Can you help me with Hosting an OpenVpn Server

August 30, 2017 at 06:26:08
Specs: Windows 10, I7
We have a FTTC cable connection (Virgin media 200Mbps) , with a Hitron router/modem ( in modem only mode ) ,  Although we have a business package , I understand this connection shares the residential lines 
We have set up the Hitron in Modem Only mode and have an Asus RT 66U router handling the network  ( the hitron had problems opening ports ) 
I have a challenge currently getting an open VPN connection to work . We have a Qnap  NAS( Linux Server ) which has its own Open VPN server  ;   I have tried manually opening the 1194 port on the router and connecting with the Config client file ( from open VPN ) with a client pc but no connection .  
I ran a open port test , though the browser reports the port 1194 is closed . I have tried switching uPnP off and on the Asus Router , changing the port foreward destination and source IP , restarting the router but I cannot seem to get a browser to confirm that the port is open . 
Now the very strange part , Asus routers come with their own VPN server which I can flick on and off  and  I can connect to this perfectly  . The config of the Asus Open VPN , suggests that port 1194 is used , yet  all of the open port tools still suggest that the port is closed .Even with the the Router's own VPN server running 
I am really confused with this , any and all suggestions are appreciated 

See More: Can you help me with Hosting an OpenVpn Server

Reply ↓  Report •

#1
August 30, 2017 at 07:09:53
I ran a open port test , though the browser reports the port 1194 is closed

What are you using to test?

If you haven't yet, look at the Gibson's Research "Shield's Up" website:

https://www.grc.com/default.htm

Run your tests from their site and verify if the port is open or not. If it's not, then you know what the issue is and need to fix it.

Personally, if the ASUS VPN is working, I'd go with that if you can't easily resolve the problem with port 1194 not being open.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Reply ↓  Report •

#2
August 30, 2017 at 07:38:11
I ran a open port test , though the browser reports the port 1194 is closed

What are you using to test?

I used the most popular ones on google ( canyouseeme ; portchecker , yougetsignal)

If you haven't yet, look at the Gibson's Research "Shield's Up" website:
" target="_blank">https://www.grc.com/default.htm

Very interesting websites there , not used it before , however the port tester did not recognise the purpose of port 1194 (openvpn ) and reported it closed anyway , I did have a screen-grab but cannot attach it here

This still reports closed even when using the Asus Open VPN, which uses 1194 :s


Reply ↓  Report •

#3
August 30, 2017 at 08:02:24
Connect the Asus' WAN port to your network, and test the port directly to verify 1194 is being opened on your side. (If that Win10 box is on the network, PowerShell's Test-NetConnection may prove useful.) If so, call up Virgin's business customer support, and complain. You have a business account, and certain actions are not permissible with business clients. ISP port blocking is one of them.

If not, at least you know the problem is on your side.

EDIT: This assumes the Hitron is only behaving as a dumb cable modem.

How To Ask Questions The Smart Way

message edited by Razor2.3


Reply ↓  Report •

Related Solutions

#4
August 30, 2017 at 09:06:37
AFAIK the dumb Hitron ( in modem mode ) modem is connected to the WAN of the ASUS ( I will double check ) , the network is connected to the lan port of the asus and then distributed though a managed switched .

I am assuming you mean I should connect directly to the Asus router and do an open port check

Or do you mean switch the ports so the dumb modem is in the LAN and the network is in the WAN ?


Reply ↓  Report •

#5
August 30, 2017 at 09:30:46
Double checked , yes , the Hitron is connected to the Wan of the Asus

Should I try connecting the modem to LAN port of the router instead >

I am on the phone to Virgin now , they say they dont normally block ports

Really lost with this ....


Reply ↓  Report •

#6
August 30, 2017 at 11:03:05
I'm not at all surprised the ASUS VPN works with 1194 even though the port is closed to the outside world. Since it's VPN is wired to that port it really doesn't need to leave it open so something else can listen on that port..........it listens on it itself and deals with the traffic on that port (as compared to passing that traffic to another IP address within your LAN).

Is there any reason not to use the ASUS VPN instead of the linux VPN? I'm of the mindset "if it ain't broke, don't fix it" and if the ASUS VPN works and the linux one doesn't, I'd use the ASUS VPN myself.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Reply ↓  Report •

#7
August 30, 2017 at 22:16:07
I assume your Hitron Modem/router is still set as router and your ASUS router is getting its WAN IP from the Hitron router.
You need to forward all ports (DMZ) in the Hitron router to the ASUS WAN IP address. That way the Hitron router is transparent to all AP traffic.

Another solution is to set your Hitron modem to bridging, and let the ASUS do all routing


Reply ↓  Report •

#8
September 1, 2017 at 07:29:06
Curt R "I'm not at all surprised the ASUS VPN works with 1194 even though the port is closed to the outside world. Since it's VPN is wired to that port it really doesn't need to leave it open so something else can listen on that port..........it listens on it itself and deals with the traffic on that port (as compared to passing that traffic to another IP address within your LAN)."

