dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
8354
parachuter2b
join:2008-11-06

parachuter2b

Member

trouble starting the openvpn server!

Hi there,

I'm trying to setup an OpenVPN server on my Windows Seven box.

OS: Windows Seven Ultimate
DD-wrt: v24-sp2
router: Asus RT-N16

After a few tires and quite a bit of research and troubleshooting, I finally followed all the steps to create cert authority, server and client certificates no problem. I also successfully generated the Diffie-Hellman params and HMAC signature. The port forwarding and dynamic dns and so on is also set up properly.

However, when I tried to start the server: ("right-click on the .ovpn file & hit 'start OpenVPN on this file'), I got:
"Options warning: Bad backslash ('\') usage in C:\Program Files\OpenVPN\config\se
rver.ovpn:24: remember that backslashes are treated as shell-escapes and if you
need to pass backslash characters as part of a Windows filename, you should use
double backslashes such as "c:\\openvpn\\static.key"
Use --help for more information.
Press any key to continue..."

After changing the backslashes to double backslashes in the server.ovpn file and trying again I got:
"Options error: --server directive network/netmask combination is invalid
Use --help for more information.
Press any key to continue..."

Unfortunately, I'm stuck. Have searched a lot, but couldn't find a solution..Please help!!

Thank you very much in advance!

SoonerAl
MVM
join:2002-07-23
Norman, OK

SoonerAl

MVM

Its been a long long time since I ran an OpenVPN server/client but here are my old config files that maybe of interest. Note my small how-to link at the end of this reply no longer exists...

»Re: openvpn vista 64 backslash issue

More examples from OZO...

»Re: Windows 2003 VPN

Perhaps if you posted a copy of your server config file someone could help further.
parachuter2b
join:2008-11-06

parachuter2b

Member

Thanks for your reply!

Below is a copy of my server.ovpn. I've tried it with full addresses also. same thing. Please help!!

### SERVER CONFIG FILE ###

# lines starting with # or ; will not be read by OpenVPN

local 192.168.1.139 #### CHANGE. This is the IP address of the real (not tun/tap) network interface of the server. Find it using 'run > cmd > ipconfig'.

port 11967 #### CHANGE. This is the port the service will listen on. See 'Configure your Router' section for recommendation.

proto udp

mssfix 1400

push "dhcp-option DNS 8.8.8.8" #### CHANGE. Replace the Xs with the IP address of the DNS for your home network (usually your ISP's DNS).

#push "dhcp-option DNS X.X.X.X" #### CHANGE (OPTIONAL). A second DNS server. If you have one, remove the #.

dev tap

#dev-node MyTAP #### CHECK. If you renamed your TAP interface or have more than one TAP interface, remove the # and change "MyTAP" to its name.

ca "ca.crt"

cert "server.crt"

key "server.key" # Never take this file off the server.

dh "dh2048.pem"

tls-auth ta.key 0 # 'ta.key' must be in the config folder.

server 192.168.1.139 255.255.255.0 #### CHECK. Assigns the virtual IP address and subent to the VPN. Make sure you add this to your Router (section 4i).

ifconfig-pool-persist ipp.txt

push "redirect-gateway def1" # This will force the clients to use the home network's internet connection

keepalive 10 120

cipher AES-128-CBC # Connection will be encrypted with AES 128-bit.

comp-lzo

max-clients 100 #### CHECK. Assigns the maximum number of clients here, change according to your setup.

persist-key

persist-tun

status openvpn-status.log

verb 1 # This sets how detailed the log file will be. 0 causes problems and higher numbers can give you more detail for troubleshooting.

