Raspberry Pi as VPN

Soldato
Joined
26 Feb 2007
Posts
14,107
Location
Leafy Cheshire
Edit: I'm hitting a wall with this. I feel like it's so close to working but I just cannot get the clients to connect. I'm desperate for help and I just cant find a place to get it.. the OpenVPN forums are really... toxic. If anyone could alk me through this, it's worth a case of beer.

Here's where i'm at. I've linked the images to save space.

Server.conf
Pi Firewall Rules
Interfaces
Plus info from my Virgin Superhub
port forward
Static Pi IP

When trying to connect i get a TLS Key Negotiation Failed to Occur error, which is a broad error message relating to any of the following: https://openvpn.net/index.php/open-...-seconds-check-your-network-connectivity.html

I've check all of the above, and everything is fine.

The only thing i can think of is that maybe Virgin block use of port 1194? But googling that suggests they do not, as people have asked before.

Help :(
 
Last edited:
Soldato
Joined
18 Oct 2002
Posts
6,365
Location
Bedfordshire
I'll admit, the thought of a beer makes me salivate.

Can you post a client config? Although most problems I had with openvpn were certificate related and I didn't find any of the error messages very good at pointing me to that fact.
 
Associate
Joined
11 Dec 2007
Posts
639
Location
Rochestet, Kent
Im using OpenVPN from a pfSense firewall with Virgin Media - so definately nothing there that would cause an issue.

If you can post the client config that would be helpful with diagnosing the issue.
Have you tried without TLS enabled?
 
Soldato
Joined
22 May 2003
Posts
4,055
I got my Pi today for the purpose of setting up a VPN.

I followed this:

https://github.com/StarshipEngineer/OpenVPN-Setup

The only thing I had to do at the end was this to get Internet access via the VPN:

Code:
sudo /sbin/iptables -P FORWARD ACCEPT
sudo /sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE

Set up forwarding on my router.

Imported the client file on to my phone and used OpenVPN Connect to test, works OK so far.
 
Soldato
Joined
22 May 2003
Posts
4,055
Can i ask what purpose would a vpn on a raspherry pi. As in what scenario would that be useful? Not what you will actually be using it for.

For connecting to your home network from outside home, or accessing UK content when abroad. Also useful for securing your connection when on public wifi.

I configured mine for my Dad who lives abroad so he can access iPlayer etc.

BTW noticed that after a reboot mine wasn't working, seems that iptables doesn't update each restart, followed this guide to get it working automatically after a reboot.

http://blog.mxard.com/persistent-iptables-on-raspberry-pi-raspbian
 
Associate
Joined
18 Sep 2012
Posts
130
Location
Not in the UK
Can i ask what purpose would a vpn on a raspherry pi. As in what scenario would that be useful? Not what you will actually be using it for.

Check the readwriteweb link above - basically most people use it on an untrusted connetion (e.g. public wifi) to encrypt traffic. Keeps you safe(r) from the nasties out there.

*edit* see above, also handy for geo-blocking.
 
Soldato
Joined
14 Oct 2009
Posts
9,538
Location
UK
Thread revival!

Running into the same issue, I have installed PiVPN and port forwarded 1194 but I cannot connect using the OpenVPN app. I just get "There was an error attempting to connect to the selected server"

Any help would be fantastic.

Trying. https://www.yougetsignal.com/tools/open-ports/ doesnt even seem the port is open which is weird as I have set the rule on the router.

With Virgin Media and I have actually recently moved house so brand new line and router with a fresh rPi setup, what am I doing wrong!! :(
 
Associate
Joined
4 Oct 2009
Posts
1,005
Have you forwarded udp?
Have you setup a local certificate ca?

Sorry I haven't used PiVPN but I do use openvpn which I have setup on my microserver in a similar configuration
 
Soldato
Joined
14 Oct 2009
Posts
9,538
Location
UK
Have you forwarded udp?
Have you setup a local certificate ca?

Sorry I haven't used PiVPN but I do use openvpn which I have setup on my microserver in a similar configuration
I have forwarded UDP.

I haven't done anything with regards to certificates, I just created the .ovpn via the client and put it on my iPhone and then tried to connect.
 
Associate
Joined
4 Oct 2009
Posts
1,005
Not sure what access you have to the PI but if you can get a root prompt, you can run tcpdump to prove that the traffic is getting past the router to the Pi . If you see nothing then it's a forwarding / router issue.

It certainly sounds more of a router issue, have you tried connecting when on Wi-Fi? IE already on the network.
 
Commissario
Joined
16 Oct 2002
Posts
2,652
Location
In the radio shack
Have you guys looked at this thread? It's a bit disjointed but we got there in the end. Mine is still running and because there's a Pihole there as well, I don't get adverts while using the VPN.
 
Soldato
Joined
14 Oct 2009
Posts
9,538
Location
UK
Not sure what access you have to the PI but if you can get a root prompt, you can run tcpdump to prove that the traffic is getting past the router to the Pi . If you see nothing then it's a forwarding / router issue.

It certainly sounds more of a router issue, have you tried connecting when on Wi-Fi? IE already on the network.
Yeah I can ssh on with no problems, Pi-Hole is running a dream also. I will give that 'tcpdump' a go.

I setup my network at the weekend to bypass the SuperHub router, I had it in modem mode and using a EdgeRouter and again the same issue. This was the first time ive used the EdgeRouter but im sure I set the forwarding rule up properly.

I have tried on Wi-Fi and via 4g.
Have you guys looked at this thread? It's a bit disjointed but we got there in the end. Mine is still running and because there's a Pihole there as well, I don't get adverts while using the VPN.
I did find that one, cheers. I have unfortunately already gone through pretty much all the same troubleshooting.

I am going to give this a go tonight, https://docs.pi-hole.net/guides/vpn/setup-openvpn-server/

PiVPN is no longer maintained anyway so I will give this method a go, not that much should be different apart from PiVPN being a GUI!
 
Back
Top Bottom