Is it possible to tunnell openvpn server out from behind cgnat?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Oct 29, 2019 12:35 am
Is it possible to tunnell openvpn server out from behind cgnat?
hello everybody its my first post, hopefuly somebody can help me understand my problem a little better.
So I have a ubuntu server with openvpn server working fine. I put it on a mobile data 4g connection which has carrier grade nat running so all ports are closed.
I found a tunelling service which helps get around this, its called ngrok im sure alot of people know it.
So basically ngrok is a reverse tunell this is how it works:
1 ubuntu server with openvpn connects to ngrok server through their app on port 80, forwards any local port from ubuntu server to external address going through ngrok server and giving "ngrok ip address+port"
2. any pc on the internet can connect to "ngrok ip address+port" and is translated into ubuntu server local port.
Now I confirmed this working with ssh server.
1. ssh server port 22 runnign on ubuntu server
2. ubuntu server connect to ngrok-> forward local port 22
3. ngrok generate static external address + port
4. connect from machine on Internet to ngrok external address + port
5. success successfully connected to ssh server on ubuntu server machine.
So I try doing same with openvpn server but it doesn't work.
I see on the logs there us EOF errors from the openvpn server.
it means the tunell is doing its job but not fully. Is this a limitation? am I wasting my time? has anybody attempted this before? I am kind of stuck now l, any help would be really appreciated
thank you in advance!
So I have a ubuntu server with openvpn server working fine. I put it on a mobile data 4g connection which has carrier grade nat running so all ports are closed.
I found a tunelling service which helps get around this, its called ngrok im sure alot of people know it.
So basically ngrok is a reverse tunell this is how it works:
1 ubuntu server with openvpn connects to ngrok server through their app on port 80, forwards any local port from ubuntu server to external address going through ngrok server and giving "ngrok ip address+port"
2. any pc on the internet can connect to "ngrok ip address+port" and is translated into ubuntu server local port.
Now I confirmed this working with ssh server.
1. ssh server port 22 runnign on ubuntu server
2. ubuntu server connect to ngrok-> forward local port 22
3. ngrok generate static external address + port
4. connect from machine on Internet to ngrok external address + port
5. success successfully connected to ssh server on ubuntu server machine.
So I try doing same with openvpn server but it doesn't work.
I see on the logs there us EOF errors from the openvpn server.
it means the tunell is doing its job but not fully. Is this a limitation? am I wasting my time? has anybody attempted this before? I am kind of stuck now l, any help would be really appreciated
thank you in advance!
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Oct 29, 2019 12:35 am
Re: Is it possible to tunnell openvpn server out from behind cgnat?
Hi I actually figured this out on my own, it was user error.
1. I was doing tunnelling wrong with ssh but that is. easy enough to google so don't need to go into it
2. The Android openvpn app I tried using crashes ssh when attempting to connect so another problem
Setup confirmed and working on desktop tho, so non issue solved thanx
1. I was doing tunnelling wrong with ssh but that is. easy enough to google so don't need to go into it
2. The Android openvpn app I tried using crashes ssh when attempting to connect so another problem
Setup confirmed and working on desktop tho, so non issue solved thanx
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Is it possible to tunnell openvpn server out from behind cgnat?
So, is it possible to tunnell openvpn server out from behind cgnat?
We would like to know.
We would like to know.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Oct 29, 2019 12:35 am
Re: Is it possible to tunnell openvpn server out from behind cgnat?
yes it is possible and working for me by doing everything I said in post number 1.
my issue was I was doing tunnelling wrong through ssh now that I create a local port on the host connection and point it at the lan ip of the open vpn server on the ssh host it works.
so it is possible to tunell and open vpn connection from behind a cgnat with the clause that a reverse tunell needs to be created to a tunelling service or a tunell server on a static open ip from the server behind the cgnat. In my case ngrok
my issue was I was doing tunnelling wrong through ssh now that I create a local port on the host connection and point it at the lan ip of the open vpn server on the ssh host it works.
so it is possible to tunell and open vpn connection from behind a cgnat with the clause that a reverse tunell needs to be created to a tunelling service or a tunell server on a static open ip from the server behind the cgnat. In my case ngrok
-
- OpenVPN User
- Posts: 32
- Joined: Fri Aug 07, 2020 4:30 pm
Re: Is it possible to tunnell openvpn server out from behind cgnat?
i am faced with the same situation. apparently. my post got deleted. would like help on how it can be done using ngrok.
*update*
fixed already!
*update*
fixed already!
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Is it possible to tunnell openvpn server out from behind cgnat?
It was not deleted.
If you click your username you can find it.
If you click your username you can find it.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVPN User
- Posts: 32
- Joined: Fri Aug 07, 2020 4:30 pm
Re: Is it possible to tunnell openvpn server out from behind cgnat?
oh thanks a lot pippin! saw it and updated it with the fix.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Sep 02, 2020 12:59 pm
Re: Is it possible to tunnell openvpn server out from behind cgnat?
Hi,badmonkey wrote: ↑Fri Nov 08, 2019 9:51 amyes it is possible and working for me by doing everything I said in post number 1.
my issue was I was doing tunnelling wrong through ssh now that I create a local port on the host connection and point it at the lan ip of the open vpn server on the ssh host it works.
so it is possible to tunell and open vpn connection from behind a cgnat with the clause that a reverse tunell needs to be created to a tunelling service or a tunell server on a static open ip from the server behind the cgnat. In my case ngrok
I'm on same situation.
Could you please explain your resolution in a bit more details?
My current setup:
Configured OpenVPN server in Ubuntu machine accepting connections over TCP Port 1491.
On the same machine I'm using ngrok to open TCP Port 1491.
On Android device using OpenVPN client I am able to connect when I am on the same local network of the Ubuntu OpenVPN server but not over the internet via ngrok tunnel. I get "Transport error, network Is unreachable" even if ngrok tunnel is properly connected.
Could someone help?
Thank you very much.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Thu Jan 14, 2021 8:57 am
Re: Is it possible to tunnell openvpn server out from behind cgnat?
hello badmonkey ,badmonkey wrote: ↑Fri Nov 08, 2019 9:51 amyes it is possible and working for me by doing everything I said in post number 1.
my issue was I was doing tunnelling wrong through ssh now that I create a local port on the host connection and point it at the lan ip of the open vpn server on the ssh host it works.
so it is possible to tunell and open vpn connection from behind a cgnat with the clause that a reverse tunell needs to be created to a tunelling service or a tunell server on a static open ip from the server behind the cgnat. In my case ngrok
can you share your openvpn server and client config files
-
- OpenVPN User
- Posts: 32
- Joined: Fri Aug 07, 2020 4:30 pm
Re: Is it possible to tunnell openvpn server out from behind cgnat?
Late update but was able to setup a vm and a raspberry pi 4 2gb with openvpnas under cgnat using ngrok : viewtopic.php?t=30787