Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connecting to Homelab using OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 758 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hudri
      last edited by hudri

      Dears

      Use case:
      I am e.g. abroad and want to access my home-lab using my mobile phone with a 4/5 G connection or a public wifi trough openvpn

      Mobile device: Android 13, using OpenVPN Connect
      Topology: "my provider's modem" -->"Negate 6100"--> Several VLANs: 192.168.5.0/24, 192.168.10.0/24, etc
      external WAN IP is not fixed, but did not change the last months

      Problem:
      My setup works, if i connect my mobile from within my network with OpenVPN Connect; I do reach my targeted internal network, as expected
      If i try the same, using 4/5G: no connection; the openvpn logs are empty. I suspect that my mobile client does not reach my provider's modem at all.

      Questions:

      • Do I need a "remote access" - server, or a "peer to peer"; i assume remote access...
      • is it mandatory to have a fixed IP? when exporting the user certificate I entered my "semi-fixed" ip adress (" Host Name Resolution" --> "other"--> <my public IP> )
      • any suggestions, or obvious mistakes i made?

      br
      Hugo

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @hudri
        last edited by

        @hudri
        Do you even have a public WAN IP?
        This is required to be accessible from outside.

        Also possible that your ISP is blocking incoming traffic on the port you're using.

        A static IP is not needed, however, if your IP is dynamical you would need a dynamic DNS.

        H 1 Reply Last reply Reply Quote 0
        • H
          hudri @viragomann
          last edited by

          @viragomann
          hi
          technically my ip is dynamic. in reality it did not change for months.
          might the problem be related to the fact, that my pfsense is behind my provider's cable modem?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @hudri
            last edited by

            @hudri
            If the modem is not in bridged mode it is a router in fact and you would have to forward the OpenVPN traffic on it.

            H 1 Reply Last reply Reply Quote 0
            • H
              hudri @viragomann
              last edited by

              @viragomann
              so a simple port forwarding udp 1194->udp 1194 is enough?

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @hudri
                last edited by

                @hudri
                Yes, whatever port you're using.
                If you're running multiple services behind pfSense consider the forward all incoming traffic and configure the pfSense firewall accordingly. Some modems call this "exposed host" or "DMZ".

                Consider that UDP port 1194 is possibly not allowed on public wifi hot spots if you want to use that. You can configure your OpenVPN to listen on a commonly used port like 443.

                To go around such restriction I'm running two servers on my home pfSense. On on UDP 1194 and the other on TCP 587.
                The client is configured to automatically attend to connect to the second if the first doesn't response within 10 seconds.

                Note that OpenVPN over a UDP port is faster than TCP:

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.