openvpn[13982]: MULTI: multi_create_instance called
Oct 19 18:14:50 router daemon.notice openvpn[13982]: 174.217.39.152:6176 Re-using SSL/TLS context
Oct 19 18:14:50 router daemon.notice openvpn[13982]: 174.217.39.152:6176 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Oct 19 18:14:50 router daemon.notice openvpn[13982]: 174.217.39.152:6176 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 19 18:14:50 router daemon.notice openvpn[13982]: 174.217.39.152:6176 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Oct 19 18:14:50 router daemon.notice openvpn[13982]: 174.217.39.152:6176 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Oct 19 18:14:50 router daemon.notice openvpn[13982]: 174.217.39.152:6176 TLS: Initial packet from [AF_INET]174.217.39.152:6176, sid=185773e4 b01c9a48
Oct 19 18:15:00 router daemon.notice openvpn[13982]: MULTI: multi_create_instance called
Oct 19 18:15:00 router daemon.notice openvpn[13982]: 174.217.39.152:6201 Re-using SSL/TLS context
Oct 19 18:15:00 router daemon.notice openvpn[13982]: 174.217.39.152:6201 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Oct 19 18:15:00 router daemon.notice openvpn[13982]: 174.217.39.152:6201 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Oct 19 18:15:00 router daemon.notice openvpn[13982]: 174.217.39.152:6201 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Oct 19 18:15:00 router daemon.notice openvpn[13982]: 174.217.39.152:6201 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Oct 19 18:15:00 router daemon.notice openvpn[13982]: 174.217.39.152:6201 TLS: Initial packet from [AF_INET]174.217.39.152:6201, sid=c1b2fa35 a7a63800
client config: (Samsung Galaxy S7 running OpenVPN Connect)
client
dev tun
proto udp4
remote somewhere.com 1197
nobind
user nobody
group nogroup
persist-key
persist-tun
cipher AES-256-CBC
auth sha512
verb 5
<ca>
</ca>
<key>
</key>
<cert>
</cert>
client log:
12:14:18.874 -- ----- OpenVPN Start -----
12:14:18.880 -- EVENT: CORE_THREAD_ACTIVE
12:14:18.928 -- Frame=512/2048/512 mssfix-ctrl=1250
12:14:18.929 -- UNUSED OPTIONS
4 [nobind]
5 [user] [nobody]
6 [group] [nogroup]
7 [persist-key]
8 [persist-tun]
11 [verb] [5]
12:14:18.930 -- EVENT: RESOLVE
12:14:19.229 -- Contacting x.x.x.x:1197 via UDP
12:14:19.230 -- EVENT: WAIT
12:14:19.260 -- Connecting to [somewhere.com]:1197 (x.x.x.x) via UDPv4
12:14:28.883 -- Server poll timeout, trying next remote entry...
12:14:28.884 -- EVENT: RECONNECTING
12:14:28.894 -- EVENT: RESOLVE
12:14:28.904 -- Contacting x.x.x.x:1197 via UDP
12:14:28.905 -- EVENT: WAIT
12:14:28.953 -- Connecting to [somewhere.com]:1197 (x.x.x.x) via UDPv4
12:14:38.890 -- Server poll timeout, trying next remote entry...
12:14:38.892 -- EVENT: RECONNECTING
12:14:38.910 -- EVENT: RESOLVE
12:14:38.927 -- Contacting x.x.x.x:1197 via UDP
12:14:38.929 -- EVENT: WAIT
12:14:38.961 -- Connecting to [somewhere.com]:1197 (x.x.x.x) via UDPv4
12:14:48.898 -- Server poll timeout, trying next remote entry...
12:14:48.901 -- EVENT: RECONNECTING
12:14:48.915 -- EVENT: RESOLVE
12:14:48.931 -- Contacting x.x.x.x:1197 via UDP
12:14:48.932 -- EVENT: WAIT
12:14:48.945 -- Connecting to [somewhere.com]:1197 (x.x.x.x) via UDPv4
12:14:58.902 -- Server poll timeout, trying next remote entry...
12:14:58.905 -- EVENT: RECONNECTING
12:14:58.918 -- EVENT: RESOLVE
12:14:58.951 -- Contacting x.x.x.x:1197 via UDP
12:14:58.952 -- EVENT: WAIT
12:14:58.977 -- Connecting to [somewhere.com]:1197 (x.x.x.x) via UDPv4
12:15:00.791 -- EVENT: DISCONNECTED
12:15:00.798 -- EVENT: CORE_THREAD_INACTIVE
12:15:00.799 -- Tunnel bytes per CPU second: 0
12:15:00.800 -- ----- OpenVPN Stop -----
Last edited by eelstrebor on Fri Oct 19, 2018 6:23 pm, edited 1 time in total.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: connections good on lan but not wan
You client is only waiting for ~10 seconds to connect, this is, evidently, not long enough.
