issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT
issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT
2022-12-23 20:22:20 - last edited 2022-12-24 17:41:29
Tags: #VPN
Model: Archer A6  
Hardware Version: V2
Firmware Version: 1.3.2 Build 20201126

Hello team !

I'm trying to access remotely (from Internet) my Archer A6 Router, using the build-in OpenVPN server feature.

On Router I have enabled OpenVPN server, generated the certificate and exported the configuration file.

 

Then on client (a remote computer) I have imported this configuration file into OpenVPN client, and tried to connect to Router. But it's failing. The point is - my Router is sitting behind an Huawei optical terminal. So the configuration is the following:

optical cable from ISP -> Huawei HG8120H ONT ->  Archer A6 Router -> home devices.

And in Router interface, I can see that "Internet" address of Router is 192.168.100.4, which is a private IP - Router is behind Huawei ONT which seems to act as a NAT.

 

So in such configuration, how to access Router remotely? (over internet) 

 

many thanks in advance for your advices!

 

P.S.: screenshot from Router 

 

  0      
  0      
#1
Options
2 Accepted Solutions
Re:issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT-Solution
2022-12-23 21:42:51 - last edited 2022-12-24 17:41:29

  @Louis81 

 

Ok.

 

Then look up the Huawei ONT's Internet (WAN) IP address and check whether that one is also a private IP address or if it's a public IP address.

 

The Huawei should also have some kind of Status webpage in the way of what you previously showed for your Archer router.

 

Recommended Solution
  1  
  1  
#4
Options
Re:issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT-Solution
2022-12-23 22:03:47 - last edited 2022-12-24 17:41:35

  @Louis81 

 

If that's the case, then you should be able to make your VPN work by setting up port forwarding on the Huawei ONT.

 

Look for a menu named something like "forwarding rules" and then add a new rule with the following parameters: external port: 1194, internal port: 1194, protocol: UDP, target IP address: 192.168.100.4

 

 

P.S. When you setup the OpenVPN client make sure the IP address the client tries to connect to is the correct public IP address.

 

Recommended Solution
  1  
  1  
#6
Options
13 Reply
Re:issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT
2022-12-23 21:17:45

  @Louis81 

 

Hi,

 

It may still be possible to make this work, but the first thing we need to know is, are you able to log into the Huawei ONT's configuration interface? (i.e. open a web browser and go to http://192.168.100.1 )

 

  0  
  0  
#2
Options
Re:issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT
2022-12-23 21:38:31

  @woozle 

 

Thanks for your prompt answer ! 

Yes, I'm able to log into the Huawei's ONT configuration interface. 

 

  0  
  0  
#3
Options
Re:issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT-Solution
2022-12-23 21:42:51 - last edited 2022-12-24 17:41:29

  @Louis81 

 

Ok.

 

Then look up the Huawei ONT's Internet (WAN) IP address and check whether that one is also a private IP address or if it's a public IP address.

 

The Huawei should also have some kind of Status webpage in the way of what you previously showed for your Archer router.

 

Recommended Solution
  1  
  1  
#4
Options
Re:issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT
2022-12-23 21:54:58

  @woozle 

 

Yes on the status page of Huawei ONT (Status > WAN Information) there is a public IP. 

  0  
  0  
#5
Options
Re:issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT-Solution
2022-12-23 22:03:47 - last edited 2022-12-24 17:41:35

  @Louis81 

 

If that's the case, then you should be able to make your VPN work by setting up port forwarding on the Huawei ONT.

 

Look for a menu named something like "forwarding rules" and then add a new rule with the following parameters: external port: 1194, internal port: 1194, protocol: UDP, target IP address: 192.168.100.4

 

 

P.S. When you setup the OpenVPN client make sure the IP address the client tries to connect to is the correct public IP address.

 

Recommended Solution
  1  
  1  
#6
Options
Re:issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT
2022-12-23 22:22:26

  @woozle 

 

I have such menu - Forward Rules -> Port Mapping Configuration.

I'm not sure here - in "Internal Host" field I have to set 192.168.100.4 ? There is even a scrolling menu and Archer A6 is in the list. 

I cannot find fields with ports here, please find a screenshot :

  0  
  0  
#7
Options
Re:issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT
2022-12-23 22:26:53

  @woozle 

 

sorry, there is a button Add to expand the interface here, here is the whole settings :

 

  0  
  0  
#8
Options
Re:issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT
2022-12-23 22:43:37

  @Louis81 

 

Ok. Then select the "Archer_A6" as Internal Host, select "UDP" as the Protocol, and enter "1194" in the fields "Internal port number" and "External port number" (try for yourself if the router expects you to fill in the left or the right field of each). The lower entry section you can "Delete", since we only need to forward one port. Then click "Apply" and see what happens. If you wish you can also type something like "OpenVPN" in the entry field for "Mapping Name" so that you can later easily identify what this rules is for.

  1  
  1  
#9
Options
Re:issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT
2022-12-23 22:59:29

  @woozle 

 

Many thanks for your help !

I configured the port forwarding on Huawei ONT, then on Router Archer A6 I generated a certificate again in OpenVPN server tab, then exported the config file.

