What's new

Struggling with OVPN Server can someone advise me please?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

If you changed router (or SSID if using wifi), make sure your Windows clients haven't switched to a Public network profile (the default), which would block any inbound access. Switch them back to Private.

Otherwise as people mentioned, you just need to make sure that the server is set to route both LAN and Internet traffic. And if the VPN IP range changed to a new subnet, LAN side clients might also need to have their firewall adjusted to the new subnet.
 
If you changed router (or SSID if using wifi), make sure your Windows clients haven't switched to a Public network profile (the default), which would block any inbound access. Switch them back to Private.

Otherwise as people mentioned, you just need to make sure that the server is set to route both LAN and Internet traffic. And if the VPN IP range changed to a new subnet, LAN side clients might also need to have their firewall adjusted to the new subnet.
No other changes besides resetting routers to defaults that needed it. They had gone a lot flashes without resetting.
 
No other changes besides resetting routers to defaults that needed it. They had gone a lot flashes without resetting.
I can't get anyone of the three vpn connections to open the webui, when running the VPN Server.
 
Something is not right with routing. @RMerlin I have a defaults ovpn server config which means the server is set to lan only and I easily have full internet when connected. This happens with all of them. Could it be anything to do with the vpn up down script you implemented with the director back a while ago. Seems OVPN has bit me before after a router full reset.


Code:
Aug 25 04:58:49 RT-AX88U-E770 rc_service: httpd 1500:notify_rc stop_vpnserver1;clearvpnserver1
Aug 25 04:58:49 RT-AX88U-E770 custom_script: Running /jffs/scripts/service-event (args: stop vpnserver1)
Aug 25 04:58:49 RT-AX88U-E770 custom_script: Running /jffs/scripts/service-event (args:  clearvpnserver1)
Aug 25 04:58:49 RT-AX88U-E770 openvpn: Resetting VPN server 1 to default settings
Aug 25 04:58:49 RT-AX88U-E770 kernel: [JFFS2 DBG] (1) jffs2_sum_write_data: Not enough space for summary, padsize = -907
Aug 25 04:59:40 RT-AX88U-E770 rc_service: httpd 1500:notify_rc restart_chpass;restart_vpnserver1
Aug 25 04:59:40 RT-AX88U-E770 custom_script: Running /jffs/scripts/service-event (args: restart chpass)
Aug 25 04:59:40 RT-AX88U-E770 custom_script: Running /jffs/scripts/service-event (args: restart vpnserver1)
Aug 25 04:59:41 RT-AX88U-E770 vpnserver1[10751]: PLUGIN AUTH-PAM: BACKGROUND: initialization succeeded
Aug 25 05:20:02 RT-AX88U-E770 Diversion: rotated dnsmasq log files
Aug 25 10:30:26 RT-AX88U-E770 rc_service: httpd 1500:notify_rc restart_chpass;restart_vpnserver1;restart_dnsmasq
Aug 25 10:30:26 RT-AX88U-E770 custom_script: Running /jffs/scripts/service-event (args: restart chpass)
Aug 25 10:30:26 RT-AX88U-E770 custom_script: Running /jffs/scripts/service-event (args: restart vpnserver1)
Aug 25 10:30:26 RT-AX88U-E770 vpnserver1[22143]: PLUGIN AUTH-PAM: BACKGROUND: initialization succeeded
Aug 25 10:30:26 RT-AX88U-E770 custom_script: Running /jffs/scripts/service-event (args: restart dnsmasq)
Aug 25 10:30:26 RT-AX88U-E770 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Aug 25 10:30:27 RT-AX88U-E770 Diversion: restarted Dnsmasq to apply settings
Aug 25 10:30:27 RT-AX88U-E770 stubby[22364]: Stubby version: Stubby 0.4.0
Aug 25 10:30:27 RT-AX88U-E770 stubby[22364]: Read config from file /etc/stubby/stubby.yml
 
Setting to LAN Only will not prevent Internet access, just that the client's Internet access won't be redirected through the tunnel.

VPN Director has nothing to do with servers.
 
How comes that he cannot access the webui at all ? Should not this be resolved first ? ... and indeed, there is some confusion in the OP wrt what is really connected to what and how ... may be a short drawing would help.

EDIT: although you did not mention, do you have any OpenVPN Client running as well ? mention it cause you talked about VPN Director
 
Client is working fine here and the server seems to be working fine. I'm thinking it's something else.
Are you running OVPN Clients at the same time as OVPN Servers ? If not then ignore the rest of this reply.

I am on 386.7_2 installed on RT-AX86U with hard reset and USB drive reformat without settings restore - during last weekend I could connect remotely to the OVPN Server (LAN only, advertise DNS to Clients > Yes) but not access the router web GUI each day: I think this is the same problem you describe. My router is set to reboot daily, on Day 3 I could remotely access the router web GUI through OVPN Server - but not on Day 1 nor Day 2. Very puzzling.

I made some setting changes - these need more testing:

1) for OVPN Clients 1 and 2 I'm using NordVPN which uses UDP port 1194. I was also using the default UDP port 1994 for the OpenVPN server, so changed the OVPN Server to UDP port 1995 when remote on Day 3 and rebooted the router. I could text edit the .ovpn file for this change (no new certificate required) and connected remotely no problem.

2) on Day 3 OVPN Server subnet setting was 10.8.0.0 and OVPN Client 1 was using local IP 10.8.0.6 and OVPN Client 2 was using local IP 10.8.3.2 (note: today OVPN Client 1 is using 10.8.3.2 and OVPN Client 2 is using 10.8.0.6, so OVPN Clients subnets change in my setup !!! I'm not sure why. Incidentally I am running VPNMGR to update the NordVPN client settings daily). Some old posts on this forum suggested the subnets should be different for OVPN Clients and OVPN Servers. Perhaps my client and server setup was using same subnet and/or local IP on Day 1 and Day 2 ? I changed the OVPN Server subnet to 172.16.0.0 in the advanced settings remotely on Day 3 and rebooted the router and connected no problem.

I'll continue to test and fingers crossed this is stable ahead (two week remote trip coming up in early October).
 
Last edited:
@Chuckles67

1) It makes no difference what port your VPN server is using compared to the VPN clients. The server port is on your router, the client port is on NordVPN's server.
2) Yes the subnet for the VPN server should be different than that of the VPN clients. Like you I had to move my server subnet to something that was unlikely to be chosen by NordVPN.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top