Can't connect windows computer to openvpn
-
Not concerning your private ip on the log
Have you opened your 1194 port on wan
Client export and openVPN setup are allign
In terms of exporting the settings with or without 2.5 for openVpnNext sterp is to show your vpn server settings
Just with the hint on a vid it's not gonna work
BrNP -
@noplan Yes, the 1194 port is already open from the firewall rules.
-
and the rest ?
btw what are the logs of your openVPN Server sayin ?
for me it looks like you go no route to your vpn server
-
Why is the remote address a local one?
-
not sure if that's the only thing to consider why it's not working
-
my openvpn logs asks to check network connectivity. I think I need to configure something but I can't seem to find it. Can you suggest what should I check?
-
@tiger-0 said in Can't connect windows computer to openvpn:
Yes, the 1194 port is already open from the firewall rules.
Again, your client tries to connect to a private IP. This let us assume that you OpenVPN servers WAN IP is behind a router.
So you have- to forward UDP 1194 to pfSense on that router
- in the client export utility enter your public IP or host name at "Host Name Resolution" and export a new config for the client
-
We can't configure the firewall from our router that was given by our ISP.
tried adding the public IP on the client export and still can't connect -
@tiger-0 said in Can't connect windows computer to openvpn:
We can't configure the firewall from our router that was given by our ISP.
If you have an upstream (ISP) router in front of pfSense, you have to "NAT"that router.
That's not a choice, it's mandatory.NATting a port in the ISP's router isn't something special. I never saw an ISP - using their routers - in France (where I live) that doesn't support NAT.
-
@tiger-0
At least there should be a possibility on the router to set an internal IP or device as "DMZ" or "exposed host", which typically means that the router forwards any traffic to the stated IP or device. -
in Austria there are some (gettin more and more) ISP business routers (modems) that dont allow port forwarding opening ports and so on ... they provide a private range and thats it
so no openVPN for a lot of business (small) customers from one of the largest ISP here ;)yah there is a way round set the providerBox to bridge mode and use your pfS instead of that provider box
and yeah i like that approach @Gertjan
That's not a choice, it's mandatory.
-
@noplan said in Can't connect windows computer to openvpn:
in Austria there are some (gettin more and more) ISP business routers (modems) that dont allow port forwarding opening ports and so on ... they provide a private range and thats it
so no openVPN for a lot of business (small) customers from one of the largest ISP here ;)If they don't have enough "IPv4" for their clients, then yes, that's possible.
IPv6 was created to solve that issue.@noplan said in Can't connect windows computer to openvpn:
modems
Modems are often bridges.
With those devices their is nothing to 'NAT' as modems (bridges) don't work with "IP" addresses.
They (the ISP) could still offer you some RFC1918 ...... -
@noplan said in Can't connect windows computer to openvpn:
in Austria there are some (gettin more and more) ISP business routers (modems) that dont allow port forwarding opening ports and so on
Business routers? Not seen such ones up to now.
no openVPN for a lot of business (small) customers from one of the largest ISP here ;)
I know a business customer who got a CGN IP, but wanted to run services inside his network. A phone call to the "largest" provider was sufficient to get a public IPv4.
However, this was 2 years ago and the IPv4 lack is going on, of course. -
largest ISP in Austria no chance in hell to get anything else than a 10.0.0.0/24
and the ISP DNS as i mentioned earlier sold to small businesssome of the things have nothing to to with the lack of IPV4
just with money the ISP wants from his clients :) -
@noplan said in Can't connect windows computer to openvpn:
largest ISP in Austria no chance in hell to get anything else than a 10.0.0.0/24
Yes, I'm talking about this one.
I know the 10.0.0.0/24 only from the ISP routers. But up to now, any was able to forward traffic and also could be set into bridge mode.
However, if you don't intervene, you might get a CGN WAN IP, something like 100.x.x.x, which is not public and hence cannot be accessed from outside.
-
got a talk with that ISP today motivated by your post ;)
this business connect they sell only works
a) you get a private 10.0.0.0/24 and no open ports whatever
b) a box set in bridge mode and you have to deal with all the other nasty stuffnot sure if there isn't a small fee each month for usin b)
oh man i love ADSL in austria ;)
-
@noplan said in Can't connect windows computer to openvpn:
b) a box set in bridge mode and you have to deal with all the other nasty stuff
Therefor we use pfSense, which handles much better the nasty stuff then the any providers router.
-
@viragomann said in Can't connect windows computer to openvpn:
Therefor we use pfSense, which handles much better the nasty stuff then the any providers router
yeeessss
Totally agree on that one !
