What's new

Problems running VPN server...

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ZakM

Occasional Visitor
I have tried this several times and I always end up at the same spot, not knowing what to do. Hope someone can help.

I have created a VPN server. I imported the ovpn file into my phone and OpenVPN connects to it, however, after that point, it doesn't do anything. I can't access a single local network resource.

- I set up the VPN server to be LAN only (I only want it to access the local network).
- I tried with both pushing the DNS to clients and not
- I tried adding a routing rule at port 1194 going to 0.0.0.0

Everything seems to be running but as I said there is no communication to the LAN. Server status shows user is connected but 0.0MB have been sent or received. Client shows ~2.5Kb of both then nothing else.

Config screenshots attached.
Asus Merlin 384.13 on an AC66U B1

Hope you can help!
1.PNG
2.PNG
 
Check your system log for any error message.
 
Anything in syslog when connecting with your phone?
 
HMM I just noticed: could it be that it's trying to use IPv6?
Here's the log:
Code:
Feb 12 11:50:51 ovpn-server1[12811]: OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 31 2019
Feb 12 11:50:51 ovpn-server1[12811]: library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.08
Feb 12 11:50:51 ovpn-server1[12812]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 12 11:50:51 ovpn-server1[12812]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Feb 12 11:50:51 ovpn-server1[12812]: Diffie-Hellman initialized with 2048 bit key
Feb 12 11:50:51 ovpn-server1[12812]: TUN/TAP device tun21 opened
Feb 12 11:50:51 ovpn-server1[12812]: TUN/TAP TX queue length set to 1000
Feb 12 11:50:51 ovpn-server1[12812]: /usr/sbin/ip link set dev tun21 up mtu 1500
Feb 12 11:50:51 kernel: ADDRCONF(NETDEV_CHANGE): tun21: link becomes ready
Feb 12 11:50:51 ovpn-server1[12812]: /usr/sbin/ip addr add dev tun21 10.8.0.1/24 broadcast 10.8.0.255
Feb 12 11:50:51 ovpn-server1[12812]: updown.sh tun21 1500 1622 10.8.0.1 255.255.255.0 init
Feb 12 11:50:51 ovpn-server1[12812]: Could not determine IPv4/IPv6 protocol. Using AF_INET6
Feb 12 11:50:51 ovpn-server1[12812]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Feb 12 11:50:51 ovpn-server1[12812]: setsockopt(IPV6_V6ONLY=0)
Feb 12 11:50:51 ovpn-server1[12812]: UDPv6 link local (bound): [AF_INET6][undef]:1194
Feb 12 11:50:51 ovpn-server1[12812]: UDPv6 link remote: [AF_UNSPEC]
Feb 12 11:50:51 ovpn-server1[12812]: MULTI: multi_init called, r=256 v=256
Feb 12 11:50:51 ovpn-server1[12812]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Feb 12 11:50:51 ovpn-server1[12812]: Initialization Sequence Completed
Feb 12 11:51:15 ovpn-server1[12812]: XXX.XXX.XXX.XXX:20270 TLS: Initial packet from [AF_INET6]::ffff:XXX.XXX.XXX.XXX:20270, sid=e6d998de 5af1796a
Feb 12 11:51:16 ovpn-server1[12812]: XXX.XXX.XXX.XXX:20270 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.1.1-2819
Feb 12 11:51:16 ovpn-server1[12812]: XXX.XXX.XXX.XXX:20270 peer info: IV_VER=3.git::2ae73415
Feb 12 11:51:16 ovpn-server1[12812]: XXX.XXX.XXX.XXX:20270 peer info: IV_PLAT=ios
Feb 12 11:51:16 ovpn-server1[12812]: XXX.XXX.XXX.XXX:20270 peer info: IV_NCP=2
Feb 12 11:51:16 ovpn-server1[12812]: XXX.XXX.XXX.XXX:20270 peer info: IV_TCPNL=1
Feb 12 11:51:16 ovpn-server1[12812]: XXX.XXX.XXX.XXX:20270 peer info: IV_PROTO=2
Feb 12 11:51:16 ovpn-server1[12812]: XXX.XXX.XXX.XXX:20270 peer info: IV_LZO_STUB=1
Feb 12 11:51:16 ovpn-server1[12812]: XXX.XXX.XXX.XXX:20270 peer info: IV_COMP_STUB=1
Feb 12 11:51:16 ovpn-server1[12812]: XXX.XXX.XXX.XXX:20270 peer info: IV_COMP_STUBv2=1
Feb 12 11:51:16 ovpn-server1[12812]: XXX.XXX.XXX.XXX:20270 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Feb 12 11:51:16 ovpn-server1[12812]: XXX.XXX.XXX.XXX:20270 TLS: Username/Password authentication succeeded for username 'vpnuser' [CN SET]
Feb 12 11:51:16 ovpn-server1[12812]: XXX.XXX.XXX.XXX:20270 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Feb 12 11:51:16 ovpn-server1[12812]: XXX.XXX.XXX.XXX:20270 [vpnuser] Peer Connection Initiated with [AF_INET6]::ffff:XXX.XXX.XXX.XXX:20270
Feb 12 11:51:16 ovpn-server1[12812]: vpnuser/XXX.XXX.XXX.XXX:20270 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Feb 12 11:51:16 ovpn-server1[12812]: vpnuser/XXX.XXX.XXX.XXX:20270 MULTI: Learn: 10.8.0.2 -> vpnuser/XXX.XXX.XXX.XXX:20270
Feb 12 11:51:16 ovpn-server1[12812]: vpnuser/XXX.XXX.XXX.XXX:20270 MULTI: primary virtual IP for vpnuser/XXX.XXX.XXX.XXX:20270: 10.8.0.2
Feb 12 11:51:16 ovpn-server1[12812]: vpnuser/XXX.XXX.XXX.XXX:20270 PUSH: Received control message: 'PUSH_REQUEST'
Feb 12 11:51:16 ovpn-server1[12812]: vpnuser/XXX.XXX.XXX.XXX:20270 SENT CONTROL [vpnuser]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0 vpn_gateway 500,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)
Feb 12 11:51:16 ovpn-server1[12812]: vpnuser/XXX.XXX.XXX.XXX:20270 Data Channel: using negotiated cipher 'AES-128-GCM'
Feb 12 11:51:16 ovpn-server1[12812]: vpnuser/XXX.XXX.XXX.XXX:20270 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Feb 12 11:51:16 ovpn-server1[12812]: vpnuser/XXX.XXX.XXX.XXX:20270 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key

