Is it possible to tunnell openvpn server out from behind cgnat?

Use this forum to share your VPN or network disasters. Show diagrams, traffic graphs, or whatever else you need (a video of you letting the 'smoke' out of our network gear).
Post Reply
badmonkey
OpenVpn Newbie
Posts: 3
Joined: Tue Oct 29, 2019 12:35 am

Is it possible to tunnell openvpn server out from behind cgnat?

Post by badmonkey » Tue Oct 29, 2019 12:47 am

hello everybody its my first post, hopefuly somebody can help me understand my problem a little better.

So I have a ubuntu server with openvpn server working fine. I put it on a mobile data 4g connection which has carrier grade nat running so all ports are closed.

I found a tunelling service which helps get around this, its called ngrok im sure alot of people know it.

So basically ngrok is a reverse tunell this is how it works:
1 ubuntu server with openvpn connects to ngrok server through their app on port 80, forwards any local port from ubuntu server to external address going through ngrok server and giving "ngrok ip address+port"
2. any pc on the internet can connect to "ngrok ip address+port" and is translated into ubuntu server local port.

Now I confirmed this working with ssh server.
1. ssh server port 22 runnign on ubuntu server
2. ubuntu server connect to ngrok-> forward local port 22
3. ngrok generate static external address + port
4. connect from machine on Internet to ngrok external address + port
5. success successfully connected to ssh server on ubuntu server machine.

So I try doing same with openvpn server but it doesn't work.

I see on the logs there us EOF errors from the openvpn server.

it means the tunell is doing its job but not fully. Is this a limitation? am I wasting my time? has anybody attempted this before? I am kind of stuck now l, any help would be really appreciated

thank you in advance!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 6182
Joined: Fri Jun 03, 2016 1:17 pm

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by TinCanTech » Tue Oct 29, 2019 2:06 pm

Logs please ..

Please see:
viewtopic.php?f=30&t=22603#p68963

badmonkey
OpenVpn Newbie
Posts: 3
Joined: Tue Oct 29, 2019 12:35 am

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by badmonkey » Wed Oct 30, 2019 7:39 am

Hi I actually figured this out on my own, it was user error.
1. I was doing tunnelling wrong with ssh but that is. easy enough to google so don't need to go into it
2. The Android openvpn app I tried using crashes ssh when attempting to connect so another problem

Setup confirmed and working on desktop tho, so non issue solved thanx

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 6182
Joined: Fri Jun 03, 2016 1:17 pm

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by TinCanTech » Wed Oct 30, 2019 4:03 pm

So, is it possible to tunnell openvpn server out from behind cgnat?

We would like to know.

badmonkey
OpenVpn Newbie
Posts: 3
Joined: Tue Oct 29, 2019 12:35 am

Re: Is it possible to tunnell openvpn server out from behind cgnat?

Post by badmonkey » Fri Nov 08, 2019 9:51 am

yes it is possible and working for me by doing everything I said in post number 1.

my issue was I was doing tunnelling wrong through ssh now that I create a local port on the host connection and point it at the lan ip of the open vpn server on the ssh host it works.

so it is possible to tunell and open vpn connection from behind a cgnat with the clause that a reverse tunell needs to be created to a tunelling service or a tunell server on a static open ip from the server behind the cgnat. In my case ngrok

Post Reply