Can not connect to my company's OpenVPN Server.

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
tdewa
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 06, 2023 9:34 am

Can not connect to my company's OpenVPN Server.

Post by tdewa » Wed Dec 06, 2023 9:37 am

I'm having trouble connecting to my company's OpenVPN Server.

I would like to connect to a VPN Server.
Please help me.

The environment will be as follows.

* Server *

Operating system: Windows 10 Pro

Code: Select all

C:\> ver
Microsoft Windows [Version 10.0.19045.3693]
Network setup:

Code: Select all

C:\> ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-9NP84NU
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan

Ethernet adapter Ethernet 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Ethernet Server Adapter I350-T4 #2
   Physical Address. . . . . . . . . : B4-96-91-02-14-E9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter DEVELOP:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Ethernet Server Adapter I350-T4 #3
   Physical Address. . . . . . . . . : B4-96-91-02-14-EA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VICON:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Ethernet Server Adapter I350-T4 #4
   Physical Address. . . . . . . . . : B4-96-91-02-14-EB
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Unknown adapter OpenVPN Wintun:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Wintun Userspace Tunnel
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 60-45-CB-84-B6-6C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f30:b830:5cbc:a4dd%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.9.60(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 2023年12月1日 18:31:38
   Lease Expires . . . . . . . . . . : 2023年12月7日 10:13:36
   Default Gateway . . . . . . . . . : 192.168.9.1
   DHCP Server . . . . . . . . . . . : 192.168.9.1
   DHCPv6 IAID . . . . . . . . . . . : 224413131
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-E2-7E-D4-60-45-CB-84-B6-6C
   DNS Servers . . . . . . . . . . . : 192.168.9.1
                                       118.238.201.33
                                       152.165.245.17
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter PRODUCTION:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Intel(R) Ethernet Server Adapter I350-T4
   Physical Address. . . . . . . . . : B4-96-91-02-14-E8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.179.25(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 2023年12月6日 16:16:43
   Lease Expires . . . . . . . . . . : 2023年12月8日 4:16:43
   Default Gateway . . . . . . . . . : 192.168.179.1
   DHCP Server . . . . . . . . . . . : 192.168.179.1
   DNS Servers . . . . . . . . . . . : 192.168.179.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Unknown adapter OpenVPN TAP-Windows6:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-24-FE-8B-59
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f40c:102d:3b9c:cb1c%5(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.8.0.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 2023年12月7日 7:58:27
   Lease Expires . . . . . . . . . . : 2024年12月6日 7:58:27
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.8.0.0
   DHCPv6 IAID . . . . . . . . . . . : 83951396
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-E2-7E-D4-60-45-CB-84-B6-6C
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Unknown adapter OpenVPN Data Channel Offload:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : OpenVPN Data Channel Offload
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Windows Firewall:

Code: Select all

C:> netsh advfirewall firewall show rule name="OpenVPN TCP"

Rule Name:                            OpenVPN TCP
----------------------------------------------------------------------
Enabled:                              Yes
Direction:                            In
Profiles:                             Domain,Private,Public
Grouping:
LocalIP:                              Any
RemoteIP:                             Any
Protocol:                             TCP
LocalPort:                            80,443,843,943
RemotePort:                           Any
Edge traversal:                       No
Action:                               Allow
Ok.


C:\>netsh advfirewall firewall show rule name="OpenVPN UDP"

Rule Name:                            OpenVPN UDP
----------------------------------------------------------------------
Enabled:                              Yes
Direction:                            In
Profiles:                             Domain,Private,Public
Grouping:
LocalIP:                              Any
RemoteIP:                             Any
Protocol:                             UDP
LocalPort:                            1194
RemotePort:                           Any
Edge traversal:                       No
Action:                               Allow
OpenVPN version:

Code: Select all

C:\> openvpn.exe --version
OpenVPN 2.6.6 [git:v2.6.6/c9540130121bfc21] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Aug 15 2023
library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
Windows version 10.0 (Windows 10 or greater), amd64 executable
DCO version: v0
Originally developed by James Yonan
Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
Compile time defines: N/A
Server config file:
server.ovpn

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.179.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1


Others information:

Code: Select all

Server instance type: Physical Server
Personal Firewall: Stoped
Registry: IP forwarding enabled
Start Command: openvpn.exe server.ovpn
Server log (at --verb 4 and client IP address removed)

Code: Select all

C:\> openvpn.exe server.ovpn
2023-12-07 07:58:27 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). OpenVPN ignores --cipher for cipher negotiations.
2023-12-07 07:58:27 NOTE: --remote is not defined, disabling data channel offload.
2023-12-07 07:58:27 OpenVPN 2.6.6 [git:v2.6.6/c9540130121bfc21] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Aug 15 2023
2023-12-07 07:58:27 Windows version 10.0 (Windows 10 or greater), amd64 executable
2023-12-07 07:58:27 library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
2023-12-07 07:58:27 DCO version: v0
2023-12-07 07:58:27 Diffie-Hellman initialized with 2048 bit key
2023-12-07 07:58:27 interactive service msg_channel=0
2023-12-07 07:58:27 open_tun
2023-12-07 07:58:27 tap-windows6 device [OpenVPN TAP-Windows6] opened
2023-12-07 07:58:27 TAP-Windows Driver Version 9.26
2023-12-07 07:58:27 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.1/255.255.255.0 [SUCCEEDED]
2023-12-07 07:58:27 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.0 on interface {24FE8B59-D178-4F24-8C16-6B4141FEE068} [DHCP-serv: 10.8.0.0, lease-time: 31536000]
2023-12-07 07:58:27 Sleeping for 10 seconds...
2023-12-07 07:58:37 Successful ARP Flush on interface [5] {24FE8B59-D178-4F24-8C16-6B4141FEE068}
2023-12-07 07:58:37 IPv4 MTU set to 1500 on interface 5 using SetIpInterfaceEntry()
2023-12-07 07:58:37 Could not determine IPv4/IPv6 protocol. Using AF_INET6
2023-12-07 07:58:37 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-12-07 07:58:37 setsockopt(IPV6_V6ONLY=0)
2023-12-07 07:58:37 UDPv6 link local (bound): [AF_INET6][undef]:1194
2023-12-07 07:58:37 UDPv6 link remote: [AF_UNSPEC]
2023-12-07 07:58:37 MULTI: multi_init called, r=256 v=256
2023-12-07 07:58:37 IFCONFIG POOL IPv4: base=10.8.0.2 size=253
2023-12-07 07:58:37 IFCONFIG POOL LIST
2023-12-07 07:58:37 Initialization Sequence Completed


* Client *

Operating system: Windows 10 Enterprise

Code: Select all

C:\> ver
Microsoft Windows [Version 10.0.19045.3693]
Network setup:

Code: Select all

C:\> ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : dewa-remote-pc
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : 0tv4vhw40uourm3hfbjtvbyi5b.lx.internal.cloudapp.net

Unknown adapter OpenVPN Wintun:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Wintun Userspace Tunnel
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : 0tv4vhw40uourm3hfbjtvbyi5b.lx.internal.cloudapp.net
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
   Physical Address. . . . . . . . . : 00-0D-3A-50-A2-B5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b618:43a5:7b7a:136d%17(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.2.0.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, December 7, 2023 2:40:53 AM
   Lease Expires . . . . . . . . . . : Sunday, January 13, 2160 2:49:08 PM
   Default Gateway . . . . . . . . . : 10.2.0.1
   DHCP Server . . . . . . . . . . . : 168.63.129.16
   DHCPv6 IAID . . . . . . . . . . . : 100666682
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2C-CD-D0-5A-00-0D-3A-50-A2-B5
   DNS Servers . . . . . . . . . . . : 168.63.129.16
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9 #2
   Physical Address. . . . . . . . . : 00-FF-EE-AA-75-EF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Unknown adapter OpenVPN Data Channel Offload:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : OpenVPN Data Channel Offload
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
OpenVPN version:

Code: Select all

C:\> openvpn.exe --version
OpenVPN 2.6.6 [git:v2.6.6/c9540130121bfc21] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Aug 15 2023
library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
Windows version 10.0 (Windows 10 or greater), amd64 executable
DCO version: v0
Originally developed by James Yonan
Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
Compile time defines: N/A
Client config file:
client.ovpn

client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3


Others information:

Code: Select all

Server instance type: Azure Virtual Desktop
Windows Firewall: Initial setting
Personal Firewall: Stoped
Start Command: openvpn.exe client.ovpn
Client log (at --verb 4 and client IP address removed)

Code: Select all

C:> openvpn.exe client.ovpn
2023-12-07 08:20:25 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). OpenVPN ignores --cipher for cipher negotiations.
2023-12-07 08:20:25 OpenVPN 2.6.6 [git:v2.6.6/c9540130121bfc21] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Aug 15 2023
2023-12-07 08:20:25 Windows version 10.0 (Windows 10 or greater), amd64 executable
2023-12-07 08:20:25 library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
2023-12-07 08:20:25 DCO version: v0
2023-12-07 08:20:25 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2023-12-07 08:20:25 ovpn-dco device [OpenVPN Data Channel Offload] opened
2023-12-07 08:20:25 UDP link local: (not bound)
2023-12-07 08:20:25 UDP link remote: [AF_INET]x.x.x.x:1194
2023-12-07 08:21:25 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-12-07 08:21:25 TLS Error: TLS handshake failed
2023-12-07 08:21:25 Closing DCO interface
2023-12-07 08:21:25 SIGUSR1[soft,tls-error] received, process restarting
2023-12-07 08:21:25 Restart pause, 1 second(s)
2023-12-07 08:21:26 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2023-12-07 08:21:26 ovpn-dco device [OpenVPN Data Channel Offload] opened
2023-12-07 08:21:26 UDP link local: (not bound)
2023-12-07 08:21:26 UDP link remote: [AF_INET]x.x.x.x:1194
TLS key negotiation failed to occur within 60 seconds

Code: Select all

2023-12-07 08:21:25 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-12-07 08:21:25 TLS Error: TLS handshake failed
2023-12-07 08:21:25 Closing DCO interface
2023-12-07 08:21:25 SIGUSR1[soft,tls-error] received, process restarting


* Network Connection *

Network Configuration Diagram:

Code: Select all

Server <-> Wi-Fi <-> Global Network <-> Client
Connect the server and pocket Wi-Fi via wired LAN.
Others information:

Code: Select all

Connection: pocket Wi-Fi
Setting: DMZ hosting enabled
LAN IP Adress Setting: 192.168.179.1/24
DHCP Server Function: Enabled
Global IP address: x.x.x.x
The expiration date of various certificates has just been updated to 12/06/2024 and has not yet expired.

If any information is missing, we will provide it at any time.

Thank you for reading!

tdewa
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 06, 2023 9:34 am

Re: Can not connect to my company's OpenVPN Server.

Post by tdewa » Wed Dec 06, 2023 11:50 pm

The update was completed using [oconf] BB tag.
I apologize for not following the rules and posting.

tdewa
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 06, 2023 9:34 am

Re: Can not connect to my company's OpenVPN Server.

Post by tdewa » Tue Dec 19, 2023 1:06 am

I solved this problem myself.

The cause was that the ISP distributed a private address to the pocket WiFi and did not assign a global IP address to the pocket WiFi.

For this reason, even if I set the port to open on the pocket WiFi side, I could not open the port.

I apologize to you for a fuss over.

Thank you.

Post Reply