After executing half million of tests I finally found out where the problem is but do not know what is the problem. So please if you know help me to solve this mysterious problem.
SYSTEM DESCRIPTION:
I run SE server on OrangePiZero, OpwnWrt 15.05.1 linux. I can connect it with two different options to ISP having of course static IP.
1- using USB 3G dongle with SIM card, IP address is 78.xx.xx.xx
2- using company LAN connection, then server is visible as 62.xx.xx.xx
our IT specialists set up all routers from ISP down to my place with port forwarding for SE required ports
When I use SE bridge to connect to SE server everyting works perfect, so I believe port forwarding is OK, I can also see all forwarded ports
with some tools when I start SE server.
BUT
I want to connect to SE server also from Android device wit OpenVPN apk. SE server is set up for this option, of course.
If I use option 1 for SE server ISP connection everything works perfect.
If I use option 2 for SE server ISP, then it does not work!!!?
I made also most expanded log on OpenVPN apk on Android. Here it is below.
Look at line with MANAGEMENT: >STATE:1556262418,WAIT
It seems that for some reason authorization fails with company network.
internet connection 78.xx.xx.xx SIM card
2019-04-26 09:21:10 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:21:11 TCP connection established with [AF_INET]78.xx.xx.xx:443
2019-04-26 09:21:11 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:21:11 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:21:11 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:21:11 TCP_CLIENT link local: (not bound)
2019-04-26 09:21:11 TCP_CLIENT link remote: [AF_INET]78.xx.xx.xx:443
2019-04-26 09:21:11 MANAGEMENT: >STATE:1556263271,WAIT,,,,,,
2019-04-26 09:21:11 New OpenVPN Status (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2019-04-26 09:21:11 New OpenVPN Status (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2019-04-26 09:21:11 MANAGEMENT: >STATE:1556263271,AUTH,,,,,,
2019-04-26 09:21:11 TLS: Initial packet from [AF_INET]78.xx.xx.xx:443, sid=f2a32f89 228083c9
2019-04-26 09:21:11 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2019-04-26 09:21:11 VERIFY OK: depth=0, CN=vpn123456789.softether.net, O=vpn123456789.softether.net, OU=vpn123456789.softether.net, C=US
2019-04-26 09:21:11 Control Channel: TLSv1.2, cipher SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2019-04-26 09:21:11 [vpn123456789.softether.net] Peer Connection Initiated with [AF_INET]78.xx.xx.xx:443
2019-04-26 09:21:13 MANAGEMENT: >STATE:1556263273,GET_CONFIG,,,,,,
2019-04-26 09:21:13 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2019-04-26 09:21:13 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
internet connection 62.xx.xx.xx company LAN with port forwarding
2019-04-26 09:06:57 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:06:58 TCP connection established with [AF_INET]62.xx.xx.xx:443
2019-04-26 09:06:58 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:06:58 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:06:58 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:06:58 TCP_CLIENT link local: (not bound)
2019-04-26 09:06:58 TCP_CLIENT link remote: [AF_INET]62.xx.xx.xx:443
2019-04-26 09:06:58 MANAGEMENT: >STATE:1556262418,WAIT,,,,,,
2019-04-26 09:06:59 Connection reset, restarting [0]
2019-04-26 09:06:59 New OpenVPN Status (RECONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): connection-reset,,,,,
2019-04-26 09:06:59 New OpenVPN Status (RECONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): connection-reset,,,,,
2019-04-26 09:06:59 New OpenVPN Status (CONNECTRETRY->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): 10
2019-04-26 09:06:59 New OpenVPN Status (CONNECTRETRY->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): 10
2019-04-26 09:06:59 Waiting 10s seconds between connection attempt
2019-04-26 09:06:59 TCP/UDP: Closing socket
2019-04-26 09:06:59 SIGUSR1[soft,connection-reset] received, process restarting
2019-04-26 09:06:59 MANAGEMENT: >STATE:1556262419,RECONNECTING,connection-reset,,,,,
2019-04-26 09:07:09 MANAGEMENT: CMD 'hold release'
2019-04-26 09:07:09 MANAGEMENT: CMD 'bytecount 2'
2019-04-26 09:07:09 MANAGEMENT: CMD 'state on'
2019-04-26 09:07:09 MANAGEMENT: CMD 'proxy NONE'
2019-04-26 09:07:10 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
I have no access to company routers/servers/IT infrastructure. Any idea what can be problem with setting of these routers?
What "more" requires OpenVPN comparing to SE bridge? Is there any way as to identifiy what exactly is not passing through?
OpenVPN - company routers issue
-
- Posts: 6
- Joined: Fri May 03, 2019 12:12 pm
Re: OpenVPN - company routers issue
Wow, that's a lot! I've had some issues with OpenVPN before, but didnt' think that this is so critical. BTW, as I've heared, VeePN now is one of the top servies. Have anyone tried it? What do you think?
-
- Posts: 477
- Joined: Tue Sep 11, 2018 5:58 pm
Re: OpenVPN - company routers issue
Yes, now I am absolutely sure about it. It is blocked by company routers. Just check any Linkysys manual it is very easy - there is eved dedicated
tab in menu to select blocking vpns.
In a meantime I installed SE also in Android and using it I can connect even over company routers to server!!! So it is our company servers.
Because even from Android it could penetrate because I used SE https protocoll. From the same Android OpenVPN has no chance :)
I will create a new thread about Huawei wifi hotspot router ans Samsung mobile phone, very interesting findings - just check it! Surprise!
I have no more energy to try something new like VeePN :) Just search my articles here and you will understand why..
tab in menu to select blocking vpns.
In a meantime I installed SE also in Android and using it I can connect even over company routers to server!!! So it is our company servers.
Because even from Android it could penetrate because I used SE https protocoll. From the same Android OpenVPN has no chance :)
I will create a new thread about Huawei wifi hotspot router ans Samsung mobile phone, very interesting findings - just check it! Surprise!
I have no more energy to try something new like VeePN :) Just search my articles here and you will understand why..