This line: "Could not determine IPv4/IPv6 protocol. Using AF_INET6" seems sketchy, and also later there's an IPv6 address assignation.
 
I imported the ovpn file into my phone

Did you also also install the open VPN app recommended for your phone and then load the ovpn file into that app?
 
Did you also also install the open VPN app recommended for your phone and then load the ovpn file into that app?
Yes, as I said, that is all working. Otherwise I wouldn't be able to connect. Please read my post.
 
I went to the iOS client and forced UDP, told it to only use an IPv4 tunnelalso played with turning off and on the AES-CBC Cipher option. No change.

Client log still mentions IPv6 crap but it does say IPv6 traffic is blocked. Stumped.

Code:
2020-02-12 13:18:14 EVENT: ASSIGN_IP
2020-02-12 13:18:14 NIP: preparing TUN network settings
2020-02-12 13:18:14 NIP: init TUN network settings with endpoint: XXXX:XXXX:X:XX:X:X:XXXX:XXXX
2020-02-12 13:18:14 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
2020-02-12 13:18:14 NIP: adding (included) IPv4 route 10.8.0.0/24
2020-02-12 13:18:14 NIP: adding (included) IPv4 route 10.0.0.0/24
2020-02-12 13:18:14 NIP: blocking all IPv6 traffic
2020-02-12 13:18:14 Connected via NetworkExtensionTUN
2020-02-12 13:18:14 LZO-ASYM init swap=0 asym=1
2020-02-12 13:18:14 Comp-stub init swap=1
2020-02-12 13:18:14 EVENT: CONNECTED vpnuser@XXX.XXX.XXX.XXX:1194 (XXXX:XXXX:X:XX:X:X:XXXX:XXXX) via /UDPv6 on NetworkExtensionTUN/10.8.0.2/ gw=[/]

After this point there's zero logging in the client until I disconnect and it shows no errors.
 
Yes, as I said, that is all working. Otherwise I wouldn't be able to connect. Please read my post.

OK I looked at your original post again and I still don't see where you list which OpenVPN app you are using on your phone.

Good luck on solving your issues.
 
HMM I just noticed: could it be that it's trying to use IPv6?
Here's the log:
Code:
Feb 12 11:50:51 ovpn-server1[12812]: Could not determine IPv4/IPv6 protocol. Using AF_INET6

Do you have IPV6 enabled on your router? Try adding this to your VPN server custom-config box or udp4 if you're on udp port

Code:
proto tcp4
 
OK I looked at your original post again and I still don't see where you list which OpenVPN app you are using on your phone.
There is only one official OpenVPN app for iOS.

