Can't connect to Asus router's OpenVPN server, two WAN IPs

[Wutikorn]

After I upgraded my internet from 20Mbps to 50Mbps of the same company, I can't connect to my OpenVPN server which is hosted on Asus AC68U running 380.61alpha1. I also faced this problem on Asus's stock firmware. However, I think the main problem is that my router detects one IP, while google says another. For example, right now my router says that my WAN IP is 100.125.52.xxx, which is what it tells to Asus's DDNS server, while I get 49.228.244.xx when searching on Google, "what is my IP". On my phone, it used server name to find IP, which it uses 100.125.52.xxx, but it does not receive any data back at all. The picture includes my setting, I'm not sure if I set anything wrong.

Just want to add, before I upgrade the internet package, IPs that my router detects and the one that I get from searching in Google were the same which were 49.228.xxx.xxx.

Add: Is there a problem with my setting or ISP problem?

If I need to add more information, please let me know.

Thanks

 

[yorgi]

After I upgraded my internet from 20Mbps to 50Mbps of the same company, I can't connect to my OpenVPN server which is hosted on Asus AC68U running 380.61alpha1. I also faced this problem on Asus's stock firmware. However, I think the main problem is that my router detects one IP, while google says another. For example, right now my router says that my WAN IP is 100.125.52.xxx, which is what it tells to Asus's DDNS server, while I get 49.228.244.xx when searching on Google, "what is my IP". On my phone, it used server name to find IP, which it uses 100.125.52.xxx, but it does not receive any data back at all. The picture includes my setting, I'm not sure if I set anything wrong.

Just want to add, before I upgrade the internet package, IPs that my router detects and the one that I get from searching in Google were the same which were 49.228.xxx.xxx.

Add: Is there a problem with my setting or ISP problem?

If I need to add more information, please let me know.

Thanks

Extra HMAC authorization disable that
Username / Password Auth. Only set that to no
other then that it should work.
you should also set an encryption instead of leaving it default to AES-128-CBC and the cipher to SHA1
and I would say none to compression.

 

[Wutikorn]

Extra HMAC authorization disable that
Username / Password Auth. Only set that to no
other then that it should work.
you should also set an encryption instead of leaving it default to AES-128-CBC and the cipher to SHA1
and I would say none to compression.

Is cipher the same as Auth digest? If it is the same, I have followed your suggestion, but still, I don't get a packet back when trying to connect to the router through OpenVPN.

One more thing that I just realized is that I was using my ISP's DDNS(started after upgrading the internet) which blocks all ports except port 1150 to 1159. Because of the limits on number of ports, I canceled ISP's DDNS and I now use Asus's DDNS.

I also enable AiCloud on port 443 and WAN access on port 8443, which are both working(were not working using ISP's DDNS as it blocks such a port)

 

[yorgi]

Is cipher the same as Auth digest? If it is the same, I have followed your suggestion, but still, I don't get a packet back when trying to connect to the router through OpenVPN.

One more thing that I just realized is that I was using my ISP's DDNS(started after upgrading the internet) which blocks all ports except port 1150 to 1159. Because of the limits on number of ports, I canceled ISP's DDNS and I now use Asus's DDNS.

I also enable AiCloud on port 443 and WAN access on port 8443, which are both working(were not working using ISP's DDNS as it blocks such a port)

ciper and auth digest my mistake yes.
so you got it working now when you changed the port?
If you are using PING, then ping the routers address, if you ping a windows PC it will not answer unless you configure the windows firewall.
Why not leave it at default port 1194 for now until everything works then you try different ports and other configs

 

[Wutikorn]

ciper and auth digest my mistake yes.
so you got it working now when you changed the port?
If you are using PING, then ping the routers address, if you ping a windows PC it will not answer unless you configure the windows firewall.
Why not leave it at default port 1194 for now until everything works then you try different ports and other configs

No, it's still not working. What I tried to say is that my ports were all blocked, and now they are not. But I will try PING to check if 1194 is available.

 

[Wutikorn]

I have just contacted my ISP, the new package no longer offer public IP, just private IP. That's why I can't use Asus DDNS. My only option is to use ISP's DDNS which limits port to just 1150-1159

 

[yorgi]

I have just contacted my ISP, the new package no longer offer public IP, just private IP. That's why I can't use Asus DDNS. My only option is to use ISP's DDNS which limits port to just 1150-1159

change provider

 

[L&LD]

I have just contacted my ISP, the new package no longer offer public IP, just private IP. That's why I can't use Asus DDNS. My only option is to use ISP's DDNS which limits port to just 1150-1159

That is unacceptable. Do as yorgi suggests (I really hope you can).

 

[RMerlin]

Or see if they offer a public IP for a reasonable premium. CGNAT sucks for a variety of reasons.

 

[Wutikorn]

Or see if they offer a public IP for a reasonable premium. CGNAT sucks for a variety of reasons.

There is a package with fixed public IP, but that is around 2.5 times as expensive as my current package. The other two ISPs offer public IPs, but one is VDSL of the same speed, it's known for reliability, only has slowdown problem, while the other one is fiber optic with same download and twice the upload speed, but I don't know how reliable is it. Now the mid-price package is 50/10Mbps, which I fear that if other ISPs increase their fiber optic speed, I won't get that higher speed as VDSL seems to be limited at 60Mbps download and 10Mbps upload, if I remember correctly. So I will ask my friends who use the other fiber optic ISP about its reliability, and see if I should change to that.

 

[L&LD]

There is a package with fixed public IP, but that is around 2.5 times as expensive as my current package. The other two ISPs offer public IPs, but one is VDSL of the same speed, it's known for reliability, only has slowdown problem, while the other one is fiber optic with same download and twice the upload speed, but I don't know how reliable is it. Now the mid-price package is 50/10Mbps, which I fear that if other ISPs increase their fiber optic speed, I won't get that higher speed as VDSL seems to be limited at 60Mbps download and 10Mbps upload, if I remember correctly. So I will ask my friends who use the other fiber optic ISP about its reliability, and see if I should change to that.

No question. The Fibre connection is the one to get. I don't know why you question it's reliability? But like a wired Ethernet connection, it is the most reliable, stable and the one with lowest latency (in my experience) so far out of all the options.

My second choice would be DSL (far, far superior to cable, imo), even if it may be termed 'slower'.

 

[yorgi]

No question. The Fibre connection is the one to get. I don't know why you question it's reliability? But like a wired Ethernet connection, it is the most reliable, stable and the one with lowest latency (in my experience) so far out of all the options.

My second choice would be DSL (far, far superior to cable, imo), even if it may be termed 'slower'.

Hmm I agree that he should get Fiber connection in your case.
But I don't agree the DSL is the best by far. Most company's that offer DSL or fiber tend to give routers instead of modems along with their service. Then you have to bridge the Router and I honestly don't like the idea of having their router feed a ASUS 5300 router.
Cable gives you a modem if you ask for one and its super fast to get things up running with your devices.
Cable also in my opinion is very fast and very stable. I have used DSL in the past and I had more problems then great times with it.
I also think that support is very important when getting a service and it really sucks when you deal with company's that have support in India, I stay away from them.
in Conclusion Cable, DSL, Fiber are all good, I would check the company's policies and support before I would even bother getting their service because nothing is more frustrating then getting Level 101 help from some person who you can barely understand because they have this accent and no word really makes sense, And I also find because of this reason they try to be more helpful but they don't have much experience because all they do is rely on a computer screen to fix ones problem.

 

[RMerlin]

No question. The Fibre connection is the one to get. I don't know why you question it's reliability? But like a wired Ethernet connection, it is the most reliable, stable and the one with lowest latency (in my experience) so far out of all the options.

Last mile might be more reliable, but beyond that it's up to the ISP's network. They could also be oversubscribing too much, leading to slowdowns during peak periods (ultimately, even FTTH is shared once reach a node).

 

[RMerlin]

But I don't agree the DSL is the best by far. Most company's that offer DSL or fiber tend to give routers instead of modems along with their service. Then you have to bridge the Router and I honestly don't like the idea of having their router feed a ASUS 5300 router.

Actually, it's the opposite: it's easier to use your own modem and router with DSL than with other services. With cable services, you often cannot switch modem, as the service is tied to the modem's MAC. With xDSL, you can get any compatible DSL modem from a reseller, use your own separate router, and stick the ISP's modem/router garbage in a closet. It's what I did when I used to be with Bell - their 2wire garbage spent about 15 mins on my desk, which was the time it took the tech to install and test it. Once he left, it went back into its box.

As for stability, it's variable. My personal experience as a wholesaler in Quebec, cable is more stable than DSL (we have much fewer stability/performance issues with our customers on cable). Bell has a lot of very old phone wiring out there, and the in-house wiring is often even older. With cable, Videotron rarely hesitates, and will pull a new cable from the post to your modem if they have any doubt (they did so when they came to set me up a few years ago). But if you were to live somewhere where the phone wiring is new, DSL might be a better choice, for performance reasons.