90: That's an interesting point you make , is this the norm with this port ? I understood what you mentioned be port triggering or uPNP rather than forwarding . Similarly in concept the Linux NAS has a UPNP option too, the linux NAS ( QNAP ) actually reports that the port is open strangely ( once I switch on uPNP) .

However No manually forewarded ports seem to be open at all now , I tried a few more ports out of curiosity and none are toggling open . This was not allays the case , I had to open Port 8080 to get to the Linux NAS remotely for example . I have updated the firmware for both the Router and the NAS . I suspect this has caused this issue

On a a side-note; I used to work for an Android tablet manufacturer and regularly done firmware updates , it was standard procedure to do factory reset after firmware updates , because the old configurations would become buggy . So I am thinking this would be my next troubleshooting step for the Asus Router , if I want these ports to remain constantly open , or just rely on the potential of UPNP or triggering options

Curt R : Is there any reason not to use the ASUS VPN instead of the linux VPN? I'm of the mindset "if it ain't broke, don't fix it" and if the ASUS VPN works and the linux one doesn't, I'd use the ASUS VPN myself.

90: The only reason is based on my assumption I am afraid ; the assumption is , if the NAS hosts the VPN , then I can access the Data Stores ( folders and files ) held on the NAS server - without additional security challenges . I have tried finding the server while connected to the ASUS VPN server ( on same network ) but , I could not find the NAS , I tried PING but noting returned ; I assumed at this point that I should be connected to the NAS


message edited by 90Ninety


Reply ↓  Report •

#9
September 1, 2017 at 07:40:53
sluc: I assume your Hitron Modem/router is still set as router and your ASUS router is getting its WAN IP from the Hitron router.
90: Apologies , I may not have made it clear but , as above the Hitron is a dumb router and the ASUS is doing the routing
sluc: You need to forward all ports (DMZ) in the Hitron router to the ASUS WAN IP address. That way the Hitron router is transparent to all AP traffic.
90: As above , there is no routing options on the Hitron , they are turned off , as the device is in "Modem only Mode"
slucAnother solution is to set your Hitron modem to bridging, and let the ASUS do all routing

90: come to think of it I am pretty sure now that I mentioned that I done this in the original post

message edited by 90Ninety


Reply ↓  Report •

#10
September 1, 2017 at 13:53:58
Ok clear, the Hiltron is in MODEM mode. WAN address on your ASUS router is in the 192.168.100.x?
To eliminate the modem from the problem, can you connect the Qnap NAS( Linux Server ) directly to the modem and from your phone or other broadband connection test the port 1194 is open?
The Qnap NAS( Linux Server ) needs to be running of course!

message edited by sluc


Reply ↓  Report •

#11
September 6, 2017 at 09:26:00
90: That's an interesting point you make , is this the norm with this port ?

I was making an assumption to be honest. I figured since it was working on the ASUS device, then the device itself was ensuring the appropriate port was open without you having to do so manually.


I understood what you mentioned be port triggering or uPNP rather than forwarding .

I was speaking specifically about port forwarding and nothing else. If you haven't tried a port forward on your secondary router, then perhaps you should. Normal port forward is something like this:

forward [port number] to [IP Address]

Perhaps it's the uPNP that's giving you issues.


90: The only reason is based on my assumption I am afraid ; the assumption is , if the NAS hosts the VPN , then I can access the Data Stores ( folders and files ) held on the NAS server - without additional security challenges

You should still be able to access the data even if the NAS isn't hosting the VPN.

I have a NAS device at home. I have not set it up to be remotely accessible but if I need something on it, I simply RDP into one of my Window computers and then access the NAS from that computer. If I wanted to access it directly from a remote client I would do a port forward on my SOHO router pointing to the NAS using the appropriate port. I probably wouldn't bother with the hassle of setting up a VPN.

Unless your router doesn't do port forwarding, you don't really need to use a VPN. In either case, at some point you want yourself and any other users who will be using the NAS to authenticate. With a port forward it would happen at the NAS. With RDP, at the PC you connect to. With a VPN, at the VPN itself.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Reply ↓  Report •

#12
October 9, 2017 at 08:07:25
Well I got the VPN working , The NAS is the HOST of the VPN , and i can connect to it , so progress made :)

However I noticed that I can only see the Folders on the virtual network by using the Local IP , I cannot mount folders by the device name . I am presuming that to connect to remote device file shares, using the device name , we have to install a DNS server on the Host of the folders , or on the network ?


Reply ↓  Report •

#13
October 9, 2017 at 08:39:55
Yes, when a remote computer asks, "Where can I find this 'NAS,'" you'll need something to say, "Right over here."

How To Ask Questions The Smart Way


Reply ↓  Report •

#14
November 13, 2017 at 01:00:59
NAS is the HOST of the VPN

Reply ↓  Report •

#15
November 13, 2017 at 04:11:53
If there is a "hosts" file on the NAS, that is usually the first DNS server searched for DNS matches.
Add to the file the device/computer IP address with an assigned host name.

example
192.168.1.101 <mydevice>, <alias_name>


Reply ↓  Report •

Ask Question