Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    First time OpenVPN server

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 3 Posters 998 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      brunoforestier
      last edited by

      I'm trying to set up a remote access VPN into my home network using my SG-1100.

      I've followed everything I found to be relevant here, but I've not been able to get my WAN address to respond on my OpenVPN port using this internet port checker.

      My configuration details, of note:

      Not disabled.
      Remote access mode
      UDP IPv4
      Device mode: tun
      Interface: WAN
      TLS key use: enabled
      Remainder of TLS and other config: I did create a CA and a cert, but given I can't connect to my IP on my VPN port, this doesn't seem relevant. Everything else is default

      Additionally, I did create two rules, as described here.

      What other troubleshooting can I do?

      1 Reply Last reply Reply Quote 0
      • B
        brunoforestier
        last edited by

        Idiot maneuver not seeing this initially:

        Here's my server status. Looks okay?

        7eab0424-10d2-41c3-a5ce-d3bdabd641d7-image.png

        Firewall logs? Nothing there when I try and connect to my WAN address on the openVPN port.

        OpenVPN logs? No errors. I restarted the OpenVPN service just now, looks OK.

        I have to be missing something really obvious but.. seems like I've covered all the bases from the documentation.

        V 1 Reply Last reply Reply Quote 0
        • V
          viragomann @brunoforestier
          last edited by

          @brunoforestier said in First time OpenVPN server:

          OpenVPN logs? No errors

          What do you get on the client?

          B 1 Reply Last reply Reply Quote 0
          • B
            brunoforestier @viragomann
            last edited by

            @viragomann 5ef965af-2428-4f43-8b32-0fd04178a6b0-image.png

            V 1 Reply Last reply Reply Quote 0
            • V
              viragomann @brunoforestier
              last edited by

              @brunoforestier
              This basically indicates that the client doesn't get a respond from the server.

              Post your OpenVPN settings and WAN firewall rules.

              Do you have a real public WAN IP, not a CGN or private?

              B 1 Reply Last reply Reply Quote 0
              • B
                brunoforestier @viragomann
                last edited by

                @viragomann 275cecb8-7e72-487e-9ac6-71cb7062a38b-image.png
                faf4ef95-4537-4e2a-b06c-da9a578e2004-image.png

                My WAN IP is DHCP from my CenturyLink ISP. I don't see anything online that indicates I shouldn't be able to connect to a VPN server hosted by one of these addresses.

                V 1 Reply Last reply Reply Quote 0
                • V
                  viragomann @brunoforestier
                  last edited by

                  @brunoforestier said in First time OpenVPN server:

                  My WAN IP is DHCP from my CenturyLink ISP. I don't see anything online that indicates I shouldn't be able to connect to a VPN server hosted by one of these addresses.

                  You should be able to assess if it's a private or CGN address.

                  The rule looks well.

                  You can use Diagnostic > Packet Capture to verify if OpenVPN packets arrive on the WAN interface. Select WAN interface, set the port filter to 1194, start the capture and trigger a connection.

                  The port scanner you mentioned above seems not be capable to send UDP packets. Consequently it will show the port as closed, since the rule allows only UDP.
                  But you should be able to see the packets in the capture.

                  1 Reply Last reply Reply Quote 0
                  • B
                    brunoforestier
                    last edited by

                    @viragomann said in First time OpenVPN server:

                    @brunoforestier said in First time OpenVPN server:

                    My WAN IP is DHCP from my CenturyLink ISP. I don't see anything online that indicates I shouldn't be able to connect to a VPN server hosted by one of these addresses.

                    You should be able to assess if it's a private or CGN address.

                    The rule looks well.

                    You can use Diagnostic > Packet Capture to verify if OpenVPN packets arrive on the WAN interface. Select WAN interface, set the port filter to 1194, start the capture and trigger a connection.

                    The port scanner you mentioned above seems not be capable to send UDP packets. Consequently it will show the port as closed, since the rule allows only UDP.
                    But you should be able to see the packets in the capture.

                    Now getting a "host unreachable" from OpenVPN client.

                    Short of contacting my ISP, how do I determine if my WAN is private/CGN?

                    V 1 Reply Last reply Reply Quote 0
                    • V
                      viragomann @brunoforestier
                      last edited by

                      @brunoforestier

                      https://en.m.wikipedia.org/wiki/Private_network

                      https://en.m.wikipedia.org/wiki/Carrier-grade_NAT

                      B 1 Reply Last reply Reply Quote 0
                      • B
                        brunoforestier @viragomann
                        last edited by

                        @viragomann

                        Adding the openVPN Client Export package allowed me to export a proper VPN profile, which I could then import and properly connect using the openVPN client on my windows machine. I'm connected now.

                        noplanN 1 Reply Last reply Reply Quote 0
                        • noplanN
                          noplan @brunoforestier
                          last edited by

                          @brunoforestier

                          you changed your tunnel IP ?

                          and if solved please mark als solved
                          brNP

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.