What's new

How to rescue? Can't reach the vpn server after changing comp - lzo adaptive to none

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Not sure if you got it hping again from your line in red, but if and when you do, do set up that second vpn server as elorimer said (on a different port of course) and tinker only with one of the servers.
My need for vpn traffic is just on way and a second vpn server must be far into the future, but thanks.
 
Take out the comp-lzo line completely....
Done and that was the solution. And when I managed to reach the vpn server and made a new export of client1.opvn I could confirm that the comp-line had been removed there too.
Thanks.
 
Now that you have it working, you should probably leave well enough alone. :) As stated above, video streams are already highly compressed, so adding another layer of compression won't make it faster, simply because there is nothing to compress. It could even slow the stream down slightly because the compression scheme forces the router to constantly scan the stream and calculate how/if it can compress the stream.
 
Now that you have it working, you should probably leave well enough alone. :) As stated above, video streams are already highly compressed, so adding another layer of compression won't make it faster, simply because there is nothing to compress. It could even slow the stream down slightly because the compression scheme forces the router to constantly scan the stream and calculate how/if it can compress the stream.
Thanks a lot. That's what I my self have been thinking, no more remote changing. Just one thing - I shall change port forward to No when ipad and mobil is working with vpn.

The streaming seems much better after I get rid of the compression. Before I had to reduce the frame rate to 4, but now it's smooth with 8 (with ADSL >1 Mips), frame interval 30 and bitrate 1024 on the third stream which is the live view on IE. Of course the first stream is better and the one which is recorded.

Thanks again everybody. I am very happy with all help at this forum and because the answers come so fast.
 
Just a little question more.
I now have been able to set up connection to my ipad and android mobil too, but can't reach my camera on the mobil.
Strange because the setup in ivms-4500 earlier (with portforward) is identical, only change to ip instead of hostname. This work perfect on ipad, but not on mobil ("Connection failed"). The tunnel is running and it should be easy to connect.

I have of course triplechecked and triplechecked the config in ivms-4500 again. Wrong forum?

Anyone?
 
My need for vpn traffic is just on way and a second vpn server must be far into the future, but thanks.

I think you might have musunderstood elorimer and me: there are 2 VPN servers - Server 1 and Server 2. I guess you set up Server 1. Setting up Server 2 is exactly the same, just as simple. I have Server One set to TCP on port 443 (some public wifis block UDP on 1194, and some very occasionally block VPN traffic on 443, I’ve noticed but it’s an option). And my second server is UDP on 1194. (I should, and will, change to a different, and uncommon, port.)

Having that second server can be a real boon especially for troubleshooting, testing and getting you out of trouble in situations like yours.
 
Last edited:
You don't say how your android mobil is connected to your vpn server.

I have found that "OpenVPN for Android" works well, while the official "OpenVPN Connect" is not that reliable for me, at least on my Chromebooks.

The VPN server will support more than one client, so you could connect with a PC at the same time and then see if there is something in the logs; whether you can ping the camera from the phone, and so on.

As to ivms-4500, yes, wrong forum. Perhaps here: https://www.use-ip.co.uk/forum/forums/hikvision.49/
 
You don't say how your android mobil is connected to your vpn server.

I have found that "OpenVPN for Android" works well, while the official "OpenVPN Connect" is not that reliable for me, at least on my Chromebooks.

The VPN server will support more than one client, so you could connect with a PC at the same time and then see if there is something in the logs; whether you can ping the camera from the phone, and so on.

As to ivms-4500, yes, wrong forum. Perhaps here: https://www.use-ip.co.uk/forum/forums/hikvision.49/
As I tried to explain, I have no problem connecting my mobil via vpn to my asus vpn which is on my cabin (300 km away from home). But when I should do the very easy part, reach my camera with the Hikvision software it didn't work. Very simular situation on ipad, but there it work fine. Earlier with portforward, the setup on ivms-4500 on ipad and android mobil are 100% identical.

Now I discover a possible cause; when I open the Openvpn on the mobil, it turns up a question:

Select Certificate
This profile doesn't include a client certificate. Continue connecting without a certificate or select one from the Android keychain? "Continue" or "Select Certificate"


Up to now I only checked "Continue" and got connected without problem. Open the vpn on ipad give not the same question. My mobil is a Huawei Honor 8.

Ps. martinr, I only have one asus router running with vpn.
 
Last edited:
Ps. martinr, I only have one asus router running with vpn.
He was trying to explain that 1 router can run 2 VPN servers. So if one VPN server stops working you can still log onto the router through the second VPN to fix it.

Untitled.png
 
Now I discover a possible cause; when I open the Openvpn on the mobil, it turns up a question:
The camera works for you from a PC and an iPad, but not from the Huawei. So I guess it is something about how you connect from the Huawei.

Now, you can't just connect; you must be using an app. Both the official OpenVPN Connect and the OpenVPN for Android can import the client configuration (unlike the native OpenVPN in Chromebooks!). Don't know about other apps. So the question is which app you are using, and what client configuration you imported.

Also, as was noted earlier in this thread, in your OP, it is possible to connect and yet not have useful data flow.

