OpenVpn help

[Tech9]

A screen shot of OpenVPN Server setting (without login details, of course) will show what's happening. Also @macster2075 has to know the VPN download speed to mobile devices will be limited to the home ISP upload speed. Some cable ISPs provide asymmetrical service with slower upload. I can't have anything faster than 30Mbps for that very same reason.

 

[elorimer]

Some cable ISPs provide asymmetrical service with slower upload. I can't have anything faster than 30Mbps for that very same reason.

Yes, my Optimum is 200/30, and a new policy is limiting uploads further: 100/5, 200/10, 300/10, 900/30. They say they are doing this to conform to other cable providers.

This is why Wireguard is less of an issue for me.

 

[Tech9]

Same here. Grandfathered 500/30, the new offer is 500/20 and 1000/30. Works well for my needs.

 

[macster2075]

Well Im jealous lol. I only get 50/10 on my neck of the woods…literally in the woods

 

[Tech9]

50/10 is not bad. It depends what you use it for and the number of active users. I'm paying for 500/30 for two reasons - faster upload (30Mbps vs 20Mbps) and my access points speed to common 2-stream client (up to 480Mbps). My entire family's combined Internet traffic doesn't exceed 100Mbps speeds 99% of the time. Some people upgrade ISP speeds because of "just $10 more" offer and then spend $300 for new router, capable of dealing with the new speed. For many it's money spend for nothing - the online experience remains the same.

 

[macster2075]

If the *only* thing you changed or added was a username/password, you do NOT have re-export/import the .ovpn file to the client. The username/password is never provided in that config file anyway. All you will ever see is the following directive.

auth-user-pass

Because there's no file being passed as an argument w/ this directive (which if it was, would normally contain the username/password on separate lines), the OpenVPN client will prompt you for the username/password at runtime, when it's needed.

And if you think about it, how would the router even know which username/password it should provide during the export/import? If that could be communicated somehow, I suppose it's possible the export/import process could also configure and export a username/password file (e.g., userpass.txt) and pass it as an argument w/ the auth-user-pass directive.

auth-user-pass userpass.txt

But as far as I can see, at present it doesn't do that.

Just guessing, but what might have happened is that you also changed the "Username / Password Auth. Only" option from No to Yes, or vice versa. THAT would require a re-export/import of the client's config file since that determines if the client's cert and private key are also required to authenticate the connection.

So at this point what do I need to do.. I thought that if I deleted the username and created a new one with a new password, I had to export the OpenVpn file again because I though it would include the username and password...but now I know it doesn't...

That's the only thing I did...so not sure why is not connecting at all. I've tried different usernames and simple passwords, but nothing.
The part you mentioned about "Username / Password Auth. Only" option from No to Yes, or vice versa" - - where is that?
I don't see an option to do that..but I don't remember changing anything other than the username and password and hitting apply.

 

[macster2075]

ok.. Im off work now... I noticed something different.. is this symbol normal?.. I've never seen it before.

 

[macster2075]

So far, I have tried deleting all username except the admin one which I see I cannot delete... so, I tried to use that same one.. admin and the password I had set for it when setting up the router....clicked appy and then downloaded the Export file... sent it to my iphone and opened it using OpenVpn...added the configuration...tried to log in...nothing...it won't connect.

 

[eibgrad]

So far, I have tried deleting all username except the admin one which I see I cannot delete... so, I tried to use that same one.. admin and the password I had set for it when setting up the router....clicked appy and then downloaded the Export file... sent it to my iphone and opened it using OpenVpn...added the configuration...tried to log in...nothing...it won't connect.

Instead of assuming it's a username/password issue, treat it like any other failed connection attempt and post the syslog for the server and client. Let's see what it's failing on specifically. It might be something completely unrelated.

Worst case, reset the OpenVPN server to default and start over. Will probably be faster to resolution in the long run.

 

[macster2075]

you mean from OpenVpn app?

 

[eibgrad]

you mean from OpenVpn app?

Yes. Virtually all OpenVPN clients and servers retain logs for diagnostic purposes.

 

[macster2075]

it won't let me add the log here since it's more than 1000 words.. let me see if I can add a txt.

 

[macster2075]

here you go.

 

[macster2075]

@eibgrad - I think I found what you were saying about authentication.. I found it in Advanced Settings..but I don't remember going in there and changing anything... this is how it looks..

 

[elorimer]

It's failing because it's not reaching your asuscom.com address. You aren't getting to the server in the first place. I forget in that marathon chat session above where you ended up, but first you need to deal with the ddns issue.

 

[macster2075]

hmm.. what could have happened.. I didn't change anything.. just the username and password.
Is there a way to reset just the VPN section without touching the rest of the router settings?

 

[eibgrad]

As far as I can see, this is NOT a username/password issue. The log (I assume the client log) just keeps trying to contact your OpenVPN server, over and over again, to no avail.

2021-10-13 17:33:53 Contacting [My IP]:1194/UDP via UDP
2021-10-13 17:33:53 EVENT: WAIT
2021-10-13 17:33:53 Connecting to [myhostname.asuscomm.com]:1194 (My IP) via UDPv4
2021-10-13 17:34:03 Server poll timeout, trying next remote entry...
2021-10-13 17:34:03 EVENT: RECONNECTING
2021-10-13 17:34:03 EVENT: RESOLVE
2021-10-13 17:34:03 Contacting [My IP]:1194/UDP via UDP
...

 

[macster2075]

Ok.. so I enabled client2 and used another username and password and I was able to connect, BUT only if I am on phone data...if I connect to my wifi, the OpenVpn app won't connect...
Now is doing the opposite of what it was doing yesterday.... yesterday, I wasn't able to connect on data, only on wifi...now is reversed lol

 

[elorimer]

I looked back up the thread and it doesn't look like you ever got the ddns issue sorted out. If I follow, you placed your router in a dmz zone and have given the WAN side of the router this unusual 192.168.254.69 address. Your LAN side address is the standard 192.168.50.1 address. Now, no 192.168.xx.xx address is reachable from the internet, because it isn't routable.

Your modem, however, is going to have a WAN address that is a public routable address. Your asuscomm.com ddns address has to resolve to the address of the modem. So first, find out what the public address of the modem is and ping your asuscomm.com ddns address to see if they are the same. Nothing will ever work until that is sorted.

 

[macster2075]

I did a test with my wife's hotspot on her phone.. I connected to it via wifi and I was able to use OpenVpn app... so there's got to be something in my wifi/router settings that's blocking the connection?
but what? - I haven't made any changes to the router settings at all and it was working fine last night....until it didn't