Open VPN (Centos 6.8)
hi guys, followed a documentation in Digital Ocean on how to install VPN but it's not working when connecting from Win 7.
OpenVPN: 2.3.11 Any ideas guys? Thanks for any help. Here's the error: Quote:
Quote:
|
Quote:
That said, if you don't run the OpenVPN client on Windows as ADMINISTRATOR, it won't have permissions to create the TAP/TUN interface needed for OpenVPN to work. |
Quote:
The OP needs to post considerably more detail, including simultaneous log-excerpts from both sides, in order for anyone to seriously be able to help to address the underlying problem. Also: "OpenVPN is not specific to <Windows|Linux|whatever>, and so, most problems that arise are not specific to <Windows|Linux|whatever>, either." The OP should search any online resource or FAQ for any description that is at-all similar to what he is seeing, whether or not the web-page being Googled says "Windows." Many problems have to do with the interaction between the two peers, irrespective of(!) which OS is hosting either one of them. |
Quote:
I have seen a few instances lately, where a fresh Windows 10 machine did *NOT* have the TAP/TUN interface available, and you had to run a command (forget which now), to get it to appear. And while it did *SAY* that OpenVPN was supported...it wouldn't actually let you fill in the boxes with the selections of your choice. Seen that happen on both fresh and upgraded W10 machines. Haven't done it on W7, though, but the OP doesn't state which. I do know that if you install the stand-alone client from the OpenVPN site, that right-clicking and selecting "Run as administrator", will let you get things going in many cases. Quote:
|
Windows-10 has a slew of security problems ... so they say ... so they say ... ;)
|
hi guys, thanks for the reply.
I rebuild the openvpn from scratch but still got errors on the client side. Here's my server.conf Quote:
Quote:
Quote:
Quote:
Scenario: Both server and client is on the same internal network for test purposes. |
Quote:
Testing it from your internal network (BEHIND your firewall), will typically not work. So...you promptly tested this from the internal network, and are SURPRISED it's not working? And again, you don't say whether or not you're running the OpenVPN client on Windows as administrator or not. |
There is no problem whatsoever running openvpn on LAN.
1. Do you actually run Openvpn as the service OR do you use the graphical client? The graphical client MUST BE STARTED AS ADMINISTRATOR if you connect from it. To make this more clear: - on Windows Openvpn installs a service which is DISABLED BY DEFAULT. - using the GUI you DON'T command this service, you connect separately so you MUST run the gui as administrator to make sure you can change interface options on the vpn device. This is required for tap devices, i am not sure about tun, but just to make sure you should run it as administrator. - i'd recommend testing the connection in the gui then if you need permanent connection, just enable the service which will initiate connections automatically for every .ovpn file found in the openvpn directory (or openvpn/config, i dont remember exactly). This does not need any further user interaction and will not provide any graphical notifications. 2. openvpn version server side? Put verb 4 on the server log and restart it to see more details. |
Quote:
Okay so I think I need to do some port forwarding on this one, wow this is a security risk if ever something got misconfigured. |
Quote:
On Linux side, I know the port 1194 is listening but I will have to double check whether it's open in the firewall. I run the OpenVPN in Windows as Administrator but to no avail. Thanks. |
Quote:
|
Quote:
Yes it's UDP, then I will have to set on the firewall to open UDP traffic for port 1194. |
Quote:
Quote:
|
I would suggest making this work over LAN first because if it doesnt work there, it will certainly not over the net...
|
Quote:
All the machines are using the same subnet. How do you think they would be able to distinguish local from remote hosts? *IF* you were even able to shoehorn this in somehow, by doing a HUGE amount of port-forwarding, it would only work for a few services, but would be a nightmare to support. |
All times are GMT -5. The time now is 09:40 PM. |