Need Help Troubleshooting my VPN

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Scheung053
OpenVpn Newbie
Posts: 1
Joined: Fri Mar 27, 2020 4:26 am

Need Help Troubleshooting my VPN

Post by Scheung053 » Fri Mar 27, 2020 4:30 am

I'm not that experienced with networking, but I wanted to try my hands on setting up a VPN so I can access files from anywhere. I am using an open source VPN service called OpenVPN to setup my VPN.

Setup:
  • My modem is DSL modem from AT&T (NVG589)

    The router I'm using is a Nighthawk AX4.

    I created a ddns on the router

    I have a window 7 computer running the OpenVPN server

    I have a windows 10 (test computer) as a client
Configuration:

Before I begin, I did enable "VPN Service" from my router. I did have configuration files to download, but they didn't work as I don't know why. What's strange is that it provided me with client files but not server files. I followed tutorials on how to setup the OpenVPN. Not sure if this screen will help anyone:

https://imgur.com/mtSGJvJ

For my OpenVPN sever, I have the following code:

Server Config
dev-node "NETGEAR-VPN"
mode server
port 25340

proto tcp4-server
dev tun

tls-server
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 0

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\NETGEAR-VPN.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\NETGEAR-VPN.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh2048.pem"

server 10.10.10.0 255.255.255.0

client-to-client
keepalive 10 120
cipher AES-128-CBC
comp-lzo

persist-key
persist-tun
client-config-dir "C:\\Program Files\\OpenVPN\\config"

verb 3

route-delay 5
route-method exe

push "route 192.168.0.0 255.255.255.0"
route 192.168.182.0 255.255.255.0


For my Client Server, I have the following code:

Client Config
remote [My DDNS]
client
port 25340

proto tcp4-client
dev tun

tls-client
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1
remote-cert-tls server

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\ClientVPN.crt"
key "C:\\Program Files\\OpenVPN\\config\\ClientVPN.key"

cipher AES-128-CBC
comp-lzo

persist-key
persist-tun

verb 3
mute 20


I set my window 7 (server) to have a static IP address (I did into in the computer itself), I also reserved the IP on the router.

Then set a portforwarding rule so I can access the server from the outside network, as shown:

https://imgur.com/UgexaD0

Now I started the server, and everything seems fine. It shows that it's working

Code: Select all

Thu Mar 26 19:24:18 2020 --pull-filter ignored for --mode server
Thu Mar 26 19:24:18 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Thu Mar 26 19:24:18 2020 Windows version 6.1 (Windows 7) 64bit
Thu Mar 26 19:24:18 2020 library versions: OpenSSL 1.1.0l  10 Sep 2019, LZO 2.10
Enter Management Password:
Thu Mar 26 19:24:18 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Mar 26 19:24:18 2020 Need hold release from management interface, waiting...
Thu Mar 26 19:24:19 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Mar 26 19:24:19 2020 MANAGEMENT: CMD 'state on'
Thu Mar 26 19:24:19 2020 MANAGEMENT: CMD 'log all on'
Thu Mar 26 19:24:19 2020 MANAGEMENT: CMD 'echo all on'
Thu Mar 26 19:24:19 2020 MANAGEMENT: CMD 'bytecount 5'
Thu Mar 26 19:24:19 2020 MANAGEMENT: CMD 'hold off'
Thu Mar 26 19:24:19 2020 MANAGEMENT: CMD 'hold release'
Thu Mar 26 19:24:19 2020 Diffie-Hellman initialized with 2048 bit key
Thu Mar 26 19:24:19 2020 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
Thu Mar 26 19:24:19 2020 ECDH curve secp384r1 added
Thu Mar 26 19:24:19 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar 26 19:24:19 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar 26 19:24:19 2020 interactive service msg_channel=224
Thu Mar 26 19:24:19 2020 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 I=13 HWADDR=38:60:77:77:31:2c
Thu Mar 26 19:24:19 2020 open_tun
Thu Mar 26 19:24:19 2020 TAP-WIN32 device [NETGEAR-VPN] opened: \\.\Global\{735E7352-2A0C-4CB2-ADBF-F5CD8FC790AF}.tap
Thu Mar 26 19:24:19 2020 TAP-Windows Driver Version 9.24 
Thu Mar 26 19:24:19 2020 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.10.1/255.255.255.252 on interface {735E7352-2A0C-4CB2-ADBF-F5CD8FC790AF} [DHCP-serv: 10.10.10.2, lease-time: 31536000]
Thu Mar 26 19:24:19 2020 Sleeping for 5 seconds...
Thu Mar 26 19:24:24 2020 Successful ARP Flush on interface [22] {735E7352-2A0C-4CB2-ADBF-F5CD8FC790AF}
Thu Mar 26 19:24:24 2020 MANAGEMENT: >STATE:1585275864,ASSIGN_IP,,10.10.10.1,,,,
Thu Mar 26 19:24:24 2020 MANAGEMENT: >STATE:1585275864,ADD_ROUTES,,,,,,
Thu Mar 26 19:24:24 2020 C:\Windows\system32\route.exe ADD 192.168.182.0 MASK 255.255.255.0 10.10.10.2
Thu Mar 26 19:24:24 2020 Route addition via service succeeded
Thu Mar 26 19:24:24 2020 C:\Windows\system32\route.exe ADD 10.10.10.0 MASK 255.255.255.0 10.10.10.2
Thu Mar 26 19:24:24 2020 Route addition via service succeeded
Thu Mar 26 19:24:24 2020 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Mar 26 19:24:24 2020 Listening for incoming TCP connection on [AF_INET][undef]:25340
Thu Mar 26 19:24:24 2020 TCPv4_SERVER link local (bound): [AF_INET][undef]:25340
Thu Mar 26 19:24:24 2020 TCPv4_SERVER link remote: [AF_UNSPEC]
Thu Mar 26 19:24:24 2020 MULTI: multi_init called, r=256 v=256
Thu Mar 26 19:24:24 2020 IFCONFIG POOL: base=10.10.10.4 size=62, ipv6=0
Thu Mar 26 19:24:24 2020 MULTI: TCP INIT maxclients=60 maxevents=64
Thu Mar 26 19:24:24 2020 Initialization Sequence Completed
Thu Mar 26 19:24:24 2020 MANAGEMENT: >STATE:1585275864,CONNECTED,SUCCESS,10.10.10.1,,,,
But when I run the OpenVPN from the client computer (windows 10), I get a time out:

Code: Select all

Thu Mar 26 20:51:10 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Thu Mar 26 20:51:10 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Mar 26 20:51:10 2020 library versions: OpenSSL 1.1.0l  10 Sep 2019, LZO 2.10
Thu Mar 26 20:51:10 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Mar 26 20:51:10 2020 Need hold release from management interface, waiting...
Thu Mar 26 20:51:10 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Mar 26 20:51:10 2020 MANAGEMENT: CMD 'state on'
Thu Mar 26 20:51:10 2020 MANAGEMENT: CMD 'log all on'
Thu Mar 26 20:51:10 2020 MANAGEMENT: CMD 'echo all on'
Thu Mar 26 20:51:10 2020 MANAGEMENT: CMD 'bytecount 5'
Thu Mar 26 20:51:10 2020 MANAGEMENT: CMD 'hold off'
Thu Mar 26 20:51:10 2020 MANAGEMENT: CMD 'hold release'
Thu Mar 26 20:51:10 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar 26 20:51:10 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar 26 20:51:10 2020 MANAGEMENT: >STATE:1585281070,RESOLVE,,,,,,
Thu Mar 26 20:51:11 2020 TCP/UDP: Preserving recently used remote address: [AF_INET][MY PUBLIC IP]
Thu Mar 26 20:51:11 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Mar 26 20:51:11 2020 Attempting to establish TCP connection with [AF_INET][MY PUBLIC IP]:25340 [nonblock]
Thu Mar 26 20:51:11 2020 MANAGEMENT: >STATE:1585281071,TCP_CONNECT,,,,,,
Thu Mar 26 20:53:11 2020 TCP: connect to [AF_INET][MY PUBLIC IP]:25340 failed: Unknown error
Thu Mar 26 20:53:11 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Thu Mar 26 20:53:11 2020 MANAGEMENT: >STATE:1585281191,RECONNECTING,init_instance,,,,,
Thu Mar 26 20:53:11 2020 Restart pause, 5 second(s)
Thu Mar 26 20:53:16 2020 MANAGEMENT: >STATE:1585281196,RESOLVE,,,,,,
Thu Mar 26 20:53:16 2020 TCP/UDP: Preserving recently used remote address: [AF_INET][MY PUBLIC IP]:25340
Thu Mar 26 20:53:16 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Mar 26 20:53:16 2020 Attempting to establish TCP connection with [AF_INET][MY PUBLIC IP]:25340 [nonblock]
Thu Mar 26 20:53:16 2020 MANAGEMENT: >STATE:1585281196,TCP_CONNECT,,,,,,
I went on https://www.portchecktool.com/ to see if my port was open, and apparently not. I says connection timed out.

Troubleshooting (things I can think that might be causing the issue):
  • Disable firewall, both server and client computer

    Disable firewall on router and modem. Router's firewall was never set but the modem had a firewall.

    change port number

    Server - check if firewall is blocking any connection, and it doesn't

    Check if port is listening on both server and client and they are (not really sure if that tells me anything). I ran the command [netstat -aon | find /i "listening"]

    I enable remote management on the router just to check if I could remote into the router, but I can't do that either.
Honestly ran out of ideas on what is going on and how to trouble shoot this issue. If anyone can help, it would be much appreciated. And if you need more information, I am happy to provide.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7131
Joined: Fri Jun 03, 2016 1:17 pm

Re: Need Help Troubleshooting my VPN

Post by TinCanTech » Fri Mar 27, 2020 12:06 pm

You need to verify that the client can reach the server.

Set `verb 4` in your server config and watch the log file for connection attempts from the client.
If you don't see any connection attempts then you have setup your network incorrectly.

Post Reply