I can reach VPN server from inside LAN but not from outside (Port Forwarding)

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
Johnny78
OpenVpn Newbie
Posts: 6
Joined: Tue Sep 13, 2022 3:36 pm

I can reach VPN server from inside LAN but not from outside (Port Forwarding)

Post by Johnny78 » Tue Sep 13, 2022 4:05 pm

I have an Ubuntu computer which has OpenVPN installed. At this point I am trying to see if I can connect to OpenVPN at all from outside.
From inside LAN I can reach the OpenVPN settings using connection:
192.168.2.74:943

I have a cable modem where I have have set port forwarding. Port forwarding works fine for SSH and Apache etc from inside the LAN and outside.

I've set port forwarding in my modem/router for OpenVPN as follows:
Local IP: 192.168.2.74
Local port start & end: 943
External port start & end: 7000

For example Apache has:
Local port start & end: 80
External port start & end: 7200

When I connect to Apache from outside LAN I type 84.115.120.15:7200 and it connects to my Apache server.
But when I try to connect to OpenVPN 84.115.120.15:7000 "This site can’t be reached". From 192.168.2.74:943 I can get to OpenVPN user login page.

What am I missing? All the diffrent server that listen to some port can be accessed using regular port forwarding. My goal is to have my own VPN for personal use and access local sites when I am traveling.

Johnny78
OpenVpn Newbie
Posts: 6
Joined: Tue Sep 13, 2022 3:36 pm

Re: I can reach VPN server from inside LAN but not from outside (Port Forwarding)

Post by Johnny78 » Wed Sep 14, 2022 4:06 am

I've been there. Can you be more specific?

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: I can reach VPN server from inside LAN but not from outside (Port Forwarding)

Post by ordex » Wed Sep 14, 2022 11:18 am

Ideally it should be the same as doing port forwarding for Apache. OpenVPN web auth page is no different.
Are you sure you're not missing something else in the router/modem settings?

Johnny78
OpenVpn Newbie
Posts: 6
Joined: Tue Sep 13, 2022 3:36 pm

Re: I can reach VPN server from inside LAN but not from outside (Port Forwarding)

Post by Johnny78 » Thu Sep 15, 2022 4:46 am

Thank you for the info. I'll re-install OpenVPN and see if that helps.

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: I can reach VPN server from inside LAN but not from outside (Port Forwarding)

Post by ordex » Thu Sep 15, 2022 7:06 am

Johnny78 wrote:
Thu Sep 15, 2022 4:46 am
Thank you for the info. I'll re-install OpenVPN and see if that helps.
If you can reach it on 192.168.2.74:943 it means OpenVPN Access Server is functioning properly. Whether the incoming connection is originated within the LAN or outside of the router should not matter for the OpenVPN webserver. This is why I think the issue may still be somewhere in the forwarding configuration.

To collect more details, you could try running tcpdump on the OpenVPN server to see the traffic flow when a connection from outside is made. That may reveal the issue.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: I can reach VPN server from inside LAN but not from outside (Port Forwarding)

Post by openvpn_inc » Thu Sep 15, 2022 3:40 pm

Hi,

To add, if you are using the commercial Access Server, make sure to configure port forwarding on default ports UDP1194, TCP443, and TCP943.
Also, make sure to update the value under Configuration>Network Settings>Hostname or IP Address" to your public IP or FQDN.

Regards,
.\kionci
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Johnny78
OpenVpn Newbie
Posts: 6
Joined: Tue Sep 13, 2022 3:36 pm

Re: I can reach VPN server from inside LAN but not from outside (Port Forwarding)

Post by Johnny78 » Fri Sep 16, 2022 5:25 pm

Thanks for the reply. So would I forward ports 1194, 443, 943 on the router to where?
Local IP: 192.168.2.74
Local port start & end: ??
External port start & end: ??

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: I can reach VPN server from inside LAN but not from outside (Port Forwarding)

Post by openvpn_inc » Fri Sep 16, 2022 5:52 pm

Hi Johnny78,

Assuming that 192.168.2.74 is the local IP address of your Access Server installation then yeah, you use that IP for the port forward.

Some routers ask for each port forward to specify a local port start and end, meaning you can send a whole range of ports through. In this case you would need to do 3 forwards for individual ports, and start and end ports would just need to be repeated. So if you forward port TCP 443 then you specify TCP 443 as the begin port and also TCP 443 as the end port, to forward just that port TCP 443. It will be looking a bit like this;

External port share start and end: 1194 UDP to map to local IP 192.168.2.74 local port start and end: 1194 UDP
External port share start and end: 943 TCP to map to local IP 192.168.2.74 local port start and end: 943 TCP
External port share start and end: 443 TCP to map to local IP 192.168.2.74 local port start and end: 443 TCP

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Johnny78
OpenVpn Newbie
Posts: 6
Joined: Tue Sep 13, 2022 3:36 pm

Re: I can reach VPN server from inside LAN but not from outside (Port Forwarding)

Post by Johnny78 » Sun Sep 18, 2022 6:28 pm

Thank you for your replies. I changes the port forwarding as suggested. Still no luck. When I put address as 192.168.2.74:943 I get some "This site is not secure" etc. but finally get to the OpenVPN login.. Would that give a clue what I am not doing right?

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: I can reach VPN server from inside LAN but not from outside (Port Forwarding)

Post by openvpn_inc » Mon Sep 19, 2022 10:04 am

Hello Johnny78,

If the port forwards are setup, it should be reachable from the Internet now on your public IP address. If your public IP address is https://123.45.67.89/ then you should now be able to get the same login page that you get on https://192.168.2.74:943 when you visit on https://123.45.67.89:943

At this point the problem doesn't seem to be in Access Server but in your router setup. It could be a port forward mistake or a firewall or a limitation in your router. As such I recommend you contact support for your router to find out how you can do a port forward and make this work. Note that in some cases there are routers that don't support accessing the public IP from within your private network, the so-called hair-pinning or NAT reflection. If this is the case you can use a device with another Internet connection like your mobile phone on 4G to try to access the external address of your router and see if the port forward worked.

I wish I could do more from my side but at this point it's not an Access Server related problem - in other words, nothing you can do in the Access Server can solve this. You should be able to access the outside address and get the Access Server login prompts if your router is doing the port forwarding as it should.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply