VPN - stuck with settings

Software SW help
1

Hello,

my TO is running behind a provider Router (FTTH HG8045Q) and I can not get VPN running. Actually I recently moved, and with the previous router I set up SoftEther and it worked. However, the same installation doesn’t now (they gave me the newer router model above).

Is set the TO to DMZ in the HG8045Q (192.168.11.1), so all traffic should reach the TO (192.168.11.3 on WAN).

The SoftEther LXC and all other devices are connected to the TO and its LAN on 192.168.1.XXX.

I tried SoftEther and the new OpenVPN feature from Foris. Setup works as described. Then I set my fix IP in the file and try to connect but it doesn’t work. BTW reset my TO recently so everything is pretty untouched as I have aeverything runningin my LXC containers.

Are there any test I could try to check if connection is possible?

Any tips appreciated.

Martin

2

maybe the DMZ doesn’t work as expected from your provider router.
as i see it you have to option to try:

  • set the HG8045Q as bridge so your TO can get a public IP
  • do specific port fw in HG8045Q, 443 and 1194 -> 192.168.11.3 (TO)
3

That were my thoughts too, and I tried to do port forwarding, but that also did not change anything. Thats why I asked above, how can I actually test if I can reach my TO from outside on a port?

BTW the provided router has no bridge mode setting :frowning:

4

http://ping.eu/port-chk/

5

Thanks for the help!

Well, but it shows all ports as closed. I looked my router up and found several manuals for port opening and I think everything is correct. However the TO is not reachable.

How can I check if the connection request/attempt is reaching the TO?

Is it correct that the foris gui openvpn doesnt create an entry in the firewall of luci?
Edit: oh I found an entry in the “Firewall - Traffic Rules” so that looks good too.

6

tcpdump -tqni eth1 ‘port 1194’

7

OK, to broaden my Troubleshooting I set my other Lacie NAS up for remote access and, well it worked on some port 50xxx.

on your port tester above this port then appeared open and I was able to access it.
So the DMZ and port forwarding in principle worked.

Now back to my VPN problem, I changed and adopted the port forwarding to exactly the same settings as my Lacie sample

looks like I forgot to specify the incoming port :frowning: as it was set to any before

From any host in wan
Via any router IP at port 4500

now I can connect.

However the port tester above says port closed
Any idea why?

And the VPN created by Forris still doesnt work. Firewall settings look identical.
No idea about that… any hints how to troubleshoot?

8

is the openvpn service up ?
what is the output of (in TO)
netstat -tulpan | grep 1194

9

OpenVPN is enabled

Screen Shot 2017-07-09 at 21.33.05.png1894×110 15 KB

and installed

Screen Shot 2017-07-09 at 21.35.31.png1934×656 42.7 KB

but the output from the command is nothing

10

Have somehow the same problem. My outputs are:

xyz@omnia:~# netstat -tulpan | grep 1194
udp        0      0 0.0.0.0:1194            0.0.0.0:*                           3433/openvpn


xyz@omnia:~# netstat -tulpan | grep 443
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      3233/lighttpd
tcp        0      0 :::443                  :::*                    LISTEN      3233/lighttpd
tcp        0      0 :::9443                 :::*                    LISTEN      3677/socat

Shouldn’t openvpn work over tcp?

11

By default openVPN uses UDP.

12

Have read that, UDP by default, as well.
On the other hand, it looks like TCP should work as well to allow incoming openvpn traffic from wan as @johndoe documented Dec. 16, 2016.

13

so your openvpn is not listening on 1194
i just remembered that port check might very well not detect UDP ports like 1194 but never the less you openvpn is not working , at least not on 1194