OpenVPN connections works on LAN but not through WAN

1

I'm trying to set up a simple OpenVPN server in my home network to safely connect from the outside.

The authentification itself works as i am able to connect from LAN.

My DDNS lookup and the portforwarding also works as i'm able to ssh in without any problems.

The incoming request does reach the server, but no working connection is established. These are the server logs after my connection attempt (verbosity level 6):

Fri Nov 21 02:24:04 2014 us=758700 MULTI: multi_create_instance called
Fri Nov 21 02:24:04 2014 us=758802 192.168.0.1:33080 Re-using SSL/TLS context
Fri Nov 21 02:24:04 2014 us=758870 192.168.0.1:33080 LZO compression initialized
Fri Nov 21 02:24:04 2014 us=759157 192.168.0.1:33080 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Nov 21 02:24:04 2014 us=759191 192.168.0.1:33080 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Nov 21 02:24:04 2014 us=759274 192.168.0.1:33080 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Nov 21 02:24:04 2014 us=759314 192.168.0.1:33080 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Nov 21 02:24:04 2014 us=759362 192.168.0.1:33080 Local Options hash (VER=V4): '530fdded'
Fri Nov 21 02:24:04 2014 us=759402 192.168.0.1:33080 Expected Remote Options hash (VER=V4): '41690919'
Fri Nov 21 02:24:04 2014 us=759471 192.168.0.1:33080 UDPv4 READ [14] from [AF_INET]192.168.0.1:33080: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Nov 21 02:24:04 2014 us=759509 192.168.0.1:33080 TLS: Initial packet from [AF_INET]192.168.0.1:33080, sid=a853602f ff1a5cf8
Fri Nov 21 02:24:04 2014 us=759567 192.168.0.1:33080 UDPv4 WRITE [26] to [AF_INET]192.168.0.1:33080: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Nov 21 02:24:06 2014 us=839182 192.168.0.1:33080 UDPv4 WRITE [14] to [AF_INET]192.168.0.1:33080: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
Fri Nov 21 02:24:10 2014 us=235613 192.168.0.1:33080 UDPv4 WRITE [14] to [AF_INET]192.168.0.1:33080: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
Fri Nov 21 02:24:18 2014 us=476909 192.168.0.1:33080 UDPv4 WRITE [14] to [AF_INET]192.168.0.1:33080: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0

and so on.

Anyone has an idea what the problem could be?

PS: No firewalls running. My router only has an extra ALG option for PPTP enabled. Disabling this didn't help. The host machine is running archlinux with latest openvpn. Login attemps done with network-manager from LinuxMint Cinnamon 17.

ju.kreber

Posted 2014-11-21T01:31:48.647

Reputation: 147

Answers

1

I ran into a similar situation and after a lot of looking at log files and googling error messages, I figured out that the ISP was blocking one particular type of response packet.

This prevented me from connecting via the VPN. I tried a different ISP, I think I went to a Starbucks, and it worked just fine.

I don't see any messages in your log that indicate this but it is REALLY hard to read that log with the text all run together. Can you fix that?

AngelaS

Posted 2014-11-21T01:31:48.647

Reputation: 143

Well thanks so far, I never thought of that. Couldn't imagine why an ISP would do that... :/ Umm yeah I'll give it a try and tab in all lines, wait a moment :) – ju.kreber – 2014-11-21T02:20:31.177

I think it was my Verizon Mifi. I really wanted to VPN into my home computer and it drove me crazy. – AngelaS – 2014-11-21T02:31:04.967

Okay I'll wireshark it on both machines and look at the differences - Thanks for the tip! :) – ju.kreber – 2014-11-21T02:43:12.960

Asked: 2014-11-21T01:31:48.647

Viewed: 496 times

Active: 2014-11-21T02:21:01.377