OpenVPN server does not work in standalone mode
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hi,
I have my existing solution at raspbery I re-direct port via NAT inside to my Raspbery and have working OpenVPN Tunnel.
It took me a while to figure out, not easy task regarding routing.
I bought this expensive swicth hoping that it supports OpenVPN but apparently there something wrong with it.
I tried so many combinations, followed various examples from TP-link.
These examples seem even confuging and incomplete in terms what subnets are already used and what subnets shall be new.
Briefly:
After I export *.ovpn file, I replace the generated 10.x.x.x for my real <PUBLIC ip> address.
I have proven that it works because my other tunnel via Raspbery works fine at this address and I have all ports from my provider.
my internal LAN I want to access is 192.168.2.0/24 with DHPC for .130-.180
I am quite confused
" Local Network: " ??? what the heck is this, it is vague even in all manuals
I suppose I create a new, different one.
Local Network: 192.168.44.0/24
" IP Pool: " ?? again - quite confusing
never explained in manual what is meant by this
shall I fill in
192.168.2.0/24 ?
shall I fill in
192.168.2.124/3 or something like that to narrow the scope
or shall I use
192.168.44.0/24 which is I chose most often times
or pleaase, please explain this or add explanation to documentation, it is horrible ambiguous
Whatever I use, I the export *.ovpn file, replace public address, transfer it to my mobile phone (Android) and then connect tunnel.
Tunnel is created almost always witout any problem.
Green, running.
However what the problem is, I cannot ping 192.168.2.x anything.
I cannot ping back to my phone.
My phone shows me correct IP in correct range.
My phone gets correct DNS.
My phone gets correct GW.
Tunnel shows correct connection everything runs smoothly BUT ping deos NOT work in any scenario.
Even not when I push route into ovpn file.
I spent hours, hours, useless time. From varios sources and youtube videos I think this never worked or there must be some weird bug in these routers.
I even check routing tables. I even tried to add manual routing entries at router side.
Hopeless, hopeless. Expensice switch which declares OpenVPN but OpenVPN never worked.
If someone coul help me clarify settings I can make this attempt (start again from scratch) again. I can then send all details, what a ping tool at my mobile sees.
I relly exhausted many combinations.
Hi Mr. S
Thank you - I have seen the post several times when I was desperately searchin internet but I admit maybe I did not combine it with all my attemps, maybe yes.
Great tip, thank you.
I tried to use this option and still.... dead routing.
My other Raspbery OpenVPN works like a charm at the same time.
I have arrived at
client
dev tun
proto udp
float
nobind
cipher AES-128-CBC
comp-lzo adaptive
resolv-retry infinite
remote-cert-tls server
persist-key
explicit-exit-notify
remote REMOVED 444
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
Automatically generated routing table
Neither ping from inside LAN to mobile works.
ping to GW 10.36.x.1 neither works, weird thing that the gateway of mobile phone is not in 192.168.44.0 range
I also have a log from Android OpenVPN tunnel - failing to upload here.
OMG !
that is fantastic it is working !
you made my day Mr. S thank you very much
I bet this was what I originally had there but after so many combinations I got completely lost.
first I tried to add the two lines manulally to .ovpn
local network 192.168.2.0/24
ip pool 10.39.1.0/24
but then I told what happens if I remove these lines - as they are not generated by switch.
Removed them and still pinging !
I do not touch port 444 in NAT, I do not touch ACL, I do not touch routing table in regards of this 39 network
I wonder whether this "10.39.1.0" verus "192.168.39.0" has something to do with it. [EDIT: no it does not matter 192.168.39.0 works also]
Have a nice day and thanks again for your qick and useful help