What's new

Problems running VPN server...

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

But yesterday I tried logging in to the VPN server via my intranet (by pointing the server address to my router)
I don't see anything wrong in the config or the log. I'm stumped. You have no compression on the server side configured. Has to be on the client side or M&M is the next step.
 
Feb 19 11:24:27 ovpn-server1[3345]: XXX.XXX.XXX.XXX:51264 TLS Auth Error: Auth Username/Password verification failed for peer
Feb 19 11:24:27 ovpn-server1[3345]: XXX.XXX.XXX.XXX:51264 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
These 2 lines from syslog..
 
Yes, but that is from an earlier point in the log; the connection resets and then there is a successful connection 20 seconds later.
 
Pasting my config.
# Automatically generated configuration
daemon ovpn-server1
topology subnet
server 10.8.0.0 255.255.255.0
proto udp
port 1197
dev tun21
txqueuelen 1000
ncp-ciphers AES-256-GCM:AES-128-GCM
cipher AES-256-GCM
auth SHA1
compress lz4-v2
keepalive 15 60
verb 3
push "route 192.168.1.0 255.255.255.0 vpn_gateway 500"
duplicate-cn
push "dhcp-option DNS 192.168.1.1"
tls-crypt static.key
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
script-security 2
up updown.sh
down updown.sh
status-version 2
status status 5
Something to compare with maybe
 
Still following along with this.

Have you tried a different client device yet as well? Or has all your testing been with just your 1 phone? Id like to know if the issue persists with other client devices.
 
Pasting my config.
Excepting the compression this is my configuration as well.

I will note, though, that having the router on 192.168.1.1 is probably an invitation for problems. An awful lot of hardware, including hotspots, have that address, or 192.168.0.1, or 10.1.10.1. Many cable modems are at 192.168.100.1, so that also is a problem. If one is on a LAN with a router 192.168.1.1, and reaching over a VPN to another router with that address, one is likely to have problems.
 
Still following along with this.

Have you tried a different client device yet as well? Or has all your testing been with just your 1 phone? Id like to know if the issue persists with other client devices.
As posted, I tried with:
- iPhone (latest iOS) using OpenVPN official app and Passepartout
- iMac on El Capitan running Tunnelblick
- Windows 7 PC and OpenVPN official app
- Windows XP PC with older OpenVPN app

Also tried connecting:
- Directly from the phone using my LTE connection
- Connecting from either of these computers to the LTE connection via my phone as a hotspot
- Connecting directly from within my LAN to the router's IP.

Always the same behavior. Connects then it does nothing, no data sent, no data received, no errors.


So if I backup the config to a file when I restore it the router will be 1:1 as I had it before? I have a chance to reset this to factory this weekend, it's not gonna be pretty, but if I can revert to how it was before, i'll try, just to discard router issues.
 
Last edited:
As posted, I tried with:


So if I backup the config to a file when I restore it the router will be 1:1 as I had it before? I have a chance to reset this to factory this weekend, it's not gonna be pretty, but if I can revert to how it was before, i'll try, just to discard router issues.

Ya but I would have to re-read all the posts haha.

If you backup a config it will be 1:1. But its not recommended by most to do this when diagnosing issues, you can try it for sure, but if you're still having issues you'd be best to do a full reset and reconfig from scratch (literally 15-20mins of work for most networks). If theres an issue somewhere with your current config, wiping the router and reloading the config likely wont solve any issues.
 
So if I backup the config to a file when I restore it the router will be 1:1 as I had it before?
Save the config, and save the jffs. Then reload your firmware follow the @L&LD M&M reset procedure to get to a minimum configuration. Then try the OpenVPN server from scratch. Don't do anything you don't have to. If at that point it doesn't work you've ruled out the router as the issue. If it does work, then it was something messed up with nvram or a setting or some conflict we haven't seen before; either way you can proceed to kit out the rest of your configuration.

If you end up with things not working, you can always restore the config and the jffs and be no worse off.
 
follow the @L&LD M&M reset procedure
This has been mentioned before but I have no idea what it means.

And yeah what I meant is reset the router and configure by hand and see if it works, but in case it all goes to crap to have my old config that for everything but this, works fine.
 
Hello it's me again with this problem, I had given up then and came back to it again recently and still cannot figure it out.

I have a few questions:
- I have firewall enabled in the router, would this be impeding the access to the LAN while connected to the VPN? So I need to do something with the Network Services Filter tab here?
- I also notice that the assigned IP address when I connect to the VPN is 10.8.0.2, but my whole LAN is on 10.0.0.X, could this also be a problem? I cannot set the VPN to give 10.0.0.x addresses.
- It was also never clear to me if I have to add routing rules for this to work.

I am assuming the VPN server is working fine as I can connect to it without problems. I just can't access the LAN.
Can anyone help?
 
@ZakM, router? Firmware version? VPN settings used?

What exactly are you trying to access on the LAN, and how?

More details are needed.
 
I also notice that the assigned IP address when I connect to the VPN is 10.8.0.2, but my whole LAN is on 10.0.0.X, could this also be a problem? I cannot set the VPN to give 10.0.0.x addresses
Clients that connect to the server are given an address from a mini-pool for each server config. The default for server1 is 10.8.0.x and for server 2 is 10.16.0.x. They cannot be the same, and there is no reason to change them. The server takes care of routing from those address to the local lan by adding a route when "Both" or "LAN" are selected; if it is "Internet" then the route isn't added but the default gateway of the client is changed. So that isn't the problem. I don't think the firewall is the issue either.

When you say you can connect to the server, can you then access the internet through the server? You shouldn't be able to do that, if you have the original server config you posted, since there is no change in the default gateway. You should be able to access the internet but from the client and not through the tunnel.

I think we are back to doing the M&M.
 
@ZakM, router? Firmware version? VPN settings used?
All already posted in this thread's first post: https://www.snbforums.com/threads/problems-running-vpn-server.61769/

What exactly are you trying to access on the LAN, and how?
Anything. A computer, a service. Nothing works.
When you say you can connect to the server, can you then access the internet through the server?
It's set to LAN only. So no. I don't want Internet access.

[edit] i tried something else. Without the VPN, I opened a web server on a machine in the LAN through the routing config, and I could not access it either.
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top