TheMole
join:2001-12-06
USA

1 edit

1 recommendation

TheMole

Member

change "server 192.168.1.139 255.255.255.0" to "server 192.168.1.0 255.255.255.0"

server defines the network range, not the ip address.
TheMole

TheMole to parachuter2b

Member

to parachuter2b
also, i'm guessing your physical NIC IP address is 192.168.1.x, if that is the case you need to ensure your OpenVPN network interface is something other than the 192.168.1.x.

so, to keep things simple, i'd recommend changing the line to:

"server 192.168.200.0 255.255.255.0" where you can change the .200. to some other number than .1.

here is my config, on a unix box. 192.168.1.26 is my physical NIC, 192.168.210.0 is my VPN range:

root@pbx2:/etc/openvpn $ more server.conf
port 2010
proto udp
dev tap
ca ./xxx/ca.crt
cert ./xxx/server.crt
key ./xxx/server.key
dh ./xxx/dh1024.pem
tls-auth ./xxx/ta.key 0
server 192.168.210.0 255.255.255.0
ifconfig-pool-persist ./xxx/ipp.txt
keepalive 10 120
cipher BF-CBC
comp-lzo
;user nobody
;group users
persist-key
persist-tun
status ./xxx/openvpn-status.log
client-to-client
verb 4
route 192.168.1.0 255.255.255.0 192.168.210.1
route 192.168.5.0 255.255.255.0 192.168.210.2
client-config-dir ./xxx/ClientConfigDir
parachuter2b
join:2008-11-06

1 edit

parachuter2b

Member

OMG! Thank you very muhc!!! Server’s up now! Can’t believe I was tied up over such a stupid mistake.

So I tethered my phone to connect my two laptops to it and run tests:

1. Lenovo. OS: Win Seven Ultimate
2. Asus. OS: Win 8

Both clients do connect to the server (or at least the OpenVPN says so), but
the Lenovo has no internet connection and the Asus, though connected to the internet, doesn't show a different global IP.
Here's the IP of the Asus before and after connecting to the OpenVPN server:


IP Information: 199.119.232.226
ISP: Globalive Wireless Management Corp.
Organization: Globalive Wireless Management Corp.
Services: Suspected Network Sharing Device
City: Toronto
Region: Ontario
Country: Canada


Two more things:
1. I disabled the firewall momentarily on both the server and the Lenovo just to rule out the possibility. No change.
2. The Lenovo connects to a StrongVPN OpenVPN server no problem.

I am going to post what ipconfig gives me on both machines before & after connecting to openvpn (not sure if it's gonna help though?)

I'm running out of ideas. What else should I check for? Thank you for your time again!!!!

ps. There was no IP conflict. The laptops weren't connected to the server at the same time.

Lenovo before connecting to OpenVPN:



Windows IP Configuration

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::bdf0:a7b3:681b:a5df%13
IPv4 Address. . . . . . . . . . . : 192.168.43.9
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.43.1

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : wireless.utoronto.ca

Tunnel adapter isatap.{28F9D4EC-5F4F-46E3-BDA5-A5D0522DA30D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{FDE6457B-0A62-49C5-9760-C080A123566D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:345f:5e98:3888:1718
Link-local IPv6 Address . . . . . : fe80::345f:5e98:3888:1718%14
Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.wireless.utoronto.ca:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :


Lenovo after connecting to OpenVPN:


Windows IP Configuration

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::b990:7cf3:4348:ac47%16
IPv4 Address. . . . . . . . . . . : 192.168.10.2
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . :

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::bdf0:a7b3:681b:a5df%13
IPv4 Address. . . . . . . . . . . : 192.168.43.9
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.43.1

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : wireless.utoronto.ca

Tunnel adapter isatap.{28F9D4EC-5F4F-46E3-BDA5-A5D0522DA30D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{FDE6457B-0A62-49C5-9760-C080A123566D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:c5d:36c3:3f57:f5fd
Link-local IPv6 Address . . . . . : fe80::c5d:36c3:3f57:f5fd%14
Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.wireless.utoronto.ca:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :


Asus before connect to OpenVPN:

Windows IP Configuration

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : WDS01.COM

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::adf5:2da0:f72d:2e90%12
IPv4 Address. . . . . . . . . . . : 192.168.43.130
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.43.1

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:a2:3297:3888:171d
Link-local IPv6 Address . . . . . : fe80::a2:3297:3888:171d%19
Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.{1166AC31-5AE6-44B4-B8CC-D147C5BCA01C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :


Asus after connect to OpenVPN:

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d0dd:ae92:cf0a:6c7f%20
IPv4 Address. . . . . . . . . . . : 192.168.10.2
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : WDS01.COM

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::adf5:2da0:f72d:2e90%12
IPv4 Address. . . . . . . . . . . : 192.168.43.130
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.43.1

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:202b:1d4c:3888:171d
Link-local IPv6 Address . . . . . : fe80::202b:1d4c:3888:171d%19
Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.{1166AC31-5AE6-44B4-B8CC-D147C5BCA01C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{A2729BBC-3A7E-403C-A2CB-3B88C1409E9C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

TheMole
join:2001-12-06
USA

TheMole

Member

I'm not entirely sure what you are attempting to accomplish.

Maybe you can summarize and give us a little drawing with the different machines and how you want them to connect to each other?
parachuter2b
join:2008-11-06

parachuter2b

Member

I'm trying to setup an OpenVPN server on my desktop (which I have already, with your help that is:) and make sure I can connect to it from outside.

so in order to really test out the server, I tethered my phone and had my laptops connect to it (as opposed to my wifi), so they wouldn't be dialing into my OpenVPN server from inside my LAN. Then, using the client certs that I had created, I tried to connect to the server and was faced with the 2 scenarios I described earlier.

Both machines managed to connect (according to OpenVPN). Asus had internet connection, but used the same global IP as before and the Lenovo did not have internet connection what so ever.

Does that make sense? Isn't that a good way to go about testing the server?

TheMole
join:2001-12-06
USA

TheMole

Member

once you are connected to the VPN server (your "desktop"), can you ping the server VPN IP from the client (your "asus" and "leveno")?

one part i don't follow: when you say "both used the same global IP as before and the Lenovo did not have internet what so ever"

what does that mean, exactly?
parachuter2b
join:2008-11-06

parachuter2b

Member

Thank you for your quick reply.
said by TheMole:

one part i don't follow: when you say "both used the same global IP as before and the Lenovo did not have internet what so ever"

Sorry about the confusion. That is not what I meant. Ok so here's what happens:

Lenovo: OpenVPN client connects, but then after that there is no internet connection, so no IP either. ping fails as well.

Asus: OpenVPN client connects. It has internet and ping works fine. Basically everything is fine, except that Asus's global IP is the same as before: 199.119.232.226. It doesn't take on my server's IP, which starts with: 99.231

Thanks again!

SoonerAl
MVM
join:2002-07-23
Norman, OK

1 recommendation

SoonerAl

MVM

I think a better test would be to take the laptops down to a local open/free hotspot like the library or favorite bar or etc and test the VPN link from there. Some cell links just fail when trying to use a VPN over them or are simply not allowed by the carrier. Make sure you open the proper port on any router/firewall the OpenVPN server box is behind to the static LAN IP address of the server.

TheMole
join:2001-12-06
USA

TheMole to parachuter2b

Member

to parachuter2b
First, I'd agree with what SoonerAl See Profile recommends. Don't attempt to tether to your phone until you have known good setup.

Second, the OpenVPN client will never take on the public IP address of your server. OpenVPN is simply an application that connects two endpoints that are on different local networks together, on to a new private local network (securely).

So your server will first assign itself an IP on the new local network, something like 192.168.X.1 where X = the range you've assigned to the VPN. This must be different from the range your home router has assigned your server's physical LAN connection and it must be different from the client's other physical IPs. OpenVPN will then assign some second IP from the same range, for example 192.168.X.2. Now 192.168.X.1 and 192.168.X.2 are connected on the same local LAN. They can now talk to each other over that link.

(if you want to allow, for example, the client to talk to another machine that the server can naively talk to, you need to add routing rules. worry about that after you have successfully established a simple VPN connection).

All OpenVPN does is allows those two network IPs to communicate with each other. It does not replace or remove any other network adaptors and their respective IPs on a PC/device.

