Results 1 to 7 of 7
  1. #1
    Untangler
    Join Date
    Oct 2016
    Location
    Left Coast
    Posts
    63

    Question New to OpenVPN, never connects, but times out instead

    I have looked at the client side logs, and it seems that NGFW is not listening on the right port. Or maybe not at all. Yes, I have checked and port 1194 is forwarded in Config->Network->Advanced->Access Rules. I tweaked that slightly to allow both UDP & TCP, but that is all.

    The client logs show a timeout occurring, and has me wondering is there something I should be restarting on the server side? Where are those logs BTW?

    I would appreciate any help, especially a link to troubleshooting on the server side (NGFW).

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,791

    Default

    No changes to access rules are required for anything on Untangle to function. In fact any changes you make in there typically are creating new issues. That feature is advanced for a reason!

    As for what's wrong, look at your OpenVPN client. Edit the .opvn file with a text editor and look for a remote line. That line will have an IP Address. If that IP address isn't your real WAN address... that's a problem. This commonly happens when people use Untangle as a bridge.

    If your Untangle is a router, check the IP address on External. It needs to be a routable address, if you see 10.x.x.x, or 192.168.x.x, or 172.16.x.x... that's not internet routable and you're double NAT'ing. You need to not double NAT and reconfigure your Internet equipment so that a real address lives on Untangle.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler
    Join Date
    Oct 2016
    Location
    Left Coast
    Posts
    63

    Default

    My WAN address is 84.241.X.X, and that is the address on both remote lines in the ovpn file. Why is creates the same address twice is odd, but that is what UT did. Yes, UT is configured as a router.
    I'm new to troubleshooting OVPN, as it has always "just worked" for me before. I have a number of OVPN connections on my client machine that work using TCP, and I added TCP to this one so that I could compare the log files on the client.

    Where are the server side log ovpn files?

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,791

    Default

    Are you testing from inside the Untangle protected network?

    And what you need aren't logs, you need the packet test on the troubleshooting tab. Watch for udp 1194 packets landing on External while you try to connect. If you don't see them, something between your client and the server is blocking the connection.

    Again, assuming you're testing from another network. If you're trying to use OpenVPN from inside an Untangle network to connect to said Untangle it not connecting is by design. You must test externally, I use my cellular hotspot for that.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangler
    Join Date
    Oct 2016
    Location
    Left Coast
    Posts
    63

    Default

    I am using a USB-connected cell phone to connect, so I'm outside the network.

    I didn't think about the possibility that AT&T is blocking that port, so I'll do some checks on that front. I will also try the packet test, thanks for that tip.

  6. #6
    Untangler
    Join Date
    Oct 2016
    Location
    Left Coast
    Posts
    63

    Default

    I finally figured it out- I was still inside the local network. My USB-tethered phone was still connected to the local WiFi.
    Thanks for your patience and help with this. Yes, it works now.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,791

    Default

    HAH! My Pixel does that to me ALL THE TIME. And I always forget about it too, if you don't pop off the wifi and turn on the hotspot it'll just happily bridge you from one wifi to the other.

    I feel your pain! Glad you found it.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2