It's hard to give a global answer there - it's very situational. Here in Quebec, it's about Bell vs Videotron. Stability and service-wise, Videotron usually wins most of the time. Might be a different story in other countries.

 

[yorgi]

Actually, it's the opposite: it's easier to use your own modem and router with DSL than with other services. With cable services, you often cannot switch modem, as the service is tied to the modem's MAC. With xDSL, you can get any compatible DSL modem from a reseller, use your own separate router, and stick the ISP's modem/router garbage in a closet. It's what I did when I used to be with Bell - their 2wire garbage spent about 15 mins on my desk, which was the time it took the tech to install and test it. Once he left, it went back into its box.

As for stability, it's variable. My personal experience as a wholesaler in Quebec, cable is more stable than DSL (we have much fewer stability/performance issues with our customers on cable). Bell has a lot of very old phone wiring out there, and the in-house wiring is often even older. With cable, Videotron rarely hesitates, and will pull a new cable from the post to your modem if they have any doubt (they did so when they came to set me up a few years ago). But if you were to live somewhere where the phone wiring is new, DSL might be a better choice, for performance reasons.

It's hard to give a global answer there - it's very situational. Here in Quebec, it's about Bell vs Videotron. Stability and service-wise, Videotron usually wins most of the time. Might be a different story in other countries.

I totally agree. I gave up on Bell ages ago. I went with Videotron and never looked back.
Btw with Bell Fiber do they still use PPPoE to connect or is it dynamic IP like videotron.
And in regards to a fiber modem is there any you recommend?
My buddy put fiber bell yesterday at his place and he asked me to put an asus router on his system was curious how bell does it with Fiber, I knew their DSL quite well as I had their modems in the past.

 

[RMerlin]

I totally agree. I gave up on Bell ages ago. I went with Videotron and never looked back.
Btw with Bell Fiber do they still use PPPoE to connect or is it dynamic IP like videotron.
And in regards to a fiber modem is there any you recommend?
My buddy put fiber bell yesterday at his place and he asked me to put an asus router on his system was curious how bell does it with Fiber, I knew their DSL quite well as I had their modems in the past.

Depends what you mean by fiber. FTTN is still PPPoE. No idea about FTTH.

 

[yorgi]

Depends what you mean by fiber. FTTN is still PPPoE. No idea about FTTH.

I did a search and it looks like FTTH is PPPoE also
I would never use BELL they outsource their support to India and they don't know much.
Bell also dictates what you should do. You ask for a modem and they bring you a router and this is business department.
The funniest thing is that the tech that puts the fiber and router doesn't even put a l/p to the router to secure the router.
Most people are lost with this stuff but BELL business doesn't care about securing the router.
they should be sued in court for this behavior. I hate BELL, i got rid of all their services years ago and would never go back.

 

[Wutikorn]

Last mile might be more reliable, but beyond that it's up to the ISP's network. They could also be oversubscribing too much, leading to slowdowns during peak periods (ultimately, even FTTH is shared once reach a node).

I truly agree with that, and other fiber optic company does not seem to be as good as the one I have.

Actually, it's the opposite: it's easier to use your own modem and router with DSL than with other services. With cable services, you often cannot switch modem, as the service is tied to the modem's MAC. With xDSL, you can get any compatible DSL modem from a reseller, use your own separate router, and stick the ISP's modem/router garbage in a closet. It's what I did when I used to be with Bell - their 2wire garbage spent about 15 mins on my desk, which was the time it took the tech to install and test it. Once he left, it went back into its box.

As for stability, it's variable. My personal experience as a wholesaler in Quebec, cable is more stable than DSL (we have much fewer stability/performance issues with our customers on cable). Bell has a lot of very old phone wiring out there, and the in-house wiring is often even older. With cable, Videotron rarely hesitates, and will pull a new cable from the post to your modem if they have any doubt (they did so when they came to set me up a few years ago). But if you were to live somewhere where the phone wiring is new, DSL might be a better choice, for performance reasons.

It's hard to give a global answer there - it's very situational. Here in Quebec, it's about Bell vs Videotron. Stability and service-wise, Videotron usually wins most of the time. Might be a different story in other countries.

In Thailand, there is only one company doing cable, which we found it to be terrible in stability regardless of its speed.