When you launched OpenVPN, your server now has two local IP addresses, the one it received (presumably via DHCP) from the router and the one that OpenVPN assigned to itself. They are different.

When the client connects, it is assigned an IP address on the VPN network.

I think your next step is ensuring you can ping from the client to the server over the VPN connection using the VPN IPs. Once that is successful, the rest should be fairly straight forward.
parachuter2b
join:2008-11-06

parachuter2b to SoonerAl

Member

to SoonerAl
Ok, thanks for the insight. I'll head to a coffee shop in a bit
parachuter2b

1 edit

parachuter2b to TheMole

Member

to TheMole
Thank you for your thorough reply!

I did quite a bit of research after getting your latest message. It turns out that (as you said) the inherent behavior of OpenVPN is not* to change the client's vpn. Searching for ways to tweak that behavior, I found out that I gotta:

1. add a [push "redirect-gateway def1" to my server.ovpn] (which was already there - so consider this step done!)

2. add a route to my router:

Gateway: 192.168.10.1 (start of the range defined in the server command in server.ovpn [server 192.168.10.0 255.255.255.128])

Subnet Masket: 255.255.255.128 (end of the range defined in the server command in server.ovpn)

Destination LAN NET: 192.168.1.139 (server LAN ip)

Done!
source: »forums.openvpn.net/topic ··· 706.html

3. Tweak Win 7 for forwarding VPN traffic:
a. Start -> Right-click My Computer -> Manage
Services
Right-click Routing and Remote Access -> Properties -> Automatic
Right-click Routing and Remote Access -> Start
Done!

b. modify "Local Area Connection" on server to allow TAP server connection to connect "through this computer's internet connection"
Done!

c. change IPEnablerRouter in registry to 1
Done!
source: »forums.openvpn.net/topic ··· 806.html

So all changes were made, but the client (Asus) still showed the same old IP: 199.119.232.214

Please let me know what you think!
Thanks again
HarryH3
Premium Member
join:2005-02-21

HarryH3

Premium Member

Are you looking at ALL the network connections after you start the VPN? Your client will have TWO IP addresses after the VPN starts. The 199.119.232.214 address will still be listed, for the local LAN, and then there will be another network connection listed when you run ipconfig that shows the IP address of the VPN network connection.
parachuter2b
join:2008-11-06

parachuter2b

Member

I get 199.119.232.214 from
»www.whatismyip.com/

and ipconfig gives me the same result as before (pretty much):


Ethernet adapter Local Area Connection:
..
IPv4 Address. . . . . . . . . . . : 192.168.10.2
..
Wireless LAN adapter Wi-Fi:
IPv4 Address. . . . . . . . . . . : 192.168.43.130


Only thing that's different since I've made the routing changes and Win 7 tweaks is that there was no
Default Gateway under
Ethernet adapter Local Area Connection, but now I have:


Default Gateway . . . . . . . . . : fe80::8019:8c68:75a2:b046%20


Here's a complete snippet:

ipconfig -> after I made routing changes:



Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d0dd:ae92:cf0a:6c7f%20
IPv4 Address. . . . . . . . . . . : 192.168.10.2
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . : fe80::8019:8c68:75a2:b046%20

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : WDS01.COM

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::adf5:2da0:f72d:2e90%12
IPv4 Address. . . . . . . . . . . : 192.168.43.130
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.43.1

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3c9a:6dac:3888:1729
Link-local IPv6 Address . . . . . : fe80::3c9a:6dac:3888:1729%19
Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.{1166AC31-5AE6-44B4-B8CC-D147C5BCA01C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{A2729BBC-3A7E-403C-A2CB-3B88C1409E9C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :



Ipconfig -> before I made routing changes (also posted previously):



Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d0dd:ae92:cf0a:6c7f%20
IPv4 Address. . . . . . . . . . . : 192.168.10.2
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : WDS01.COM

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::adf5:2da0:f72d:2e90%12
IPv4 Address. . . . . . . . . . . : 192.168.43.130
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.43.1

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:202b:1d4c:3888:171d
Link-local IPv6 Address . . . . . : fe80::202b:1d4c:3888:171d%19
Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.{1166AC31-5AE6-44B4-B8CC-D147C5BCA01C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{A2729BBC-3A7E-403C-A2CB-3B88C1409E9C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :



Please advice!

