OpenVPN server behind the provider's PAT
-
Hi!
I've set up an OpenVPN Remote Access server, but it is timing out.
My provider wasn't able to give me a public IP, only some ports for the TCP connection were redirected.
Now, in Android I've set up the OpenVPN client with the provider's public IP and port (which is redirected
to my WAN IP.), but the connection is always timing out.
Any ideas are appreciated: how should I start troubleshooting?
(Yet another thing: I'm using a multi-WAN connection.)
Thank you very much. -
Have you set your server and client to use TCP?
For troubleshooting use packet capture on pfSense, you find it in the Diagnostic menu. Check if the packets arrive on the WAN interface while trying to establish a connection from your phone.
-
It is set to use only TCP packets.
The diagnostic showed, that the client was trying to establish connection, without success. See capture.txt Private and bogon networks were on my system previously blocked. After unblocking the reserved networks, I've got closer to success. The connection was established, but disconnected after a little bit of time. It seams to be bouncing, but I don't now why. capture2.txt contains the captured packets and client.txt log from my openvpn client.
-
Obviously your provider do also source-NAT. 10.10.48.254 is a private address. So of course, you have to allow private access on WAN.
capture2.txt shows nothing but outbound traffic. However, this is irrelevant here anyway.
What shows the server log?
-
After a bunch of unsuccessfull tryings:
-
Obviously there is something wrong with the client certificat.
OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned -
Yes, the problem was, that I haven't created a certificate for the user itself, but used the VPN's CA…
After the modifications everything goes well now.
Thank you for your help and I wish you a happy new year!