i82register
Occasional Visitor
TL/DR:
Had an OpenVPN server configuration working fine on IPv4.
ISP switched my modem, and now I can't connect to the VPN.
Decided to try it on IPv6, and having trouble with it. After several weeks of fighting it alone, I turn to the pros of the forum.
Details:
Previous config had a 3rd-party modem (Arris TG-1652S) set to DMZ the Asus router, with a NAT option enabled (I don't remember which option specifically, but it worked great).
Why this config? Setting bridge mode created random disconnects of internet that required a power plug-out-plug-in reset, so I avoided that config although it would be preferable.
New config - some obscure 3rd-party modem ("HotBox 4") supplied by the same ISP that I set to bridge mode, which surprisingly works OK now without any disconnects. The modem has a private 100.*.*.* IPv4.
There aren't too many options to play with as this is a closed-garden type of a modem, but there is a "ROUTER-NAT" option that can bind to a MAC. I don't understand what it does as the built-in help provides conflicting information.
Help provided regarding this "Router NAT" option (yes, its not a mistake that is flipped, hence my confusion):
Bridge mode: Enter the MAC address of the WAN device to bridge in the "MAC Address" and click "Apply Changes".
And regarding Bridge Mode:
Router mode: Select to activate the router.
NAT mode : Clear the NAT to switch if you are using a router as other equipment.
For the life of me I don't understand it, looks like someone made a mistake in translation or just a bad UI.
Regardless, turning on both Bridge and binding via NAT mode to the MAC of the router yields a catastrophe (no internet) that requires a modem reset via the hardware button.
Behind the modem is an Asus AC-3100, with the new firmware released yesterday. I'm not sure what the IPv4 is, as checking online provides different address:
https://www.showmyip.com/ - 5.29.*.*
https://www.myip.com/ - 141.101.*.*
https://mxtoolbox.com/whatismyip/ - 77.137.*.*
https://www.purevpn.com/what-is-my-ip - 172.74.*.*
I think the 77.137.*.* is the actual right one, but regardless trying to connect via OpenVPN to any of those IPs yields nothings. Error logs provide no information.
Turning IPv6 on the AC-3100 works great (native mode), all supported devices on the network get an IPv6 which is cool, I couldn't do that with the previous modem.
Testing the router via IPv4 on the OpenVPN port gives nothing ("Filtered"). Testing via IPv6 shows that its open. (https://www.ipvoid.com/port-scan/). I can confirm that if I change the port the status changes accordingly, so its not a coincidence.
But I still can't connect, even after going through tutorials and changing the Asus config file to point to IPv6 connection (dev tun-ipv6, proto tcp6....).
Checking the client side (Windows, v3.3.4) logs shows:
2021 EXCEPTION
tun_win_util: GetBestGateway: 2a00.*.*.*.*.*.*.* is not a valid IPv4 address
That seems like a big client error, thinking it is still trying to connect to IPv4 although I specified IPv6. Googling that error I got nothing useful.
The ISP is unhelpful to say the least, they barely know what IPv6 is or what an open port means.
Before I escalate with the ISP I want to make sure I'm not missing anything on my end, as it seems its a config issue that I should be able to resolve without them, given that IPv6 works fine and the 1194 port is open.
Any tips will be appreciated.
PS. The OpenVPN profile generated by the router (before I made any changes):
client
dev tun
proto tcp-client
remote (IPv4 address that doesn't work) 1194
resolv-retry infinite
nobind
float
ncp-ciphers CHACHA20-POLY1305:AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
keepalive 15 60
auth-user-pass
remote-cert-tls server
Had an OpenVPN server configuration working fine on IPv4.
ISP switched my modem, and now I can't connect to the VPN.
Decided to try it on IPv6, and having trouble with it. After several weeks of fighting it alone, I turn to the pros of the forum.
Details:
Previous config had a 3rd-party modem (Arris TG-1652S) set to DMZ the Asus router, with a NAT option enabled (I don't remember which option specifically, but it worked great).
Why this config? Setting bridge mode created random disconnects of internet that required a power plug-out-plug-in reset, so I avoided that config although it would be preferable.
New config - some obscure 3rd-party modem ("HotBox 4") supplied by the same ISP that I set to bridge mode, which surprisingly works OK now without any disconnects. The modem has a private 100.*.*.* IPv4.
There aren't too many options to play with as this is a closed-garden type of a modem, but there is a "ROUTER-NAT" option that can bind to a MAC. I don't understand what it does as the built-in help provides conflicting information.
Help provided regarding this "Router NAT" option (yes, its not a mistake that is flipped, hence my confusion):
Bridge mode: Enter the MAC address of the WAN device to bridge in the "MAC Address" and click "Apply Changes".
And regarding Bridge Mode:
Router mode: Select to activate the router.
NAT mode : Clear the NAT to switch if you are using a router as other equipment.
For the life of me I don't understand it, looks like someone made a mistake in translation or just a bad UI.
Regardless, turning on both Bridge and binding via NAT mode to the MAC of the router yields a catastrophe (no internet) that requires a modem reset via the hardware button.
Behind the modem is an Asus AC-3100, with the new firmware released yesterday. I'm not sure what the IPv4 is, as checking online provides different address:
https://www.showmyip.com/ - 5.29.*.*
https://www.myip.com/ - 141.101.*.*
https://mxtoolbox.com/whatismyip/ - 77.137.*.*
https://www.purevpn.com/what-is-my-ip - 172.74.*.*
I think the 77.137.*.* is the actual right one, but regardless trying to connect via OpenVPN to any of those IPs yields nothings. Error logs provide no information.
Turning IPv6 on the AC-3100 works great (native mode), all supported devices on the network get an IPv6 which is cool, I couldn't do that with the previous modem.
Testing the router via IPv4 on the OpenVPN port gives nothing ("Filtered"). Testing via IPv6 shows that its open. (https://www.ipvoid.com/port-scan/). I can confirm that if I change the port the status changes accordingly, so its not a coincidence.
But I still can't connect, even after going through tutorials and changing the Asus config file to point to IPv6 connection (dev tun-ipv6, proto tcp6....).
Checking the client side (Windows, v3.3.4) logs shows:
2021 EXCEPTION
tun_win_util: GetBestGateway: 2a00.*.*.*.*.*.*.* is not a valid IPv4 address
That seems like a big client error, thinking it is still trying to connect to IPv4 although I specified IPv6. Googling that error I got nothing useful.
The ISP is unhelpful to say the least, they barely know what IPv6 is or what an open port means.
Before I escalate with the ISP I want to make sure I'm not missing anything on my end, as it seems its a config issue that I should be able to resolve without them, given that IPv6 works fine and the 1194 port is open.
Any tips will be appreciated.
PS. The OpenVPN profile generated by the router (before I made any changes):
client
dev tun
proto tcp-client
remote (IPv4 address that doesn't work) 1194
resolv-retry infinite
nobind
float
ncp-ciphers CHACHA20-POLY1305:AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
keepalive 15 60
auth-user-pass
remote-cert-tls server
