Connecting from iOS device to OpenVPN Server on Windows 7

[testing]

Hi,

my current setup looks like the following: I followed the instructions from PCWelt. OpenVPN Server is installed on Win7 which again is running in VmWare and the internet is shared over the NAT option. The firewall is turned off. My goal is to test OpenVPN capabilities before I install it on my WHS 2011. My iOS 7.1.1 device is an iPhone 4S with OpenVPN installed.

Here is my server config:

Code: Select all

# Zertifikate
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\WHSOpenVPN.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\WHSOpenVPN.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"

# Server und Netzwerk
local 192.168.1.16 #LAN-Adresse des Servers
port 1194
proto udp
dev tun
server 192.168.1.100 255.255.255.240 #Subnetz
ifconfig-pool-persist ipp.txt
comp-lzo
persist-key
persist-tun
keepalive 10 120

# Log
status "C:\\Program Files\\OpenVPN\\log\\openvpn-status.log" 
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log" 
log-append "C:\\Program Files\\OpenVPN\\log\\openvpn.log" 
verb 3

The IP address here is the one from the host machine. On VmWare it is 192.168.182.128.

Client config:

Code: Select all

# Zertifikate
ca ca.crt
cert MeinClient.crt
key MeinClient.key

# Client-Setup
client
dev tun
proto udp
remote xxx.homeserver.com 8080 #Hostname anpassen
resolv-retry infinite
nobind
persist-key
persist-tun
route-metric 512
route 0.0.0.0 0.0.0.0
comp-lzo
verb 3

All files were imported via iTunes on the iOS device. I'm using the domain name from the WHS for this. On my fritz.box I redirect UDP port 8080 to my host machine to port 1194. I already change to tun-based OpenVPN server, because tap-tunnel are not possible on iOS.

I cannot connect to the VPN server. This is the log from OpenVPN:

Code: Select all

2014-06-04 15:25:32 ----- OpenVPN Start (iOS 32-bit) -----
2014-06-04 15:25:32 UNUSED OPTIONS
7 [resolv-retry] [infinite] 
8 [nobind] 
9 [persist-key] 
10 [persist-tun] 
11 [route-metric] [512] 
14 [verb] [3] 

2014-06-04 15:25:32 LZO-ASYM init swap=0 asym=0
2014-06-04 15:25:32 EVENT: RESOLVE
2014-06-04 15:25:34 Contacting 1.2.3.4:8080 via UDP
2014-06-04 15:25:34 EVENT: WAIT
2014-06-04 15:25:34 Connecting to xxx.homeserver.com:8080 (1.2.3.4) via UDPv4
2014-06-04 15:25:42 Server poll timeout, trying next remote entry...
2014-06-04 15:25:42 EVENT: RECONNECTING
2014-06-04 15:25:42 LZO-ASYM init swap=0 asym=0
2014-06-04 15:25:42 EVENT: RESOLVE
2014-06-04 15:25:42 Contacting 1.2.3.4:8080 via UDP
2014-06-04 15:25:42 EVENT: WAIT
2014-06-04 15:25:42 Connecting to xxx.homeserver.com:8080 (1.2.3.4) via UDPv4
2014-06-04 15:25:52 Server poll timeout, trying next remote entry...
2014-06-04 15:25:52 EVENT: RECONNECTING
2014-06-04 15:25:52 LZO-ASYM init swap=0 asym=0
2014-06-04 15:25:52 EVENT: RESOLVE
2014-06-04 15:25:52 Contacting 1.2.3.4:8080 via UDP
2014-06-04 15:25:52 EVENT: WAIT
2014-06-04 15:25:52 Connecting to xxx.homeserver.com:8080 (1.2.3.4) via UDPv4
2014-06-04 15:26:02 Server poll timeout, trying next remote entry...
2014-06-04 15:26:02 EVENT: RECONNECTING
2014-06-04 15:26:02 LZO-ASYM init swap=0 asym=0
2014-06-04 15:26:02 EVENT: RESOLVE
2014-06-04 15:26:02 Contacting 1.2.3.4:8080 via UDP
2014-06-04 15:26:02 EVENT: WAIT
2014-06-04 15:26:02 Connecting to xxx.homeserver.com:8080 (1.2.3.4) via UDPv4
2014-06-04 15:26:12 Server poll timeout, trying next remote entry...
2014-06-04 15:26:12 EVENT: RECONNECTING
2014-06-04 15:26:12 LZO-ASYM init swap=0 asym=0
2014-06-04 15:26:12 EVENT: RESOLVE
2014-06-04 15:26:12 Contacting 1.2.3.4:8080 via UDP
2014-06-04 15:26:12 EVENT: WAIT
2014-06-04 15:26:12 Connecting to xxx.homeserver.com:8080 (1.2.3.4) via UDPv4
2014-06-04 15:26:22 Server poll timeout, trying next remote entry...
2014-06-04 15:26:22 EVENT: RECONNECTING
2014-06-04 15:26:22 LZO-ASYM init swap=0 asym=0
2014-06-04 15:26:22 EVENT: RESOLVE
2014-06-04 15:26:22 Contacting 1.2.3.4:8080 via UDP
2014-06-04 15:26:22 EVENT: WAIT
2014-06-04 15:26:22 Connecting to xxx.homeserver.com:8080 (1.2.3.4) via UDPv4
2014-06-04 15:26:32 EVENT: CONNECTION_TIMEOUT [ERR]
2014-06-04 15:26:32 EVENT: DISCONNECTED
2014-06-04 15:26:32 Raw stats on disconnect:
  BYTES_OUT : 420
  PACKETS_OUT : 30
  CONNECTION_TIMEOUT : 1
  N_RECONNECT : 5
2014-06-04 15:26:32 Performance stats on disconnect:
  CPU usage (microseconds): 78752
  Network bytes per CPU second: 5333
  Tunnel bytes per CPU second: 0
2014-06-04 15:26:32 ----- OpenVPN Stop -----
2014-06-04 15:26:32 EVENT: DISCONNECT_PENDING