Thank you very much for your time!

TheMole
join:2001-12-06
USA

TheMole

Member

you're getting the 199.119.x.x address because that is your computer's IP address. Your "asus" is using that IP address to get to the web.

that has nothing to do with the VPN.

I think you still need to report back the results of the ping between the two openVPN ip addresses to ensure you have a good connection between the two machines over the vpn. from one machine, type ping 192.168.X.Y where 192.168.X.Y is the IP address of the OTHER side of the vpn.

------

correct me if i'm wrong: i believe you are attempting to use the VPN to proxy all your traffic while at a remote site over the VPN connection, so that it appears to the outside world you are connected from home?

if that is what you want to do, read this section "Routing all client traffic (including web-traffic) through the VPN" from here AFTER you have a working VPN connection: »openvpn.net/index.php/op ··· wto.html
HarryH3
Premium Member
join:2005-02-21

HarryH3 to parachuter2b

Premium Member

to parachuter2b
Why are you using a hardwired NIC connection and a wireless connection at the same time? I'm confused... Is one going to your LAN and the other to your tethered cell's network? If so, you need to disconnect from your LAN (assuming this is where the OpenVPN server that you're trying to connect to is also located) and [i]then[\i] try to connect to the OpenVPN server using the 2nd IP range. Otherwise it seems to me that you're trying to create a network loop when the VPN tries to create an IP address in the range that your LAN NIC is already connected to.
parachuter2b
join:2008-11-06

parachuter2b to TheMole

Member

to TheMole
said by TheMole :
you're getting the 199.119.x.x address because that is your computer's IP address. Your "asus" is using that IP address to get to the web.

I understand what you were saying about how it's not OpenVPN's inherent behavior to change the client's global IP. However, aren't the 3 steps I've taken and described above (adding the redirect command to server.ovpn, adding an extra route to my router and twaeking Win services) supposed to make the router take on the server's global IP?
said by TheMole :
correct me if i'm wrong: I believe you are attempting to use the VPN to proxy all your traffic while at a remote site over the VPN connection, so that it appears to the outside world you are connected from home?

if that is what you want to do, read this section "Routing all client traffic (including web-traffic) through the VPN" from here AFTER you have a working VPN connection: »openvpn.net/index.php/open-sourc···wto.html

That's exactly what I'm trying to do. I'm trying to help my friends abroad to get around the internet censorship in their country.
Thanks for referring me that guide and I'll check it out in a couple hours when I get back.
said by TheMole :
I think you still need to report back the results of the ping between the two openVPN ip addresses to ensure you have a good connection between the two machines over the vpn. from one machine, type ping 192.168.X.Y where 192.168.X.Y is the IP address of the OTHER side of the vpn.

So after running the server and connecting to it from the client, I have:
server:
static ip: 192.168.1.139
OpenVPN's: 192.168.10.1

client:
wireless: 192.168.1.113
OpenVPN's: 192.168.10.2

I can ping the server IPs from the client and the client IPs from the server no problem.

Please advise! thanks
parachuter2b

parachuter2b

Member

Some more research lead me to believe that it was the Win 8 routing bug that prevented the client from acquiring the server's global IP:

»visualplanet.org/blog/?p=127

Unfortunately, I don't have my Asus anymore to confirm the workaround mentioned above.. just thought I throw it out there for anyone else who may run into the same issue.

My Lenovo (running Win seven) is connecting fine and catching the server's IP.

