OpenVPN Support Forum

Not sure if this is the right forum, if not I will gladly move it.
I have an ASUS router setup with the OpenVPN server enabled. Using the .ovpn file I can connect the client from inside my LAN to the router without a problem. But from the outside I am unable to connect. I don't even get to see any messages in the log files about my connection attempt. So somehow it is like the connection is blocked.
I am using xxxxx.asuscomm.com to resolve the IP address of my dynamic IP. And that seems to work just fine. Going to an online port scanner and having it scan my UDP ports it does show the openvpn port to be open for the outside world.

In the log file of the failing client (windows) I see that the most basic connection attempt 'are you there' is not working.

24/11/2020, 11:48:34 Connecting to [xxxxx.asuscomm.com]:1194 (xx.xx.xx.xxx) via UDPv4
⏎24/11/2020, 11:48:42 Server poll timeout, trying next remote entry...

I reconfigured the server also to use a less obvious port number, but the result is the same. The IP address shown in the log is correct.

if that cave you need open port 1149 forward on router to itself so making . it only udp port scant cant tell you it open or not but try open port shout work for you.

Not certain what you want me to do. But I added the VPN port 11194 As UDP in the port forwarding in the router, forwarding (local router IP) to itself.
Made no difference, this is the log of the client. The router shown no info at all in the log.

6/11/2020, 11:17:14 OpenVPN core 3.git::662eae9a win x86_64 64-bit built on Oct 27 2020 12:49:07
⏎26/11/2020, 11:17:14 Frame=512/2048/512 mssfix-ctrl=1250
⏎26/11/2020, 11:17:14 UNUSED OPTIONS
2 [nobind]
5 [sndbuf] [0]
6 [rcvbuf] [0]
⏎26/11/2020, 11:17:14 EVENT: RESOLVE ⏎26/11/2020, 11:17:15 EVENT: WAIT ⏎26/11/2020, 11:17:15 Contacting xx.xx.xx.xxx:11194 via UDP
⏎26/11/2020, 11:17:15 WinCommandAgent: transmitting bypass route to xx.xx.xx.xxx
{
"host" : "xx.xx.xx.xxx",
"ipv6" : false
}

⏎26/11/2020, 11:17:15 Connecting to [xxxxxx.asuscomm.com]:11194 (xx.xx.xx.xxx) via UDPv4
⏎26/11/2020, 11:17:24 Server poll timeout, trying next remote entry...
⏎26/11/2020, 11:17:24 EVENT: RECONNECTING ⏎26/11/2020, 11:17:24 EVENT: RESOLVE ⏎26/11/2020, 11:17:24 EVENT: WAIT ⏎26/11/2020, 11:17:24 Contacting xx.xx.xx.xxx:11194 via UDP
⏎26/11/2020, 11:17:24 WinCommandAgent: transmitting bypass route to xx.xx.xx.xxx
{
"host" : "xx.xx.xx.xxx",
"ipv6" : false
}

⏎26/11/2020, 11:17:25 Connecting to [xxxxxx.asuscomm.com]:11194 (xx.xx.xx.xxx) via UDPv4
⏎26/11/2020, 11:17:34 Server poll timeout, trying next remote entry...
⏎26/11/2020, 11:17:34 EVENT: RECONNECTING ⏎26/11/2020, 11:17:34 EVENT: RESOLVE ⏎26/11/2020, 11:17:34 Contacting xx.xx.xx.xxx:11194 via UDP
⏎26/11/2020, 11:17:34 WinCommandAgent: transmitting bypass route to xx.xx.xx.xxx
{
"host" : "xx.xx.xx.xxx",
"ipv6" : false
}

⏎26/11/2020, 11:17:34 EVENT: WAIT ⏎26/11/2020, 11:17:35 Connecting to [xxxxxx.asuscomm.com]:11194 (xx.xx.xx.xxx) via UDPv4
⏎26/11/2020, 11:17:44 Server poll timeout, trying next remote entry...
⏎26/11/2020, 11:17:44 EVENT: RECONNECTING ⏎26/11/2020, 11:17:44 EVENT: RESOLVE ⏎26/11/2020, 11:17:44 Contacting xx.xx.xx.xxx:11194 via UDP
⏎26/11/2020, 11:17:44 WinCommandAgent: transmitting bypass route to xx.xx.xx.xxx
{
"host" : "xx.xx.xx.xxx",
"ipv6" : false
}

⏎26/11/2020, 11:17:44 EVENT: WAIT ⏎26/11/2020, 11:17:45 Connecting to [xxxxxx.asuscomm.com]:11194 (xx.xx.xx.xxx) via UDPv4
⏎26/11/2020, 11:17:54 Server poll timeout, trying next remote entry...
⏎26/11/2020, 11:17:54 EVENT: RECONNECTING ⏎26/11/2020, 11:17:54 EVENT: RESOLVE ⏎26/11/2020, 11:17:54 Contacting xx.xx.xx.xxx:11194 via UDP
⏎26/11/2020, 11:17:54 WinCommandAgent: transmitting bypass route to xx.xx.xx.xxx
{
"host" : "xx.xx.xx.xxx",
"ipv6" : false
}