The fact that the phone is not registering a ca.crt imported, and/or that you are connected, but possibly not really connected, seem useful things to explore.

Also, whatever the log on the server might be saying.

And just to bang on this again: If you use the working OpenVPN1 server to set up the OpenVPN2 server, then you can connect to the OpenVPN2 server, and if it works then you can change the log verbosity on the first server and restart it without fear that you are locked out from any connection. At worst you go back to the second server connection and reverse the change you just made.
 
Hallo elorimer
You made me thinking it all over again. The log explain my failure (the resident -lzo). I thought I had only one client1.ovpn on my mobil, but in the memory there were several and of course one of the bad one was used. Huawei has a very smart Suite were one can connect and copy between mobil and computer. So I searched and deleted all the client1.ovpn and imported the correct with success. Now the camera can be seen.

May be I should try the vpn server 2. Under vpn, Server instance, Server 2, change to "On"?
Could be set 100% simular to Server 1. Is that the proposal?
 
......Under vpn, Server instance, Server 2, change to "On"?
Could be set 100% simular to Server 1. Is that the proposal?

If “100% similar” means identical, the answer is No: you could not set Server 2 to use the same port as Server 1, but I guess you know that.

You could for example set up Server 2 with exactly the same settings as Server 1 EXCEPT that the port number different, and is not one used by other services (ie not a common port).
 
Thank you, martinr

Setup a second vpn server can be done for backup reason (to use if the first one fail), but is that very common or very seldon?

I also have the asus app which might be used to make a backup of the whole asus.
 
ColinTaylor told me: (his post has disapaired, but I got the forum mail)

Setup a second vpn server can be done for backup reason (to use if the first one fail), but is that very common or very seldon?

That is not the reason why you would setup a second VPN. The first one will not fail by itself. You are doing it so that if you are working remotely and you mess up the VPN configuration you can can still get back in and fix it.


Thank you very much, ColinTaylor. Very good reason to setup a second vpn. I'll try.
 
If “100% similar” means identical, the answer is No: you could not set Server 2 to use the same port as Server 1, but I guess you know that.

You could for example set up Server 2 with exactly the same settings as Server 1 EXCEPT that the port number different, and is not one used by other services (ie not a common port).
There is one other difference and that is the "VPN Subnet". They also need to be different, but that is the default so leave them as they are. i.e. VPN1=10.8.0.0 and VPN2=10.16.0.0.
 
Thank you, martinr

Setup a second vpn server can be done for backup reason (to use if the first one fail), but is that very common or very seldon?
....,.

From my own limited experience, I would say a vpn server doen’t fail in the sense that “something wears out”: if it breaks it’s because I did something stupid or reckless. So maybe a better word would be a “fallback” rather than a “backup” - or an insurance policy against stupidity. As I said in an earlier post, I run one server with the UDP protocol on port 1194 (which I still need to change to an obscure port), and the other as TCP on port 443. I set up 2 servers as a learning exercise, but it has been a help in troubleshooting when, say, a punlic wifi has appeared to block vpn, in which case I try the other server. There have also been other occasions when having a second server has paid off but I can’t remember the details.

As for the Asus app, I don’t, and won’t, use it: I limit router access to the webui and SSH only, and from the LAN only, of course.
 
From my own limited experience, I would say a vpn server doen’t fail in the sense that “something wears out”: if it breaks it’s because I did something stupid or reckless. So maybe a better word would be a “fallback” rather than a “backup” - or an insurance policy against stupidity. As I said in an earlier post, I run one server with the UDP protocol on port 1194 (which I still need to change to an obscure port), and the other as TCP on port 443. I set up 2 servers as a learning exercise, but it has been a help in troubleshooting when, say, a punlic wifi has appeared to block vpn, in which case I try the other server. There have also been other occasions when having a second server has paid off but I can’t remember the details.

As for the Asus app, I don’t, and won’t, use it: I limit router access to the webui and SSH only, and from the LAN only, of course.
Thank you very much, both ColinTaylor and martinr

I am very afraid of doing anything that will cut off my connection to the asus and the camera. I am thinking; config the vpn server 2 with UDP and port 1198, use the same user and password as under server 1 and Apply. As I am remote I will loose my connection? How to rescue? If I can be connected I am next going to export a client2.ovpn.

Comments?
 
As I am remote I will loose my connection? How to rescue? If I can be connected I am next going to export a client2.ovpn.
If it is working, perhaps you leave everything alone until you are next at the cabin. Then fiddle with your server while you have physical access. Perhaps we are pushing you to do something not immediately necessary.

VPN access is critical to me, so I am set up the same way as @martinr. Except for power failures, the VPN server hasn't "failed". Sometimes I have done something that conflicts, or one or the other fails to start. The second server then has allowed me to revert the change, or at least keep going until I have physical access again.

If you start server2 while you are connected to server1, nothing happens to your server1 connection. If the server2 config is ok, you can go to the VPN page and see both running, with your active connection to server1. You can export the client2.ovpn connection while connected to server1. Have to, I guess.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top