Setup:
- My modem is DSL modem from AT&T (NVG589)
The router I'm using is a Nighthawk AX4.
I created a ddns on the router
I have a window 7 computer running the OpenVPN server
I have a windows 10 (test computer) as a client
Before I begin, I did enable "VPN Service" from my router. I did have configuration files to download, but they didn't work as I don't know why. What's strange is that it provided me with client files but not server files. I followed tutorials on how to setup the OpenVPN. Not sure if this screen will help anyone:
https://imgur.com/mtSGJvJ
For my OpenVPN sever, I have the following code:
Server Config
dev-node "NETGEAR-VPN"
mode server
port 25340
proto tcp4-server
dev tun
tls-server
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 0
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\NETGEAR-VPN.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\NETGEAR-VPN.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh2048.pem"
server 10.10.10.0 255.255.255.0
client-to-client
keepalive 10 120
cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
client-config-dir "C:\\Program Files\\OpenVPN\\config"
verb 3
route-delay 5
route-method exe
push "route 192.168.0.0 255.255.255.0"
route 192.168.182.0 255.255.255.0
mode server
port 25340
proto tcp4-server
dev tun
tls-server
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 0
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\NETGEAR-VPN.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\NETGEAR-VPN.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh2048.pem"
server 10.10.10.0 255.255.255.0
client-to-client
keepalive 10 120
cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
client-config-dir "C:\\Program Files\\OpenVPN\\config"
verb 3
route-delay 5
route-method exe
push "route 192.168.0.0 255.255.255.0"
route 192.168.182.0 255.255.255.0
For my Client Server, I have the following code:
Client Config
remote [My DDNS]
client
port 25340
proto tcp4-client
dev tun
tls-client
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1
remote-cert-tls server
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\ClientVPN.crt"
key "C:\\Program Files\\OpenVPN\\config\\ClientVPN.key"
cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
verb 3
mute 20
client
port 25340
proto tcp4-client
dev tun
tls-client
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1
remote-cert-tls server
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\ClientVPN.crt"
key "C:\\Program Files\\OpenVPN\\config\\ClientVPN.key"
cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
verb 3
mute 20
I set my window 7 (server) to have a static IP address (I did into in the computer itself), I also reserved the IP on the router.
Then set a portforwarding rule so I can access the server from the outside network, as shown:
https://imgur.com/UgexaD0
Now I started the server, and everything seems fine. It shows that it's working
Code: Select all
Thu Mar 26 19:24:18 2020 --pull-filter ignored for --mode server
Thu Mar 26 19:24:18 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Thu Mar 26 19:24:18 2020 Windows version 6.1 (Windows 7) 64bit
Thu Mar 26 19:24:18 2020 library versions: OpenSSL 1.1.0l 10 Sep 2019, LZO 2.10
Enter Management Password:
Thu Mar 26 19:24:18 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Mar 26 19:24:18 2020 Need hold release from management interface, waiting...
Thu Mar 26 19:24:19 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Mar 26 19:24:19 2020 MANAGEMENT: CMD 'state on'
Thu Mar 26 19:24:19 2020 MANAGEMENT: CMD 'log all on'
Thu Mar 26 19:24:19 2020 MANAGEMENT: CMD 'echo all on'
Thu Mar 26 19:24:19 2020 MANAGEMENT: CMD 'bytecount 5'
Thu Mar 26 19:24:19 2020 MANAGEMENT: CMD 'hold off'
Thu Mar 26 19:24:19 2020 MANAGEMENT: CMD 'hold release'
Thu Mar 26 19:24:19 2020 Diffie-Hellman initialized with 2048 bit key
Thu Mar 26 19:24:19 2020 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
Thu Mar 26 19:24:19 2020 ECDH curve secp384r1 added
Thu Mar 26 19:24:19 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar 26 19:24:19 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar 26 19:24:19 2020 interactive service msg_channel=224
Thu Mar 26 19:24:19 2020 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 I=13 HWADDR=38:60:77:77:31:2c
Thu Mar 26 19:24:19 2020 open_tun
Thu Mar 26 19:24:19 2020 TAP-WIN32 device [NETGEAR-VPN] opened: \\.\Global\{735E7352-2A0C-4CB2-ADBF-F5CD8FC790AF}.tap
Thu Mar 26 19:24:19 2020 TAP-Windows Driver Version 9.24
Thu Mar 26 19:24:19 2020 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.10.1/255.255.255.252 on interface {735E7352-2A0C-4CB2-ADBF-F5CD8FC790AF} [DHCP-serv: 10.10.10.2, lease-time: 31536000]
Thu Mar 26 19:24:19 2020 Sleeping for 5 seconds...
