L2TP and OpenVPN do not connect

[nakwada]

Hello,

I am unable to establish a connection from a Macbook (OSX 11.7.4) using the integrated configuration (L2TP settings): error says server did not respond.
I am also unable to establish a connection using OpenVPN, regardless the platform (tried from Windows, Android and OSX).

IPsec / L2TP settings are all correct and I am using the .ovpn configuration file provided by the server manager.

However, it works perfectly well from Windows using SoftEther client.

SoftEther VPN server app is installed on a ReadyNAS, v 4.12 build 9514.

I suspect I'd have to upgrade to a more recent version.
However, I cannot find a way to update it to a newer version, guidance would be much appreciated.

[shakibamoshiri]

However, it works perfectly well from Windows using SoftEther client.

Because SE has its own protocol. It is called SoftEther VPN which is an SSL-VPN.

Can you try testing Windows with OpenVPN ?

Some reported issues connecting from iPhone via L2TP to an SE server.
Also try L2TP to the same server using an Android phone.

I suspect I'd have to upgrade to a more recent version.

For a few user (OpenVPN) you should not face any issue with SE stable version

However, I cannot find a way to update it to a newer version, guidance would be much appreciated.

Read the main repository documents here if you want to have latest version
https://github.com/SoftEtherVPN/SoftEtherVPN

[nakwada]

Hi, thank you for you answer!

Can you try testing Windows with OpenVPN ?

I did and it doesn't work with OpenVPN client on Windows, but it works flawlessly with SE client.

Also try L2TP to the same server using an Android phone.

Unsuccessful

For a few user (OpenVPN) you should not face any issue with SE stable version

I'll have 6 users max when I can get it to work from OSX devices.

[shakibamoshiri]

Hi

I'll have 6 users max when I can get it to work from OSX devices.

If SE client can connect but OpenVPN cannot so issue is OpenVPN. Have you enabled OpenVPN server on SE server side ?
Please double check
- OpenVPN server is enabled
- default port 1194 or if other port has been set, is open
- Also open file.ovpn with a TEXT editor and make sure the server address and port are correct

the remote option :

Code: Select all

remote <DOMAIN_NAME OR IP> <PORT>

[nakwada]

I confirm OpenVPN is enabled on remote server

vpnsmgr_x64_vSpUjwyYme.png

vpnsmgr_x64_UZCsUxZGGX.png

The configuration file was edited using Notepad++ and emacs, everything seems correct.

I did not change the port for the connection, so 1194 is set.

EDIT: I confirm the port is open, as I can see it in the list from netstat -tulpn | grep LISTEN

[shakibamoshiri]

I confirm OpenVPN is enabled on remote server

vpnsmgr_x64_vSpUjwyYme.png

vpnsmgr_x64_UZCsUxZGGX.png

The configuration file was edited using Notepad++ and emacs, everything seems correct.

I did not change the port for the connection, so 1194 is set.

EDIT: I confirm the port is open, as I can see it in the list from netstat -tulpn | grep LISTEN

if
- SE server is up and running
- OpenVPN server is enabled
- OpenVPN port is open
- SecureNAT has been enabled or Local Bridge has been created
Clients should connect, unless your ISP has blocked OpenVPN protocol.

please
- make sure SecureNAT has been enabled or the target HUB has been bridged to host machine
- check your ISP has not blocked OpenVPN or any other protocols

[nakwada]

I am 100% sure SE server is up and running, otherwise I wouldn't be able to connect with the admin tool or the SE client from Windows.

As per the screenshot on my previous message, OpenVPN clone is also enabled and 1194 port is open.
SecureNAT is enabled and there's a local bridge set up as well.

Only explanation is the service provide blocking OpenVPN protocol, or it is blocked on router level? (I do not have access to router's admin)

[solo]

OpenVPN clone is also enabled and 1194 port is open.
...I do not have access to router's admin

Without admin, how did you forward the port?

Disable NAT-T in Windows SE client. Can it connect now?

Also, edit ovpn config as follows:

Code: Select all

proto tcp
remote [SE client address] [SE client port]

?

[nakwada]

Hello,

Here are more clarifications on my setup:

I am responsible of the company's internal network, which consists of a handful of iMacs, two macbooks, a Windows desktop and a Netgear ReadyNAS.

Unfortunately, my ISP refuses to grant me access to the router and is charging a ridiculous price to setup a vpn for the team (over 1K euros).

So I decided to take the matter in my own hands and discovered SoftEther project.

SE server app is installed on the ReadyNAS.
SE clients and managing tools are installed on my Windows laptop and works well from outside the office.
However, OpenVPN doesn't work, neither L2TP profiles from our Macbooks.

Disable NAT-T in Windows SE client. Can it connect now?

No, when NAT-T is disabled in SE client, it doesn't work.

[solo]

No, when NAT-T is disabled in SE client, it doesn't work.

Which is to say that the ports are not forwarded (because you can not admin it). Only SE native protocol can use NAT-T and that's why all your other VPN attempts fail. Your options:

- stick with SE NAT-T clients only
- and/or use SSTP protocol on VPN Azure
- deploy VPN gateway https://www.vpnusers.com/viewtopic.php? ... 202#p98839

[nakwada]

Hi!

Ok, using SSTP on OSX seems difficult, cannot find a proper client. I am open to suggestion, something I can fire up, enter my settings and forget about.

I am open to using the official SE client for OSX, in command line even.
I tried setting it up but I must have forgotten something as it hangs on "connecting"

Here is what I did with the official SE osx client:
- executed install.sh script
- ran vpnclient start
- ran vpncmd > 2 > localhost > AccountCreate (entered all required settings)
- ran AccountConnect

Then, if I enter AccountList, I can see it hang on "Connecting"

If I can find some kind of log to see what's up that'll help.

Thanks again for your time :)

[solo]

Use "SSTP Connect".

Test NAT-T from the same network as Windows SE client before.

[nakwada]

I'd like to but SSTP Connect is not available for non M1 macbooks, as far as I know.

[solo]

You are running out of options but for ~$5 p/m your own VPN gateway could let L2TP and OpenVPN do connect :-)

[nakwada]

I'm not against the subscription but where's the fun in that? :p
Besides, is there really no way to get the osx SE client to work?

I messed around with the settings yesterday and still unable to get it to connect. If I understand correctly, it should work since it is using its own protocol.

I tried both with the softether.net adress and vpnazure.net one.

Not sure what I am missing, I bet I'm close and just forgot some setting.

[solo]

You could try https://www.virtualbox.org/wiki/Downloads on the Mac and in it Linux or Windows guest with SE client.

[nakwada]

Hi!

Unfortunately using a VM is not an option.

The good news is that I managed to get the osx client to connect (AccountStatusGet shows a nice Session Status | Connection Completed (Session Established)), however I cannot reach any of the devices on remote network and it seems like none of the traffic is being redirected through the virtual adapter.

Any clue?

[solo]

Yes, Linux' equivalents...

1. connect and note the server's address
2. ip route add "the server's address" via "default gateway"
3. ip route del default
4. dhclient vpn