On the server the log files are empty. It seems that the network connection has problems. But where is my fallacy? The instructions I found are all for Linux and not for Windows. Perhaps I have to look here further.

The second network adapter on the OpenVPN server (TAP-Windows Adapter V9) is still deactivated. Do I have to take additional steps here? Because TAP isn't used anymore and it should be active.

I've read that other users are also having troubles with iOS devices. Is it possible to do that like I want?

Thanks!

Cheers,
testing

[testing]

Hi debbie10t,

what is wrong with the ports?

I want that OpenVPN is external available on port 8080 (port 80 and 443 already used). The fritz.box should redirect from port 8080 to port 1194 internally.

What I can imagine that on the host (192.168.1.16) I need a port redirect to the VMWare client (192.168.182.128). But currently I haven't checked if I really need it. Would my setup basically work?

Thanks!

Cheers,
testing

[testing]

I changed everything to port 1194. Additonally, I added a port forwarding rule in VM Ware itself. I still get a connection timeout.

Which means do I have to test the connection?

[testing]

Thanks for your response!

I read the server manual and change the server and the VPN lan address:

Code: Select all

# Zertifikate
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\WHSOpenVPN.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\WHSOpenVPN.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"

# Server und Netzwerk
[b]local 10.8.61.1[/b] #LAN-Adresse des Servers
port 1194
proto udp
dev tun
[b]server 10.8.61.0 255.255.255.0[/b] #Subnetz
ifconfig-pool-persist ipp.txt
comp-lzo
persist-key
persist-tun
keepalive 10 120

# Log
status "C:\\Program Files\\OpenVPN\\log\\openvpn-status.log" 
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log" 
;log-append "C:\\Program Files\\OpenVPN\\log\\openvpn.log" 
verb 3

I also tried verb 5/6 but the server.log is empty. On the client side I still get a connection timeout.

PS: Because of my LAN network number - I will change it the next time I reconfigure my network.

[testing]

I still get connection timeouts. I tried different local IPs. E.g.

local 192.168.182.128 #LAN-Adresse des Servers
server 10.8.61.0 255.255.255.0 #Subnetz

The VMWare host has the IP 192.168.1.16. I have two additional VMware Network Adapter VMnet1 & VMnet 8. VMnet1 (192.168.213.1 without gateway). VMnet8 (192.168.182.1 without gateway).

In the VMWare itself I have ipconfig tells me for the ethernet adapter the following settings:
IP: 192.168.182.128
Subnet: 255.255.255.0
Gateway: 192.168.182.2

The TAP-Adapter V9 gets 10.8.61.1 as IP and 255.255.255.252 as subnet without gateway address.

In the VMware I have the following port forwarding rule:


Which local IP is the correct one? I tried it with all IPs but none of them worked. Besides the connection timeout the "Bytes In" is zero.