cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

OpenVPN

FIXED
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎03-11-2016 8:27 AM - edited ‎03-11-2016 8:29 AM

is it worth me starting again from scratch then?
i'm at the stage where i don't know what is or isn't configured.

Ps, i've changed those to TXT files

Message 46 of 82
(4,494 Views)
Reply
0 Thanks
Anonymous
Not applicable

Re: OpenVPN

‎03-11-2016 9:21 AM - edited ‎03-11-2016 9:50 AM

I don't want to muddy the waters here but you @chenks76 should use Android’s keychain for your client certificate as it is inherently more secure than the current approach.

Using OpenSSL on Windows create yourself a client certificate bundle :

openssl pkcs12 -export -in client-cert -inkey client-key -certfile ca-root -name OpenVPN -out OpenVPN.p12

When you create this file you’ll be prompted for a password enter something of your choosing but do not forget it as you’ll need it later when you import. You can change the -name or -out values to suit yourself.

Copy the generated OpenVPN.p12 file to your Android device and import this file into your phone’s key chain using the same password as above. Once you’ve imported the file edit your Client.ovpn file and remove the ca, cert and key entries, and re-import the .ovpn file having saved the changes.

Assuming all is well you’ll be prompted for a certificate when you try to connect to OpenVPN so select the OpenVPN certificate and off you go.

Edit:- Corrected typo.

Message 47 of 82
(4,483 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎03-11-2016 9:39 AM

don't worry... waters are well and truly muddied already !!
Message 48 of 82
(4,476 Views)
Reply
0 Thanks
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

‎03-11-2016 10:10 AM

I don't want to muddy the waters here but you @chenks76 should use Android’s keychain for your client certificate as it is inherently more secure than the current approach.

OpenVPN being as picky as it is, I would get the damn thing working first.  You can always harden it later.  Trying to harden and fault find at the same time is a recipe for chasing one's tail, in my experience.  Especially if you are not sure what you are trying to achieve and fault finding by C&P, which seems to be the case here.

I have sent chenks76 a bundle of files which should work if they are placed in the right locations.  If that doesn't do it, I need to see some log files.

 

Message 49 of 82
(4,466 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎04-11-2016 9:47 PM - edited ‎04-11-2016 9:55 PM

ok tried your files. VPN connects again.
still can't ping 192.168.1.x addresses though.
i now need to look at what you said for router config.

 

Additionally,

+ Add a rule to the Windows firewall on the OpenVPN server to,
allow all traffic from the subnet 10.8.0.0 mask = 255.255.255.0

+ Add a port forward to the router
UDP 1194 -> 192.168.1.50

 

To reach other devices on the 192.168.1.0 subnet you will need to

+ Add a static route to the router,
interface = LAN, destination = 10.8.0.0,  mask = 255.255.255.0, gateway = 192.168.1.50
+ Enable IP forwarding on the Windows Open VPN server
There is a registry hack but the easiest way is to enable the Routing and Remote Access service.

 

 

1194 UDP is already forwarded, i wouldn't get connected to the VPN otherwise.
windows 10 firewall... where am i adding this route? i don't see anywhere that specifically lets you add a route. you can add an app though?

adding a static route on the router? i'll need to check the billion 8800nl manual to see where that specific section is.
routing and remote access service. this has been enabled and started.

Message 50 of 82
(4,443 Views)
Reply
0 Thanks
Anonymous
Not applicable

Re: OpenVPN

‎05-11-2016 8:15 AM - edited ‎05-11-2016 8:18 AM

@chenks76 - Have you done this, on your Windows 10 machine? If not, enable it an try again.

Also what does the status window show in the Server's GUI?

Here's a link to creating static routes on a Billion router.

Edit:- Added Billion link.

Message 51 of 82
(4,423 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎05-11-2016 8:36 AM - edited ‎05-11-2016 8:37 AM

as noted, the routing and remote access service is already enabled and running.
that tutorial just seems to show how to enable it ?

i didn't do the registry change though, is that necessary?

Message 52 of 82
(4,420 Views)
Reply
0 Thanks
Anonymous
Not applicable

Re: OpenVPN

‎05-11-2016 8:41 AM

Well the link does imply it is as it's part of the stepped procedure, so it may be worthwhile checking your entry to see if it's set at 1, and change if needed.

Message 53 of 82
(4,410 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎05-11-2016 8:49 AM

done
Message 54 of 82
(4,408 Views)
Reply
0 Thanks
Anonymous
Not applicable

Re: OpenVPN

‎05-11-2016 9:00 AM

Has doing this made any difference to your connection?

What can and can't you ping?

Message 55 of 82
(4,406 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎05-11-2016 9:06 AM

still can't ping any 192.168.1.x address
Message 56 of 82
(4,397 Views)
Reply
0 Thanks
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎05-11-2016 9:28 AM

setting up the static route on the router, there is no field for subnet

 

Screen Shot 2016-11-05 at 09.28.07.png

Message 57 of 82
(4,381 Views)
Reply
0 Thanks
Anonymous
Not applicable

Re: OpenVPN

‎05-11-2016 9:29 AM - edited ‎05-11-2016 9:30 AM

That's the prefix parameter value. Use /24

Message 58 of 82
(4,379 Views)
Reply
Anonymous
Not applicable

Re: OpenVPN

‎05-11-2016 9:31 AM

You say in message 50 that the UDP forwarding is already enabled, you'll need to add TCP (1194) to that list as well.

Message 59 of 82
(4,377 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎05-11-2016 9:34 AM - edited ‎05-11-2016 9:36 AM

@Anonymous wrote:

That's the prefix parameter value. Use /24

where am i adding this?
in the metric field?

@Anonymous wrote:

You say in message 50 that the UDP forwarding is already enabled, you'll need to add TCP (1194) to that list as well.

openvpn only stated that UDP needed opened, hence why TCP was left closed.
i shall open TCP now

EDIT - i had already set it to TCP/UDP anyway

Message 60 of 82
(4,369 Views)
Reply
0 Thanks