Thu Mar 26 19:24:24 2020 Successful ARP Flush on interface [22] {735E7352-2A0C-4CB2-ADBF-F5CD8FC790AF}
Thu Mar 26 19:24:24 2020 MANAGEMENT: >STATE:1585275864,ASSIGN_IP,,10.10.10.1,,,,
Thu Mar 26 19:24:24 2020 MANAGEMENT: >STATE:1585275864,ADD_ROUTES,,,,,,
Thu Mar 26 19:24:24 2020 C:\Windows\system32\route.exe ADD 192.168.182.0 MASK 255.255.255.0 10.10.10.2
Thu Mar 26 19:24:24 2020 Route addition via service succeeded
Thu Mar 26 19:24:24 2020 C:\Windows\system32\route.exe ADD 10.10.10.0 MASK 255.255.255.0 10.10.10.2
Thu Mar 26 19:24:24 2020 Route addition via service succeeded
Thu Mar 26 19:24:24 2020 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Mar 26 19:24:24 2020 Listening for incoming TCP connection on [AF_INET][undef]:25340
Thu Mar 26 19:24:24 2020 TCPv4_SERVER link local (bound): [AF_INET][undef]:25340
Thu Mar 26 19:24:24 2020 TCPv4_SERVER link remote: [AF_UNSPEC]
Thu Mar 26 19:24:24 2020 MULTI: multi_init called, r=256 v=256
Thu Mar 26 19:24:24 2020 IFCONFIG POOL: base=10.10.10.4 size=62, ipv6=0
Thu Mar 26 19:24:24 2020 MULTI: TCP INIT maxclients=60 maxevents=64
Thu Mar 26 19:24:24 2020 Initialization Sequence Completed
Thu Mar 26 19:24:24 2020 MANAGEMENT: >STATE:1585275864,CONNECTED,SUCCESS,10.10.10.1,,,,
Code: Select all
Thu Mar 26 20:51:10 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Thu Mar 26 20:51:10 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Mar 26 20:51:10 2020 library versions: OpenSSL 1.1.0l 10 Sep 2019, LZO 2.10
Thu Mar 26 20:51:10 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Mar 26 20:51:10 2020 Need hold release from management interface, waiting...
Thu Mar 26 20:51:10 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Mar 26 20:51:10 2020 MANAGEMENT: CMD 'state on'
Thu Mar 26 20:51:10 2020 MANAGEMENT: CMD 'log all on'
Thu Mar 26 20:51:10 2020 MANAGEMENT: CMD 'echo all on'
Thu Mar 26 20:51:10 2020 MANAGEMENT: CMD 'bytecount 5'
Thu Mar 26 20:51:10 2020 MANAGEMENT: CMD 'hold off'
Thu Mar 26 20:51:10 2020 MANAGEMENT: CMD 'hold release'
Thu Mar 26 20:51:10 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar 26 20:51:10 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar 26 20:51:10 2020 MANAGEMENT: >STATE:1585281070,RESOLVE,,,,,,
Thu Mar 26 20:51:11 2020 TCP/UDP: Preserving recently used remote address: [AF_INET][MY PUBLIC IP]
Thu Mar 26 20:51:11 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Mar 26 20:51:11 2020 Attempting to establish TCP connection with [AF_INET][MY PUBLIC IP]:25340 [nonblock]
Thu Mar 26 20:51:11 2020 MANAGEMENT: >STATE:1585281071,TCP_CONNECT,,,,,,
Thu Mar 26 20:53:11 2020 TCP: connect to [AF_INET][MY PUBLIC IP]:25340 failed: Unknown error
Thu Mar 26 20:53:11 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Thu Mar 26 20:53:11 2020 MANAGEMENT: >STATE:1585281191,RECONNECTING,init_instance,,,,,
Thu Mar 26 20:53:11 2020 Restart pause, 5 second(s)
Thu Mar 26 20:53:16 2020 MANAGEMENT: >STATE:1585281196,RESOLVE,,,,,,
Thu Mar 26 20:53:16 2020 TCP/UDP: Preserving recently used remote address: [AF_INET][MY PUBLIC IP]:25340
Thu Mar 26 20:53:16 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Mar 26 20:53:16 2020 Attempting to establish TCP connection with [AF_INET][MY PUBLIC IP]:25340 [nonblock]
Thu Mar 26 20:53:16 2020 MANAGEMENT: >STATE:1585281196,TCP_CONNECT,,,,,,
Troubleshooting (things I can think that might be causing the issue):
- Disable firewall, both server and client computer
Disable firewall on router and modem. Router's firewall was never set but the modem had a firewall.
change port number
Server - check if firewall is blocking any connection, and it doesn't
Check if port is listening on both server and client and they are (not really sure if that tells me anything). I ran the command [netstat -aon | find /i "listening"]
I enable remote management on the router just to check if I could remote into the router, but I can't do that either.