⏎26/11/2020, 11:17:54 EVENT: WAIT ⏎26/11/2020, 11:17:55 Connecting to [xxxxxx.asuscomm.com]:11194 (xx.xx.xx.xxx) via UDPv4
⏎26/11/2020, 11:18:04 EVENT: RECONNECTING ⏎26/11/2020, 11:18:04 EVENT: RESOLVE ⏎26/11/2020, 11:18:04 Server poll timeout, trying next remote entry...
⏎26/11/2020, 11:18:04 EVENT: WAIT ⏎26/11/2020, 11:18:04 Contacting xx.xx.xx.xxx:11194 via UDP
⏎26/11/2020, 11:18:04 WinCommandAgent: transmitting bypass route to xx.xx.xx.xxx
{
"host" : "xx.xx.xx.xxx",
"ipv6" : false
}

⏎26/11/2020, 11:18:05 Connecting to [xxxxxx.asuscomm.com]:11194 (xx.xx.xx.xxx) via UDPv4
⏎26/11/2020, 11:18:14 EVENT: CONNECTION_TIMEOUT ⏎26/11/2020, 11:18:14 EVENT: DISCONNECTED ⏎

you can try connect by your public ip first to see , outside it cant connect so something between the line and try to check the firewall on router

The xx.xx.xx.xxx shown in the log is my actual public ip, so the DNS resolution seems to be correct. And I really don't know what else to check on the firewall.

geedsen wrote: ↑

Thu Nov 26, 2020 9:28 am

I added the VPN port 11194 As UDP in the port forwarding in the router, forwarding (local router IP) to itself.

If the router is connected directly to the internet then you don't need to forward the port.

Is actually is directly connected. The fiber modem is just a bridge. There is a 'not openvpn' VPN (PPTP) on the router as wel, if the client tries to connect to that one, I can actually see it in the log. But using openvpn there is no trace in the log at all.

Check the routers firewall and download the Windows client from here
https://openvpn.net/community-downloads-2/
and try again.

Was there a solution to this?

I have a similar problem. I am only able to connect sometimes. Open VPN Connect says, "waiting for server" while it is trying to connect. I know it works as it does connect sometimes. Why would the server only connect sometimes? Do I need to change my firewall rules?

fasterisbest wrote: ↑

Mon Jul 18, 2022 1:07 pm

Was there a solution to this?

Yes.

fasterisbest wrote: ↑

Mon Jul 18, 2022 1:07 pm

Was there a solution to this?

I have a similar problem.

Hi faster,

Your issue is probably not similar. If you review the OP's client logs post from 2020, they say over and over that the client was trying to connect to port 11194. If it was on 1194 as stated (which is the usual UDP default port for OpenVPN in general) 11194 would obviously not connect. So the OP had a typo.

"Server poll timeout" always means that no reply from the server was received.

fasterisbest wrote: ↑

Mon Jul 18, 2022 1:07 pm

I am only able to connect sometimes. Open VPN Connect says, "waiting for server" while it is trying to connect. I know it works as it does connect sometimes. Why would the server only connect sometimes? Do I need to change my firewall rules?

"Definitely maybe." Intermittent issues are always the hardest to troubleshoot. As for the ASUS router's firewall, you'd probably do better asking in ASUS user forums.

good luck and regards, rob0

Here's one reason you might not be able to make a VPN connection.

If you have DMZ enabled, you will not be able to use the routers built-in VPN servers. So just make sure it's not enabled (WAN/DMZ). When DMZ is enabled all incoming traffic gets routed to the DMZ host computer including all VPN traffic. Also make sure that you don't have Port Forwarding enabled for any of the ports that the VPN server uses. OpenVPN servers listen for connections on port 1194.

If you have DMZ enabled and try to make a VPN connection, the connection will fail and you get an error which suggests the problem is with 1.) internet latency, 2.) invalid VPN communication format error, or 3.) you hit the limit on the number of concurrent VPN connections allowed. None of those are what's actually preventing you from making a VPN connection. To make makes worst, the router does not give you any useful diagnosis information in log.

Reply to "fasterisbest"'s problem of only sometimes not being at to make a VPN connection and other times it works. This is really a different problem then never being able to make a VPN connection. Consider posting your situation as a new issue. Because you sometimes can connect, you've eliminated the firewall as the issue.

One possible explanation is that you have too many VPN connection opened on the VPN server. I believe that ASUS routers limits that to a max of 10 concurrent connections. In theory, you can cause this problem if your VPN client is set to not to timeout. I don't think the ASUS router lets you easily know how many VPN connection you currently have opened. I've sent in a request to Asus to have the router list VPN connections just like they do for the connected client devices. I've not heard back from them and it's been awhile. I think it would be helpful if we all sent Asus feedback that we would like the router to report all open VPN connections.