Hi everyone. I have a strange problem. I made an openvpn server and it works, but I only can connect from lan, not outside it. If a use my phone and try to connect using mobile data, connection is refused (TLS Error: TLS handshake failed)
LOCAL IP SERVER: 192.168.1.1
PUBLIC IP SERVER: 80.81.82.83
Connection from 192.168.1.100 to server is OK.
Connection from PUBLIC IP to server is OK if I'm connected to wifi.
Connection from PUBLIC IP to server is NOT OK if I'm connected using mobile data.
I've read everything I found about TLS handshake error but no solution by now.
Firewall setup:
config rule 'ovpn'
option name 'Allow-OpenVPN'
option target 'ACCEPT'
option src '*'
list dest_ip '192.168.1.1'
list proto 'tcp'
list proto 'udp'
option src_port '1194'
option dest_port '1194'
option dest '*'
This firewall rule doesn't work. I have to open the 1194 port to make to vpn server to work:
config redirect
option target 'DNAT'
option name '1194'
option src 'wan'
list proto 'tcp'
list proto 'udp'
option src_dport '1194'
option dest_port '1194'
option dest_ip '192.168.1.1'
The strange thing is I can connect if I try inside my network (via Wifi), but if I try using mobile data, I can't.
I've checked everything once and again, but I'm lost.
The thing with OVPN is that the server only looks at the WAN port you specify.
Then you need to open that port in the firewall.
But you can’t route it to the LAN in this way you have done. The data on the “inside” (LAN) of the server go in and out of the OVPN server with a tun or tap network connection as a device to the firewall zone you wish to use. For tap network you can in some cases use VLAN also.
OVPN doesn’t work for “internal use” unless you reroute the data to wan side first. That is why I asked if you actually have a working encrypted connection according to the openvpn log or if you only are connected as usual to the network/wifi.
I've found the problem. UDP port is not opening via firewall. If I listen on 1194 TCP port, I can connect from lan/internet to openvpn server without problem, but if I set openvpn server to listen on udp port, I can't open it. So the problem is opening udp in the firewall.
Right now I'm in the trial/error part. In the beginning, obviously I had to read to understand.
Tunnel is working on tcp, so I think this is not the problem. It's something related to firewall that I can't discover.