Do you have IPV6 enabled on your router?
Nope, I don't. I'll add that line and see where it goes! Thanks! I am trying to use UDP though.

[edit] using that line makes the client not connect. Changing to "proto udp4" yields the same results as before.
Do I need to have the routing forwarding I tried before on 0.0.0.0 for port 1194? I currently disabled it again.
 
Last edited:
There is only one official OpenVPN app for iOS.
[edit] using that line makes the client not connect. Changing to "proto udp4" yields the same results as before.
Do I need to have the routing forwarding I tried before on 0.0.0.0 for port 1194? I currently disabled it again.

Sorry yes, if you're on UDP in your custom config server box add
Code:
proto udp4
Remove any other rules you have tried out (ie fresh config VPN server), restart your VPN server and give it another shot.

You can add this option to your Client config as well to force both ends to connect over udp IPV4 addresses

Please force both client and server to use proto udp4 and repost your log to see if the IPV6 connection switches to IPV4 and what any other issues show up in there might be

Have you tested with Internet and Lan option enabled? Not just Lan only?
 
Sorry yes, if you're on UDP in your custom config server box add
Code:
proto udp4
I already tried this (I wrote that above) and I have the client forced to UDP IPv4 too and I still cannot do anything.
Have you tested with Internet and Lan option enabled? Not just Lan only?
Hmm no I have not done that. Will try.
 
Full disclosure: I don't know anything about iphones.

1. I think others here have reported good results with passeportout on the iphone. My experience with the official OpenVPN on android has led to problems similar to yours, so maybe you try something not so "official". Also, that's why @CaptainSTX asked.

2. A connection being made but no data flowing is a symptom of a compression mismatch. You might try everything with compression disabled and see if that works.

3. Also this: OpenVPN Internet issues
 
My experience with the official OpenVPN on android has led to problems similar to yours, so maybe you try something not so "official".
I thought it was what was recommended so I used that. Not even sure if there's other apps. Will check.
I tried with OpenVPN from a Windows PC though, and I had similar results. So it's not just the iPhone.
2. A connection being made but no data flowing is a symptom of a compression mismatch. You might try everything with compression disabled and see if that works.
That's a very good call but I already went through that. Currently, I have compression off.

As for that other post, it doesn't say what they set the cipher at. In any case I tried all options. Will do some more digging and maybe try from another PC or a Mac.
 
Do you have a vpn client configured on the router also?
If so your vpn client and vpn server can not be on the same port
 
Last edited:
Please check your OpenVPN logs when you have 'proto udp4' option enabled and check to make sure the tunnel connection is using an IPV4 route...

I have limited knowledge and could be way wrong but if you're exporting the client profile from the server everything should be the way it needs to be, the issue to me seems to be is your phone is using a IPV6 WAN address and it cant or the app cant translate your IPV6 to IPV4 to go over the tunnel.

This is my best guess..
Code:
Feb 12 11:50:51 ovpn-server1[12812]: Could not determine IPv4/IPv6 protocol. Using AF_INET6
Code:
2020-02-12 13:18:14 EVENT: CONNECTED vpnuser@XXX.XXX.XXX.XXX:1194 (XXXX:XXXX:X:XX:X:X:XXXX:XXXX) via /UDPv6 on NetworkExtensionTUN/10.8.0.2/ gw=[/]

You want first line to not appear and the second to show a UDPv4 not UDPv6

Thats where Id start anyway.....
 
I thought it was what was recommended so I used that. Not even sure if there's other apps. Will check.
I tried with OpenVPN from a Windows PC though, and I had similar results. So it's not just the iPhone.

That's a very good call but I already went through that. Currently, I have compression off.

As for that other post, it doesn't say what they set the cipher at. In any case I tried all options. Will do some more digging and maybe try from another PC or a Mac.

You say currently you have compression off. Tour screenshot shows compression is LZ4. Can you try this:

set compression to DISABLED.

Advertise DNS to client = YES

Client will use VPN to access = BOTH

Then export/import a new .ovpn config file to the client and, if that works, take it from there.

I run OpenVPN Server on my router and use Apple and Windows clients to connect without problems.
 
Do you have a vpn client configured on the router also?
If so your vpn client and vpn server can not be on the same port
Wrong.
 
Ok Sorry
Thanks for correcting it.
Thought i read it on the forum loads of times before, again I'm sorry
No the two OpenVPN servers must listen on different ports, and preferably the 5 clients should not use the same port, but there are exceptions ;)
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top