Completely new to OpenVPN, want to set it up, but running into issues/confusion.

rpeters83

rpeters83

Gawd
Joined
Jan 11, 2009
Messages
513
I'm asking for some help with setting this up. I'm familiar with the basics of VPN, but only have used PPTP. My goal is to run an OpenVPN server from my home and connect to it from work. Nothing fancy - I just want to be able to connect.

Here's what I have so far. I have a Ubuntu server running 3.2.6 of OpenVPN. All I did so far was install the .deb package. I have the web admin running and it's pretty much vanilla. My problem is, when I connect locally from my home network, it works fine using the OpenVPN connect client (from windows). It loads the profile and I'm able to connect to it. It seems to work out of the box.

The problem when I try to connect from work, or try to even load the profile, it says "Error. Connect error" in the taskbar. I've already opened up TCP 443 in my home router to point to the internal VPN server.

I'm not sure what else to do. I've tried to find tutorials, but they appear to be for older versions. It also seems to "work" (at least locally), but it's not from my remote work location, so I can't tell if it's a configuration issue or what.

Anyone willing to give me baby-steps and help me get this thing working? Thanks.
 
You have to generate the certificates and all that stuff, check out an OpenVPN tutorial and it should walk you through the steps of doing all that, what commands to do, what files go where etc. Some of the files go on the client and some stay on the server. I don't recall any of the steps myself but did eventually get it to work.

You may also need to put the VPN server on it's own vlan depending on what kind of router/firewall you use. I know with pfsense 2.x it gave me trouble (1.x was fine). I could connect to the VPN but could not connect to any server except for the VPN server itself or servers on another vlan. It's some kind of security thing in the fireewall, it sees traffic come from an interface then go back on that same interface and blocks it because that normally does not happen.

You also need to set a static route in your router so it knows where to route vpn range. I'm also assuming you changed the port to 443 and did all the proper forwards?

Also for troubleshooting purposes run it on TCP. That way you can try to telnet to the port and make sure you at least have that layer working properly. Once everything works then change it to UDP and change the port forward to UDP instead of TCP.

I don't remember all the little gritty details though so hopefully someone else can help better. I got mine working and then it was set and forget from that point.
 
Thanks. I'm not using pfsense, but just the firewall built into my home router. I have forwarded TCP 443 to the OpenVPN server (192.168.1.10).

What I don't get is why it won't work remotely, even when I have the proper ports forwarded. Again, it works locally if I connect from a machine already on my home network. From work (remotely), it immediately gives a connect error.
 
rpeters83 said:
Thanks. I'm not using pfsense, but just the firewall built into my home router. I have forwarded TCP 443 to the OpenVPN server (192.168.1.10).

What I don't get is why it won't work remotely, even when I have the proper ports forwarded. Again, it works locally if I connect from a machine already on my home network. From work (remotely), it immediately gives a connect error.
Click to expand...

443/TCP is standard HTTPS.
Your ISP is likely blocking this port.

You should use the standard OpenVPN port 1194.
 
Port 443 is for the web interface.
You need to open the port that you have set for the application to connect to.this is defaulted to 1194.
 
Yeah 443 is not Open VPN's default, I'm assuming you changed that in the openvpn config? It's a nice port to use as lot of firewalls block most outgoing ports but HTTP/HTTPS is allowed so you can pass your traffic through this port if you plan to use this VPN from many different locations which may have different network/firewall setups.

I can't see why your ISP would block it, but maybe test that with a service that you know will work without any major config, like apache.
 
If you continue to have issues, check out openvpn access server. It is much more plug and play vs setting it up yourself.
 
You must log in or register to reply here.
Back
Top