OpenVPN - company routers issue

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
sky59
Posts: 477
Joined: Tue Sep 11, 2018 5:58 pm

OpenVPN - company routers issue

Post by sky59 » Fri Apr 26, 2019 11:05 am

After executing half million of tests I finally found out where the problem is but do not know what is the problem. So please if you know help me to solve this mysterious problem.

SYSTEM DESCRIPTION:

I run SE server on OrangePiZero, OpwnWrt 15.05.1 linux. I can connect it with two different options to ISP having of course static IP.

1- using USB 3G dongle with SIM card, IP address is 78.xx.xx.xx
2- using company LAN connection, then server is visible as 62.xx.xx.xx
our IT specialists set up all routers from ISP down to my place with port forwarding for SE required ports

When I use SE bridge to connect to SE server everyting works perfect, so I believe port forwarding is OK, I can also see all forwarded ports
with some tools when I start SE server.

BUT

I want to connect to SE server also from Android device wit OpenVPN apk. SE server is set up for this option, of course.

If I use option 1 for SE server ISP connection everything works perfect.
If I use option 2 for SE server ISP, then it does not work!!!?

I made also most expanded log on OpenVPN apk on Android. Here it is below.
Look at line with MANAGEMENT: >STATE:1556262418,WAIT

It seems that for some reason authorization fails with company network.


internet connection 78.xx.xx.xx SIM card

2019-04-26 09:21:10 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:21:11 TCP connection established with [AF_INET]78.xx.xx.xx:443
2019-04-26 09:21:11 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:21:11 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:21:11 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:21:11 TCP_CLIENT link local: (not bound)
2019-04-26 09:21:11 TCP_CLIENT link remote: [AF_INET]78.xx.xx.xx:443
2019-04-26 09:21:11 MANAGEMENT: >STATE:1556263271,WAIT,,,,,,
2019-04-26 09:21:11 New OpenVPN Status (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2019-04-26 09:21:11 New OpenVPN Status (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2019-04-26 09:21:11 MANAGEMENT: >STATE:1556263271,AUTH,,,,,,
2019-04-26 09:21:11 TLS: Initial packet from [AF_INET]78.xx.xx.xx:443, sid=f2a32f89 228083c9
2019-04-26 09:21:11 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2019-04-26 09:21:11 VERIFY OK: depth=0, CN=vpn123456789.softether.net, O=vpn123456789.softether.net, OU=vpn123456789.softether.net, C=US
2019-04-26 09:21:11 Control Channel: TLSv1.2, cipher SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2019-04-26 09:21:11 [vpn123456789.softether.net] Peer Connection Initiated with [AF_INET]78.xx.xx.xx:443
2019-04-26 09:21:13 MANAGEMENT: >STATE:1556263273,GET_CONFIG,,,,,,
2019-04-26 09:21:13 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2019-04-26 09:21:13 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,



internet connection 62.xx.xx.xx company LAN with port forwarding

2019-04-26 09:06:57 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:06:58 TCP connection established with [AF_INET]62.xx.xx.xx:443
2019-04-26 09:06:58 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-04-26 09:06:58 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:06:58 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2019-04-26 09:06:58 TCP_CLIENT link local: (not bound)
2019-04-26 09:06:58 TCP_CLIENT link remote: [AF_INET]62.xx.xx.xx:443
2019-04-26 09:06:58 MANAGEMENT: >STATE:1556262418,WAIT,,,,,,
2019-04-26 09:06:59 Connection reset, restarting [0]
2019-04-26 09:06:59 New OpenVPN Status (RECONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): connection-reset,,,,,
2019-04-26 09:06:59 New OpenVPN Status (RECONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): connection-reset,,,,,
2019-04-26 09:06:59 New OpenVPN Status (CONNECTRETRY->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): 10
2019-04-26 09:06:59 New OpenVPN Status (CONNECTRETRY->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): 10
2019-04-26 09:06:59 Waiting 10s seconds between connection attempt
2019-04-26 09:06:59 TCP/UDP: Closing socket
2019-04-26 09:06:59 SIGUSR1[soft,connection-reset] received, process restarting
2019-04-26 09:06:59 MANAGEMENT: >STATE:1556262419,RECONNECTING,connection-reset,,,,,
2019-04-26 09:07:09 MANAGEMENT: CMD 'hold release'
2019-04-26 09:07:09 MANAGEMENT: CMD 'bytecount 2'
2019-04-26 09:07:09 MANAGEMENT: CMD 'state on'
2019-04-26 09:07:09 MANAGEMENT: CMD 'proxy NONE'
2019-04-26 09:07:10 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.


I have no access to company routers/servers/IT infrastructure. Any idea what can be problem with setting of these routers?
What "more" requires OpenVPN comparing to SE bridge? Is there any way as to identifiy what exactly is not passing through?

demanick05
Posts: 6
Joined: Fri May 03, 2019 12:12 pm

Re: OpenVPN - company routers issue

Post by demanick05 » Sat May 04, 2019 7:45 am

Wow, that's a lot! I've had some issues with OpenVPN before, but didnt' think that this is so critical. BTW, as I've heared, VeePN now is one of the top servies. Have anyone tried it? What do you think?

sky59
Posts: 477
Joined: Tue Sep 11, 2018 5:58 pm

Re: OpenVPN - company routers issue

Post by sky59 » Thu May 09, 2019 5:24 am

Yes, now I am absolutely sure about it. It is blocked by company routers. Just check any Linkysys manual it is very easy - there is eved dedicated
tab in menu to select blocking vpns.

In a meantime I installed SE also in Android and using it I can connect even over company routers to server!!! So it is our company servers.
Because even from Android it could penetrate because I used SE https protocoll. From the same Android OpenVPN has no chance :)

I will create a new thread about Huawei wifi hotspot router ans Samsung mobile phone, very interesting findings - just check it! Surprise!

I have no more energy to try something new like VeePN :) Just search my articles here and you will understand why..

Post Reply