Hi all,

Im running a OpenVPN server on a UniFi Dream Machine Pro but can´t get my RUT-950 to establish a working connection.

The UniFi is on a fibre internet connection and the RUT950 is connected over cellular network (tested with two different operators)

the OVPN server works just fine if i connect with a mobile phone or a laptop thats provided internet access through the RUT950 (this tells me that the cellular provider does not block traffic).

When i connect with the RUT950 client the connection is established and the dynamic routes are visible, but if i then test to access any page or internal resource on the network nothing can be reached. i can ping the RUT950 from the client but not any iternet sites etc, tracert wont give me anything either.

I react upon the log stating inactivity after being connected one minute and to me it looks like it´s not able to reestablish the connection,

Mon Jan 8 17:20:02 2024 daemon.notice openvpn(OVPNMTVE)[29249]: Initialization Sequence Completed
Mon Jan 8 17:21:03 2024 daemon.notice openvpn(OVPNMTVE)[29249]: [UniFi_OpenVPN_Server] Inactivity timeout (–ping-restart), restarting
Mon Jan 8 17:21:03 2024 daemon.notice openvpn(OVPNMTVE)[29249]: SIGUSR1[soft,ping-restart] received, process restarting
Mon Jan 8 17:21:03 2024 daemon.notice openvpn(OVPNMTVE)[29249]: Restart pause, 5 second(s)
Mon Jan 8 17:21:08 2024 daemon.warn openvpn(OVPNMTVE)[29249]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Jan 8 17:21:08 2024 daemon.notice openvpn(OVPNMTVE)[29249]: Outgoing Control Channel Authentication: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Mon Jan 8 17:21:08 2024 daemon.notice openvpn(OVPNMTVE)[29249]: Incoming Control Channel Authentication: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Mon Jan 8 17:21:08 2024 daemon.notice openvpn(OVPNMTVE)[29249]: TCP/UDP: Preserving recently used remote address: [AF_INET]158.xxx.xxx.xxx:1195
Mon Jan 8 17:21:08 2024 daemon.notice openvpn(OVPNMTVE)[29249]: Socket Buffers: R=[131072->131072] S=[16384->16384]
Mon Jan 8 17:21:08 2024 daemon.notice openvpn(OVPNMTVE)[29249]: Attempting to establish TCP connection with [AF_INET]158.xxx.xxx.xxx:1195 [nonblock]
Mon Jan 8 17:23:08 2024 daemon.err openvpn(OVPNMTVE)[29249]: TCP: connect to [AF_INET]158.xxx.xxx.xxx:1195 failed: Operation timed out

Do you have any ideas?

Thanks in advance /Tobias

This is how the imported config file looks like (generated from the unifi dream machine server) i have excluded the certificates and key

"
client
dev tun
proto tcp
remote 158.xxx.xxx.xxx1195
resolv-retry infinite
nobind

Downgrade privileges after initialization (non-Windows only)

user nobody
group nogroup

persist-key
persist-tun

auth-user-pass
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3

auth SHA1
key-direction 1

reneg-sec 0

redirect-gateway def1
"

Hello,

I can see that you were using TCP as the protocol option. Would it be possible to edit the config file and edit the proto tcp to proto tcp-client instead? This is based on OpenVPN documentation where both TCP server and client must have an proto tcp-server/client.

In addition, if possible, kindly try using UDP as protocol on the OpenVPN server then redownload the client config and upload it to the RUT950 to see if it will be able to established the tunnel.

Let me know the result.

Best regards,
Rob

This topic was automatically closed after 15 days. New replies are no longer allowed.