Thanks for your help!
I guess the next step is to test it from overseas!
parachuter2b

1 edit

parachuter2b

Member

no good news :(

Testing from the internet banned state failed! Here's what OpenVPN gui spits out:

Sat Apr 27 11:12:55 2013 LZO compression initialized
Sat Apr 27 11:12:55 2013 UDPv4 link local: [undef]
Sat Apr 27 11:12:55 2013 UDPv4 link remote: 99.231.x.x:11967
Sat Apr 27 11:13:55 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Apr 27 11:13:55 2013 TLS Error: TLS handshake failed
Sat Apr 27 11:13:55 2013 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 27 11:13:57 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Apr 27 11:13:57 2013 Re-using SSL/TLS context
Sat Apr 27 11:13:57 2013 LZO compression initialized
Sat Apr 27 11:13:57 2013 UDPv4 link local: [undef]
Sat Apr 27 11:13:57 2013 UDPv4 link remote: 99.231.x.x:11967
Sat Apr 27 11:15:44 2013 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Sat Apr 27 11:15:44 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Apr 27 11:15:44 2013 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Apr 27 11:15:44 2013 LZO compression initialized
Sat Apr 27 11:15:44 2013 UDPv4 link local: [undef]
Sat Apr 27 11:15:44 2013 UDPv4 link remote: 99.231.x.x:11967
..
 

I tried to connect from a few other places within my town..all successful!

Any idea why it's happening from there?

Thanks!

TheMole
join:2001-12-06
USA

TheMole

Member

said by parachuter2b:

no good news :(

Testing from the internet banned state failed! Here's what OpenVPN gui spits out:

Sat Apr 27 11:13:55 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Apr 27 11:13:55 2013 TLS Error: TLS handshake failed
 

I tried to connect from a few other places within my town..all successful!

Any idea why it's happening from there?

Thanks!

if the time between the client and server are not sync'd, TLS will fail. ensure the remote client in the "banned state" has the correct UTC time (time zone does not matter, it should know localtime vs UTC).

OR

the "banned state" is banning VPNs and you need to either switch to another port for VPN to operate on or figure out a more complicated way of avoiding the blockage.
parachuter2b
join:2008-11-06

parachuter2b

Member

Do you mean it should show the correct local time? That is, at the time of the attempt, the actual time over there was 11:13?

Thanks!

TheMole
join:2001-12-06
USA

TheMole

Member

Correct local time - so just ensure the computer is correctly sync'd to a timeserver and has the correct local timezone set.

Remember it could also be that VPNs are blocked by the remote ISP.
parachuter2b
join:2008-11-06

parachuter2b

Member

I checked the time zone; It was set correctly.
did some research on the net..turns out that OpenVPN was recently blocked in Iran.

Alternatives seem to be:

1. proxy and then OpenVPN (gotta look into how that's done. Also not sure about the drop in speed)

2. SSTP: also unsure about the "how to"?

so it seems like I got a lot of homework to do. However, feel free to share your thoughts. Always appreciated!

TheMole
join:2001-12-06
USA

1 edit

TheMole

Member

Oye, iran. Be careful - they might chop off your fingers for trying to avoid their filters.

I'm not sure how to proceed.

Be careful.
parachuter2b
join:2008-11-06

parachuter2b

Member

ha! funny how the media instills these baseless fears in our heads lol
I've been to Iran many times..It's not like that. Lots of societal and political restrictions for sure, but it's no Saudi Arabia!

TheMole
join:2001-12-06
USA

TheMole

Member

I'm sure it is a charming place, in its own way.

Try changing the port openvpn runs on (don't forget to change the client config file to reflect the change).

I'm sure it will not work, but hey you never know.
TheMole

TheMole to parachuter2b

Member

to parachuter2b
»www.ibtimes.com/cyber-re ··· 1118671#

give this a try....

SoonerAl
MVM
join:2002-07-23
Norman, OK

SoonerAl to parachuter2b

MVM

to parachuter2b
These also maybe of interest getting around their filters...

In no particular order...

»www.your-freedom.net/ind ··· ?id=home
»www.torproject.org/docs/ ··· .html.en
»psiphon.ca/
»alkasir.com/about
»www.howtobypassinternetc ··· hip.org/
»en.flossmanuals.net/bypa ··· sorship/