I have no idea how you have managed to do that ..
I have no idea how you have managed to do that ..
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Dec 28, 2017 1:31 am
Re: connections good on lan but not wan
None of my clients are connecting from the WAN side. Some are smartphones running OpenVPN Connect while others are laptops configured with NetworkManager (Ubuntu 18.04.1 - Bionic)
Android OpenVPN Connect version 3.0.5
Ubuntu OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08)
DD-WRT OpenVPN 2.4.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 16 2018
library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.09
Android OpenVPN Connect version 3.0.5
Ubuntu OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08)
DD-WRT OpenVPN 2.4.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 16 2018
library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.09
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Dec 28, 2017 1:31 am
Re: connections good on lan but not wan
Interesting, I changed from udp to tcp and now it works on both the lan and the wan. I don't understand why since udp worked fine in the past and it makes me wonder why udp worked ok on the lan but not the wan. Not only that, I had port forwarding set for udp only and then I turned off the port forward and all devices still connected! Either my knowledge of networking is woefully inadequate or maybe there's a bug in the dd-wrt firmware. For now, I'm satisfied with the results. I'm changing the port since it wasn't my ultimate setup anyway.
-
- OpenVpn Newbie
- Posts: 18
- Joined: Mon Mar 20, 2017 2:51 pm
Re: connections good on lan but not wan
LoL, i have very similar problems with TAP and bridge mode ...
viewtopic.php?f=6&t=27253
... but i didnt consider switching to TCP. This is the first thing ill try when ill return to home.
viewtopic.php?f=6&t=27253
... but i didnt consider switching to TCP. This is the first thing ill try when ill return to home.
-
- OpenVpn Newbie
- Posts: 18
- Joined: Mon Mar 20, 2017 2:51 pm
Re: connections good on lan but not wan
Ohhhh yeaaaah! Its alive!!! Finally after all these days it works on TCP. Thanks eelstrebor soo much!
But still i wondering why on LAN side it works with UDP, but on WAN only with TCP? Both my routers have redirection port set to ALL/BOTH so they pass TCP and UDP. My ISP also claims that he dont block neither of them.
But still i wondering why on LAN side it works with UDP, but on WAN only with TCP? Both my routers have redirection port set to ALL/BOTH so they pass TCP and UDP. My ISP also claims that he dont block neither of them.
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Dec 28, 2017 1:31 am
Re: connections good on lan but not wan
you're welcome.
Same here.But still i wondering why on LAN side it works with UDP, but on WAN only with TCP? Both my routers have redirection port set to ALL/BOTH so they pass TCP and UDP. My ISP also claims that he dont block neither of them.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sun Mar 24, 2019 4:01 am
Re: connections good on lan but not wan
Similar issue
OpenVPN on Windows Server 2016 and client on Windows10. Firewall 1194 is open on both incoming and outgoing on both server/client. Router have port 1194 forwarded to server internal network ip. Using UDP, able to connect within LAN but getting TLS error through WAN. Spend weeks with no success until I change setup to TCP.
Thanks eelstrebor!
Similarly, wondering why on LAN side it works with UDP, but on WAN only with TCP.
OpenVPN on Windows Server 2016 and client on Windows10. Firewall 1194 is open on both incoming and outgoing on both server/client. Router have port 1194 forwarded to server internal network ip. Using UDP, able to connect within LAN but getting TLS error through WAN. Spend weeks with no success until I change setup to TCP.
Thanks eelstrebor!
Similarly, wondering why on LAN side it works with UDP, but on WAN only with TCP.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Aug 27, 2019 4:07 am
Re: connections good on lan but not wan
Experiencing this same issue.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Mar 09, 2020 5:40 pm
Re: connections good on lan but not wan
Hi,
I am having the same issue but changing to only TCP from client side was not enough. If I connect from LAN, I have no problems. If I connect from WAN (I have configured port forwarding and I also put the VPN server in the DMZ for testing purposes), I am not able to get connected. Tried with my mobile and with laptop. The same clients as are able to be connected from LAN.
I am using the virtual appliance for OpenVPN server.
Any ideas?
Thanks,
Bruno
I am having the same issue but changing to only TCP from client side was not enough. If I connect from LAN, I have no problems. If I connect from WAN (I have configured port forwarding and I also put the VPN server in the DMZ for testing purposes), I am not able to get connected. Tried with my mobile and with laptop. The same clients as are able to be connected from LAN.
I am using the virtual appliance for OpenVPN server.
Any ideas?
Thanks,
Bruno
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: connections good on lan but not wan
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp