I have tried to follow the happydaddy wiki posted above twice or more. I cannot connect to my openVPN!!! can someone help? total newb at this thanks in advance
Hi i have tried setting it up but its not working from my android phone to router
Firmware: DD-WRT v3.0-r30534 std
i change the client stuff from tap to tun and tcp to udp as that's what the router was defaulted to and seems like others had done that too
setup openVPN server settings as follows
WAN Up
server
router (tun)
im assuming i put my dynamic dns address in the network spot on the router in openvpn server?
i have change netmask to 255.255.255.0 from 0.0.0.0 and still doesnt work
encryptions are set the same (AES-128-CBC)
i have nothing filled out in
additional config,tls auth key or certificate rekove list
i have forwarded the port 1194 back to the router ip
log file on android openvpn shows
Code:
EVENT:RESOLVE
Contacting (my wanip) via UDP
EVENT:WAIT
Connecting to [my ddns]:1194(my wanip) via UDP4
Server poll timeout, Trying next remote entry
EVENT:RECONNECTING
and that repeats until it eventually stops trying
i can ping the ddns fine and forwarding other things through work so im guessing its a setting i have stuffed up for ovpn
Hi i have tried setting it up but its not working from my android phone to router
Firmware: DD-WRT v3.0-r30534 std
i change the client stuff from tap to tun and tcp to udp as that's what the router was defaulted to and seems like others had done that too
setup openVPN server settings as follows
WAN Up
server
router (tun)
im assuming i put my dynamic dns address in the network spot on the router in openvpn server?
i have change netmask to 255.255.255.0 from 0.0.0.0 and still doesnt work
encryptions are set the same (AES-128-CBC)
i have nothing filled out in
additional config,tls auth key or certificate rekove list
i have forwarded the port 1194 back to the router ip
log file on android openvpn shows
Code:
EVENT:RESOLVE
Contacting (my wanip) via UDP
EVENT:WAIT
Connecting to [my ddns]:1194(my wanip) via UDP4
Server poll timeout, Trying next remote entry
EVENT:RECONNECTING
and that repeats until it eventually stops trying
i can ping the ddns fine and forwarding other things through work so im guessing its a setting i have stuffed up for ovpn
After years trying to get OpenVPN to work, after following HappyDaddy's (Thank you!) guide, I finally got it to work with a few modifications to get it working on Android.
I kept start type at System
Server
TUN
TCP
For Network, it's the subnet that you want your OpenVPN clients to be in. For example, if you use the 192.168.1.0 subnet for your LAN, then you might choose something say 192.168.10.0. This should be different than your LAN subnet. The last octet should be a 0.
Netmask: 255.255.255.0
All other settings according to HappyDaddy's post. It worked for me with either the Additional Config filled in or empty.
At this point, I could connect, but have no internet access. I had to add the following under the Administration -> Command Tab and save it to the firewall. The IP should be the same as the subnet you entered for the Network setting.
ah makes sense got caught up in putting host name since that's what i was having to do with the PPTP setup i was trying to get going that just wouldn't work.
I'll see if that works now.
edit: stanleycup you are a legend i overlooked something so simple changed network to my subnet and connected a treat. i left it at udp as the ovpn file on the phone was already udp if it failed i was going to change to tcp but it all works
edit2:
ok so it works when im connected to my wifi but when i turn that off and try to connect from outside the router it wont connect via mobile data
what am i missing?
i have the port forward in the router to the router but using port checking the port its not open.
so that probably explains it as in the local network its already going to the router where the port is not open on the internet side its not going to work.
when im forwaring ports im trying 192.168.10.0 (server) and 192.168.10.1 (router) with port 1194
but checking if ports are open shows they are closed
all other port forwards i have going atm are working fine and shows open.
hopefully with this going i only need 1 port open so i can connect to the others locally through the ovpn
also what do i need to do to set it up so the openvpn connects to a range 192.168.0.190-199 so
1. I know what connections are through the vpn
2. They are on the same subnet without interfering with the the dhcp clients.
3. i can then access all other computers be it my Pi's or HTPC etc
In your client config, are you trying to connect to your LAN address (192.168.0.1) or your WAN address (assigned by ISP)? You should try to connect through the WAN address.
I didn't have to port forward. The router that I have OpenVPN on connects directly to the ISP so it doesn't need to go through any other routers. In the case that you do need to port forward, you should port forward your router's address (192.168.0.1) rather than your OpenVPN server address because you want to connect to the router itself. At least that's how it worked when I ran OpenVPN on my Raspberry Pi.
