Difference between revisions of "OpenVPN troubleshooting"
| m (→Moving to TCP) | |||
| Line 63: | Line 63: | ||
| == On the Server side == | == On the Server side == | ||
| − | + | For Amahi systems built on ?????? edit this file | |
| {{Code|gedit /etc/openvpn/amahi.conf}} | {{Code|gedit /etc/openvpn/amahi.conf}} | ||
| or | or | ||
| {{Code|sudo nano -w /etc/openvpn/amahi.conf}} | {{Code|sudo nano -w /etc/openvpn/amahi.conf}} | ||
| + | |||
| + | For Amahi systems built on Ubuntu 12.04 edit this file | ||
| + | {{Code|gedit /etc/openvpn/openvpn.conf}} | ||
| + | or | ||
| + | {{Code|sudo nano -w /etc/openvpn/openvpn.conf}} | ||
| + | |||
| change   | change   | ||
| {{Text|proto udp}} | {{Text|proto udp}} | ||
| Line 72: | Line 78: | ||
| {{Text|proto tcp}} | {{Text|proto tcp}} | ||
| − | Restart both sides and you are now using openvpn over tcp | + | |
| − | + | Restart both sides and you are now using openvpn over tcp, | |
| + | and add your [http://en.wikipedia.org/wiki/Internet_service_provider ISP] below. | ||
| == List of bad ISPs == | == List of bad ISPs == | ||
Revision as of 21:53, 11 February 2013
Typical problems with the VPN:
- You cannot VPN into your network from your very own network (kinda duh)
- You cannot login two users simultaneously
- You cannot login to your network from another network with the exact same settings. You can probably reach your own HDA, but not other systems in the network, due to routing (the HDA has direct connection via the VPN tunnel).
- Check that you have port forwarded 1194 udp.
Contents
Moving to TCP
If UDP is not working because of your ISP (see list below). Then you will have to change from udp to tcp and change your port forwarding of 1194/udp to 1194/tcp.
Client side: (Windows)
Right click the red A, click edit settings. If you have a thing saying "HomeHDA > " then mouse over it and click edit settings. Change:
| Text | 
|---|
| proto udp | 
to
| Text | 
|---|
| proto tcp | 
Blocked port 1194
Sometimes port 1194 is blocked if you are behind a corporate firewall or someother firewall. The trick is then to use a port that is open. If you are not running https on your amahi, using port 443 is a good choice.
You can move to port 443 by changing the line:
| Text | 
|---|
| port 1194 | 
into
| Text | 
|---|
| port 443 | 
in your /etc/openvpn/amahi.conf file.
Of course you also need to tell the client side to use port 443! Add the following line to your client's config file
| Text | 
|---|
| remote <hda_username>.yourhda.com 443 | 
If for some reason the DDNS (yourhda.com) is not working but your control panel is updating, then add this line at the top of the config file.
| Text | 
|---|
| remote YOUR_IP_HERE <port> | 
Note: If you have a dynamic ip, then you will probably need to update this everyday. If you have a static ip then you are fine.
Manually (Windows)
Edit this file manually or use:
Seven x64
C:\Program Files (x86)\HDAConnect\config\HomeHDA.opvn
Seven x86 or 32 bit (Also most other Windows versions)
C:\Program Files\HDAConnect\config\HomeHDA.opvn
Run notepad as admin and open the above file.
Client Side (Linux/Mac)
Similarly, locate the configuration file and change
| Text | 
|---|
| proto udp | 
to
| Text | 
|---|
| proto tcp | 
On the Server side
For Amahi systems built on ?????? edit this file
| bash code | 
|---|
| gedit /etc/openvpn/amahi.conf | 
or
| bash code | 
|---|
| sudo nano -w /etc/openvpn/amahi.conf | 
For Amahi systems built on Ubuntu 12.04 edit this file
| bash code | 
|---|
| gedit /etc/openvpn/openvpn.conf | 
or
| bash code | 
|---|
| sudo nano -w /etc/openvpn/openvpn.conf | 
change 
| Text | 
|---|
| proto udp | 
to
| Text | 
|---|
| proto tcp | 
Restart both sides and you are now using openvpn over tcp,
and add your ISP below.
List of bad ISPs
Please add your isp if you need this work-around:
- Bell Canada
- Thames Valley Communications (Groton, CT)
Client Reports "TLS handshake failed" and Does Not Connect
This is usually caused by packet corruption that may happen for some users.
Follow the tutorial on "Prevent SSL Handshake Timeouts In OpenVPN" page to fix this.