Imported the config file into the OpenVPN client (on remote computer), and tried to connect again but it failed.

In OpenVPN client logs it seems that client tries to connect to private IP of router (192.168.100.4), and obviously it fails:

 

⏎[Dec 23, 2022, 23:47:39] Connecting to [192.168.100.4]:1194 (192.168.100.4) via UDPv4
⏎[Dec 23, 2022, 23:47:49] Server poll timeout, trying next remote entry...
⏎[Dec 23, 2022, 23:47:49] EVENT: RECONNECTING ⏎[Dec 23, 2022, 23:47:49] EVENT: RESOLVE ⏎[Dec 23, 2022, 23:47:49] Contacting 192.168.100.4:1194 via UDP
⏎[Dec 23, 2022, 23:47:49] EVENT: WAIT ⏎[Dec 23, 2022, 23:47:49] WinCommandAgent: transmitting bypass route to 192.168.100.4
{
    "host" : "192.168.100.4",
    "ipv6" : false
}

⏎[Dec 23, 2022, 23:47:49] Connecting to [192.168.100.4]:1194 (192.168.100.4) via UDPv4
⏎[Dec 23, 2022, 23:47:59] Server poll timeout, trying next remote entry...
⏎[Dec 23, 2022, 23:47:59] EVENT: RECONNECTING ⏎[Dec 23, 2022, 23:47:59] EVENT: RESOLVE ⏎[Dec 23, 2022, 23:47:59] Contacting 192.168.100.4:1194 via UDP
⏎[Dec 23, 2022, 23:47:59] EVENT: WAIT ⏎[Dec 23, 2022, 23:47:59] WinCommandAgent: transmitting bypass route to 192.168.100.4
{
    "host" : "192.168.100.4",
    "ipv6" : false
}

⏎[Dec 23, 2022, 23:47:59] Connecting to [192.168.100.4]:1194 (192.168.100.4) via UDPv4
⏎[Dec 23, 2022, 23:48:09] Server poll timeout, trying next remote entry...
⏎[Dec 23, 2022, 23:48:09] EVENT: RECONNECTING ⏎[Dec 23, 2022, 23:48:09] EVENT: RESOLVE ⏎[Dec 23, 2022, 23:48:09] Contacting 192.168.100.4:1194 via UDP
⏎[Dec 23, 2022, 23:48:09] EVENT: WAIT ⏎[Dec 23, 2022, 23:48:09] WinCommandAgent: transmitting bypass route to 192.168.100.4
{
    "host" : "192.168.100.4",
    "ipv6" : false
}

⏎[Dec 23, 2022, 23:48:09] Connecting to [192.168.100.4]:1194 (192.168.100.4) via UDPv4
⏎[Dec 23, 2022, 23:48:19] Server poll timeout, trying next remote entry...
⏎[Dec 23, 2022, 23:48:19] EVENT: RECONNECTING ⏎[Dec 23, 2022, 23:48:19] EVENT: RESOLVE ⏎[Dec 23, 2022, 23:48:19] Contacting 192.168.100.4:1194 via UDP
⏎[Dec 23, 2022, 23:48:19] EVENT: WAIT ⏎[Dec 23, 2022, 23:48:19] WinCommandAgent: transmitting bypass route to 192.168.100.4
{
    "host" : "192.168.100.4",
    "ipv6" : false
}

⏎[Dec 23, 2022, 23:48:19] Connecting to [192.168.100.4]:1194 (192.168.100.4) via UDPv4
⏎[Dec 23, 2022, 23:48:29] Server poll timeout, trying next remote entry...
⏎[Dec 23, 2022, 23:48:29] EVENT: RECONNECTING ⏎[Dec 23, 2022, 23:48:29] EVENT: RESOLVE ⏎[Dec 23, 2022, 23:48:29] Contacting 192.168.100.4:1194 via UDP
⏎[Dec 23, 2022, 23:48:29] EVENT: WAIT ⏎[Dec 23, 2022, 23:48:29] WinCommandAgent: transmitting bypass route to 192.168.100.4
{
    "host" : "192.168.100.4",
    "ipv6" : false
}

⏎[Dec 23, 2022, 23:48:29] Connecting to [192.168.100.4]:1194 (192.168.100.4) via UDPv4
⏎[Dec 23, 2022, 23:48:39] EVENT: CONNECTION_TIMEOUT  BYTES_OUT : 840
 PACKETS_OUT : 60
 CONNECTION_TIMEOUT : 1
 N_RECONNECT : 5
⏎[Dec 23, 2022, 23:48:39] EVENT: DISCONNECTED ⏎

 

Here the Port forwarding rules  enabled on Huawei device:

 

  0  
  0  
#10
Options
Re:issue when enabling OpenVPN on an Archer A6 located behind a Huawei ONT
2022-12-23 23:18:23 - last edited 2022-12-23 23:20:47

  @Louis81 

 

Obviously the Archer A6 put its own IP address inside the *.ovpn config file.

 

Therefore, before you import the *.ovpn file into your client you need to open it with a text editor and modify the line that looks something like "remote 192.168.100.4 1194" to reflect your actual public IP address.

  2  
  2  
#11
Options