Even though I have my OpenVPN server running on a different subnet, I can still access all my computer and Pi.
do have it setup to port forward to my routers address tried none, to the vpn server and the routers address but none work. i have set back to the router
tried different ports, tcp udp and none work
do you have some firewall rules or something that link the subnets?
is there some sort of rule or iptable i need to do to get it to connect
without the forwarding rule to the router ip i cant even connect on the home network (wifi)
i have changed subnets to 10.0.0.0 and it still connects to the oVPN on wifi but still not from wan
It sure sounds like your setup is same as mine. Really not sure why it's not working.
The only firewall rules I have is the ones I listed in my first post.
That's so weird you can connect on wifi but not from WAN. It worked for me with both from the start. Once I was able to get a connection, my only issue was with getting internet access and that was fixed through the firewall rules.
so it connects... but
I cant connect to my lan and it seems its not using the VPN for internet even though it shows its connected
i ran a speed test from my phone and its not running through my vpn as my phone speed is 3 times faster than home internet and it was definately alot faster than what my home internet can do. also the openVPN client of the android phone wasnt showing and data being transferred
so what rules or settings do i need to implement to get it to direct traffic through my vpn
or do i need to bind my subnet and VPN subnet together somehow?
all im looking at doing is having a secure connection to my home network if i want to check how some things are running, remote desktop in if i need, be able to ssh into my PI's. and remote add torrents when connected to the vpn
when the android phone connects to my openVPN server on the router
i can see its IP on the status tab
i cant ping the router from my phone
i cant ping the vpn server from my phone
i cant ping the PC from my phone
i cant ping the phone from my pc
heres the log from the router
and another one i removed all my firewall ip tables and rebooted
i noticed it talks about Tun2... is there anything with that?
also WARNING: Your certificate is not yet valid
i'm not sure what that is . i created my certificates a few days ago and never seen that error before
Code:
Serverlog:
19700101 10:30:17 I OpenVPN 2.3.12 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Sep 1 2016
19700101 10:30:17 I library versions: OpenSSL 1.0.2h 3 May 2016 LZO 2.09
19700101 10:30:17 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
19700101 10:30:17 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 10:30:17 Diffie-Hellman initialized with 1024 bit key
19700101 10:30:17 W WARNING: Your certificate is not yet valid!
19700101 10:30:17 Socket Buffers: R=[87380->87380] S=[16384->16384]
19700101 10:30:17 I TUN/TAP device tun2 opened
19700101 10:30:17 TUN/TAP TX queue length set to 100
19700101 10:30:17 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
19700101 10:30:17 I /sbin/ifconfig tun2 (VPNSERVER IP) netmask 255.255.255.0 mtu 1500 broadcast 192.168.10.255
19700101 10:30:17 I Listening for incoming TCP connection on [undef]
19700101 10:30:17 I TCPv4_SERVER link local (bound): [undef]
19700101 10:30:17 I TCPv4_SERVER link remote: [undef]
19700101 10:30:17 MULTI: multi_init called r=256 v=256
19700101 10:30:17 IFCONFIG POOL: base=(VPNCLIENT IP) size=252 ipv6=0
19700101 10:30:17 IFCONFIG POOL LIST
19700101 10:30:17 MULTI: TCP INIT maxclients=1024 maxevents=1028
19700101 10:30:17 I Initialization Sequence Completed
20170128 17:29:53 I TCP connection established with [AF_INET]1.125.48.54:9233
20170128 17:29:53 1.125.48.54:9233 TLS: Initial packet from [AF_INET]1.125.48.54:9233 sid=165e2005 601a7e24
20170128 17:29:54 1.125.48.54:9233 VERIFY OK: depth=1 C=AU ST=SA L=(MY LOCATION) O=(MY O) OU=(MY OU) CN=Server name=(MY NAME) emailAddress=(MY EMAIL)
20170128 17:29:54 1.125.48.54:9233 VERIFY OK: depth=0 C=AU ST=SA L=(MY LOCATION) O=(MY O) OU=(MY OU) CN=Client1 name=(MY NAME) emailAddress=(MY EMAIL)
20170128 17:29:54 1.125.48.54:9233 NOTE: --mute triggered...
