Can't connect through OpenVPN

(When looking for a solution to a problem you are facing, providing a structured, detailed description of the problem will help others provide a quick response)

Problem Description
I finally setup OpenVPN. So I just tried to connect through it.
I just followed steps as described in manual page
My freedom box connected to router so I just did port forwarding.
Protocol : UDP
External Port Range : 1194
and use the same port range for internal port
Internal IP address : 192.168.1.18(my freedom box local ip address).

then I downloaded OpenVPN profile. and check the contens of it
“”"
client
remote freewebwith.me 1194
proto udp
“”"

In config settings of my freedom box as follow.
hostname: freedombox
domain name: freewebwith.me

then in my terminal I tried to connect

sudo openvpn --config freewebwithme.ovpn and didn’t work.

Tue Sep 17 05:03:14 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]23.202.231.166:1194
Tue Sep 17 05:03:14 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Sep 17 05:03:14 2019 UDP link local: (not bound)
Tue Sep 17 05:03:14 2019 UDP link remote: [AF_INET]23.202.231.166:1194
Tue Sep 17 05:04:14 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Sep 17 05:04:14 2019 TLS Error: TLS handshake failed
Tue Sep 17 05:04:14 2019 SIGUSR1[soft,tls-error] received, process restarting
Tue Sep 17 05:04:14 2019 Restart pause, 5 second(s)
Tue Sep 17 05:04:19 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]23.195.69.106:1194
Tue Sep 17 05:04:19 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Sep 17 05:04:19 2019 UDP link local: (not bound)

Information

  • FreedomBox version: Debian GNU/Linux 10 (buster) and FreedomBox version 19.16.
  • Hardware: Pioneer
  • How did you install FreedomBox?: bought pre-installed hardware

I will try to list some possible reasons for failure:

  1. Your machine is not reachable at that address. If you are able to reach web interface using the same router/port forwarding/ip address, then this can be ruled out.
  2. You are trying to connect from within the network and your router is not performing port forwarding from within the network properly. This can confirmed in two ways. Perform the test from the Internet or modify the .opvn file to use internal IP address of the FreedomBox machine and try again.
  3. OpenVPN is not running. This can be checked from FreedomBox interface. (Less likely)
  4. Firewall port is not open. This can be checked from firewall page in FreedomBox interface. (Less likely)

BTW, OpenVPN setup takes long because it generates Diffie-Hellman during that time as was recommended. I understand some of this might have changed and there is a possiblility for speeding things up.

Thanks for reply.
I modified ovpn file to local ip address like this…

client
remote 192.168.1.2 1194
proto udp

then vpn connection completed but there is no internet connection. :frowning:

And I read

1.4. Browsing Internet after connecting to VPN

After connecting to the VPN, the client device will be able to browse the Internet without any further configuration. However, a pre-condition for this to work is that you need to have at least one Internet connected network interface which is part of the ‘External’ firewall zone. Use the networks configuration page to edit the firewall zone for the device’s network interfaces.

I checked network in system.
Screenshot_2019-09-17%20Connection%20Information

Do I have to make other connection that firewall zone is external?

And other setup manual page says…

If your OpenVPN client allows it, you can do this after importing the OpenVPN profile. Otherwise, you can edit the .ovpn profile file in a text editor and change the ‘remote’ line to contain the WAN IP address or hostname of your FreedomBox as follows(https://freedombox.local/plinth/help/manual/OpenVPN)

client
remote mybox.sds-ip.de 1194
proto udp

What is WAN IP address or hostname of your FreedomBox?

I’m also unable to connect to the Internet thru my Freedombox OpenVPN profile. I can connect to the local network while connected to OpenVPN thru my mobile data on my Android phone, but I can’t access the broader Internet.

I have 2 networks on my Networks page: FreedomBox WAN, connection type is Ethernet, in the internal firewall zone; and tun0, connection type is tun, in the external firewall zone.

  • FreedomBox is plugged into a router at home
  • Pretty sure I bought it sometime last year.
  • I’m running Debian GNU/Linux 10 (buster) and FreedomBox version 20.12.1. FreedomBox is up to date.

You need the WAN interface to be configured in the external firewall zone.

Thanks, @sunil, that worked! Does setting it to external reduce my home’s security in any way?

It increases security by ensuring local-only services are not available on interface in external zone.

To be clear, setting Freedombox WAN to external increases security by ensuring local-only services are not available on interface in external zone?

Yes, that is correct.