OpenVPN
When I try to setup OpenVPN on my router connection from remnote is refused (TLS rejected) :
I registered *.ddns.net and set it on router (connection succed), then I enabledOpenVPN server, generated certificate and import it to client on Android mobile but when trying to connect it is refused with error "TLS Error: TLS handshake failed" as below
2023-04-04 21:21:35 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-04-04 21:21:35 TLS Error: TLS handshake failed
2023-04-04 21:21:35 SIGUSR1[soft,tls-error] received, process restarting
Time on router is synchronized.
Thank you
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi,
Please log into your Archer A7's admin webpage and then look up and report back the numbers of the first two segments of your router's Internet IP address. (as pointed out in the screenshot below)
- Copy Link
- Report Inappropriate Content
@woozle Thanks for your reply. Here the requested
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Ok. There you can see why it isn't working.
As per the logs you posted earlier, the OpenVPN client is sending it's connection requests to the IP address 190.218.49.5.
However, the OpenVPN server of the Archer A7 router is listening for incoming connections on the Archer A7's "Internet" port, which has the IP address 192.168.0.2.
Furthermore, this IP address is a so-called private IP address. (to be used in private networks)
This all means that between your Archer A7 and the actual Internet there is at least one more NAT router.
In case that additional NAT router is located at your home and directly connected to "Internet" port of the Archer A7 and you also can log into it's configuration webpage, then you may go ahead and configure the so-called "port forwarding" on that additional router and hope that is enough to make your OpenVPN work.
(if such device indeed exists, then let us know the make and model of it and maybe someone here can assist you with the configuration)
If that NAT device is not at your home and you have no access to it, then only your Internet Service Provider could help you further with your issue.
- Copy Link
- Report Inappropriate Content
@woozle I was not sure, but you confirm me that. As I can see my IP address is dynamic and CGNAT, so I have to the only possibility to tove this with my ISP. Thank you for info. Pavel
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi
I experience a similar issue.
I did check the adress and it is the same: the openvpn attempt to connect to 100.64.202. 90 while the IP address on the tplink router is 100.64.237.161
However, the log adds :IPv6: false
appreciate your help,
thank you
- Copy Link
- Report Inappropriate Content
Hi,
The two IP addresses you mentioned are within the IP address range used for CGNAT. (100.64.0.0 to 100.127.255.255)
Therefore a solution to the problem can only be provided by your Internet Service Provider. Just tell them you'd like to be able to access your home network from the Internet and they should know what they need to do.
Whether IPv6 is available or not doesn't matter in this case, because the OpenVPN of the Archer router will only work with IPv4.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 805
Replies: 10
Voters 0
No one has voted for it yet.