20170128 17:29:54 1.125.48.54:9233 5 variation(s) on previous 3 message(s) suppressed by --mute
20170128 17:29:54 I 1.125.48.54:9233 [Client1] Peer Connection Initiated with [AF_INET]1.125.48.54:9233
20170128 17:29:54 I Client1/1.125.48.54:9233 MULTI_sva: pool returned IPv4=(VPNCLIENT IP) IPv6=(Not enabled)
20170128 17:29:54 Client1/1.125.48.54:9233 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_9a6084419cf7164a405212f64f8b083b.tmp
20170128 17:29:54 Client1/1.125.48.54:9233 MULTI: Learn: (VPNCLIENT IP) -> Client1/1.125.48.54:9233
20170128 17:29:54 Client1/1.125.48.54:9233 MULTI: primary virtual IP for Client1/1.125.48.54:9233: (VPNCLIENT IP)
20170128 17:29:54 Client1/1.125.48.54:9233 PUSH: Received control message: 'PUSH_REQUEST'
20170128 17:29:54 I Client1/1.125.48.54:9233 send_push_reply(): safe_cap=940
20170128 17:29:54 Client1/1.125.48.54:9233 SENT CONTROL [Client1]: 'PUSH_REPLY route-gateway (VPNSERVER IP) topology subnet ping 10 ping-restart 120 socket-flags TCP_NODELAY ifconfig (VPNCLIENT IP) 255.255.255.0' (status=1)
20170128 17:30:04 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:30:04 D MANAGEMENT: CMD 'state'
20170128 17:30:04 MANAGEMENT: Client disconnected
20170128 17:30:04 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:30:04 D MANAGEMENT: CMD 'state'
20170128 17:30:04 MANAGEMENT: Client disconnected
20170128 17:30:04 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:30:04 D MANAGEMENT: CMD 'state'
20170128 17:30:04 MANAGEMENT: Client disconnected
20170128 17:30:04 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:30:04 MANAGEMENT: Client disconnected
20170128 17:30:04 NOTE: --mute triggered...
20170128 17:30:04 1 variation(s) on previous 3 message(s) suppressed by --mute
20170128 17:30:04 D MANAGEMENT: CMD 'status 2'
20170128 17:30:04 MANAGEMENT: Client disconnected
20170128 17:30:04 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:30:04 D MANAGEMENT: CMD 'status 2'
20170128 17:30:04 MANAGEMENT: Client disconnected
20170128 17:30:04 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:30:04 D MANAGEMENT: CMD 'log 500'
20170128 17:30:04 MANAGEMENT: Client disconnected
20170128 17:31:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:31:25 D MANAGEMENT: CMD 'state'
20170128 17:31:25 MANAGEMENT: Client disconnected
20170128 17:31:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:31:25 D MANAGEMENT: CMD 'state'
20170128 17:31:25 MANAGEMENT: Client disconnected
20170128 17:31:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:31:25 D MANAGEMENT: CMD 'state'
20170128 17:31:25 MANAGEMENT: Client disconnected
20170128 17:31:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:31:25 MANAGEMENT: Client disconnected
20170128 17:31:25 NOTE: --mute triggered...
20170128 17:31:25 1 variation(s) on previous 3 message(s) suppressed by --mute
20170128 17:31:25 D MANAGEMENT: CMD 'status 2'
20170128 17:31:25 MANAGEMENT: Client disconnected
20170128 17:31:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:31:25 D MANAGEMENT: CMD 'status 2'
20170128 17:31:25 MANAGEMENT: Client disconnected
20170128 17:31:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:31:25 D MANAGEMENT: CMD 'log 500'
20170128 17:31:25 MANAGEMENT: Client disconnected
20170128 17:31:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:31:36 D MANAGEMENT: CMD 'state'
20170128 17:31:36 MANAGEMENT: Client disconnected
20170128 17:31:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:31:36 D MANAGEMENT: CMD 'state'
20170128 17:31:36 MANAGEMENT: Client disconnected
20170128 17:31:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:31:36 D MANAGEMENT: CMD 'state'
20170128 17:31:36 MANAGEMENT: Client disconnected
20170128 17:31:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:31:36 MANAGEMENT: Client disconnected
20170128 17:31:36 NOTE: --mute triggered...
20170128 17:31:36 1 variation(s) on previous 3 message(s) suppressed by --mute
20170128 17:31:36 D MANAGEMENT: CMD 'status 2'
20170128 17:31:36 MANAGEMENT: Client disconnected
20170128 17:31:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:31:36 D MANAGEMENT: CMD 'status 2'
20170128 17:31:36 MANAGEMENT: Client disconnected
20170128 17:31:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20170128 17:31:36 D MANAGEMENT: CMD 'log 500'
19700101 10:30:00
i noticed it talks about Tun2... is there anything with that?
As someone who just went through this process, here is my .02...I wasn't able to ping other systems in my router subnet using a tunneled connection. Once I switched to bridged (tap), everything worked great. I suspect with tunneling, you need to set up the appropriate routes/forwarding in order to get from the vpn subnet to the router subnet.
Also, if you do decide to use a bridged connection, make sure to modify your client config to use "dev tap"
This is good, but you you can use the latest OPenVPN version for windows to generate crts and keys. Just check "install key generation scripts" or something like that during the install and it will install easy rsa for you.
Also don't generate a password for your certs, or you will get tls errors.