OpenVPN Support Forum

hello everybody its my first post, hopefuly somebody can help me understand my problem a little better.

So I have a ubuntu server with openvpn server working fine. I put it on a mobile data 4g connection which has carrier grade nat running so all ports are closed.

I found a tunelling service which helps get around this, its called ngrok im sure alot of people know it.

So basically ngrok is a reverse tunell this is how it works:
1 ubuntu server with openvpn connects to ngrok server through their app on port 80, forwards any local port from ubuntu server to external address going through ngrok server and giving "ngrok ip address+port"
2. any pc on the internet can connect to "ngrok ip address+port" and is translated into ubuntu server local port.

Now I confirmed this working with ssh server.
1. ssh server port 22 runnign on ubuntu server
2. ubuntu server connect to ngrok-> forward local port 22
3. ngrok generate static external address + port
4. connect from machine on Internet to ngrok external address + port
5. success successfully connected to ssh server on ubuntu server machine.

So I try doing same with openvpn server but it doesn't work.

I see on the logs there us EOF errors from the openvpn server.

it means the tunell is doing its job but not fully. Is this a limitation? am I wasting my time? has anybody attempted this before? I am kind of stuck now l, any help would be really appreciated

thank you in advance!

Logs please ..

Please see:
viewtopic.php?f=30&t=22603#p68963

Hi I actually figured this out on my own, it was user error.
1. I was doing tunnelling wrong with ssh but that is. easy enough to google so don't need to go into it
2. The Android openvpn app I tried using crashes ssh when attempting to connect so another problem

Setup confirmed and working on desktop tho, so non issue solved thanx

So, is it possible to tunnell openvpn server out from behind cgnat?

We would like to know.

yes it is possible and working for me by doing everything I said in post number 1.

my issue was I was doing tunnelling wrong through ssh now that I create a local port on the host connection and point it at the lan ip of the open vpn server on the ssh host it works.

so it is possible to tunell and open vpn connection from behind a cgnat with the clause that a reverse tunell needs to be created to a tunelling service or a tunell server on a static open ip from the server behind the cgnat. In my case ngrok

i am faced with the same situation. apparently. my post got deleted. would like help on how it can be done using ngrok.

*update*
fixed already!

It was not deleted.
If you click your username you can find it.

oh thanks a lot pippin! saw it and updated it with the fix.

badmonkey wrote: ↑

Fri Nov 08, 2019 9:51 am

yes it is possible and working for me by doing everything I said in post number 1.

my issue was I was doing tunnelling wrong through ssh now that I create a local port on the host connection and point it at the lan ip of the open vpn server on the ssh host it works.

so it is possible to tunell and open vpn connection from behind a cgnat with the clause that a reverse tunell needs to be created to a tunelling service or a tunell server on a static open ip from the server behind the cgnat. In my case ngrok

Hi,
I'm on same situation.
Could you please explain your resolution in a bit more details?

My current setup:

Configured OpenVPN server in Ubuntu machine accepting connections over TCP Port 1491.
On the same machine I'm using ngrok to open TCP Port 1491.

On Android device using OpenVPN client I am able to connect when I am on the same local network of the Ubuntu OpenVPN server but not over the internet via ngrok tunnel. I get "Transport error, network Is unreachable" even if ngrok tunnel is properly connected.

Could someone help?

Thank you very much.

badmonkey wrote: ↑

Fri Nov 08, 2019 9:51 am

yes it is possible and working for me by doing everything I said in post number 1.

my issue was I was doing tunnelling wrong through ssh now that I create a local port on the host connection and point it at the lan ip of the open vpn server on the ssh host it works.

so it is possible to tunell and open vpn connection from behind a cgnat with the clause that a reverse tunell needs to be created to a tunelling service or a tunell server on a static open ip from the server behind the cgnat. In my case ngrok

hello badmonkey ,
can you share your openvpn server and client config files

Late update but was able to setup a vm and a raspberry pi 4 2gb with openvpnas under cgnat using ngrok : viewtopic.php?t=30787