Try running your OpenVpn server on 443 TCP instead of UDP…
CHECK YOUR SUBNET NETMASK
The local IP address (the IP address that OpenVPN optionally listens on) is the network IP address. So if your office network is 192.168.1.0/24, then you would replace a.b.c.d with an IP address within that subnet range.
The subnet for VPN clients is different. It’s a private IP address (range) that ONLY OpenVPN and its clients have access to.
So if you set the server (OpenVPN server) to 10.8.0.0 with a netmask of 255.255.255.0, then you’re essentially saying that OpenVPN will hand out IP addresses to its clients within a 10.8.0.0/24 range (255 possible IP addresses after the server gets 10.8.0.1).
And only openwrt be work?
I think I wrote that in the netstat command code it is visible to o occupies the port. why are you writing to me how to do it?
1 Like
what does netmask have to do with it at all, if when the server starts it sends an error that the port is busy?
The /etc/init.d/vpn-service script has the function openvpn_server for starting a OpenVpn server:
openvpn_server() {
local enable=uci get vpn_service.global.enable
local vpn_port=$(uci get vpn_service.vpn.port)if [ “$vpn_port” = “80” -o “$vpn_port” = “83” -o “$vpn_port” = “443” ];then
logger -st $NAME “port is occupied, please use another port.”
return 0
fiif [ “$enable” != “1” ];then
return 0
filocal cfg=
uci get vpn_service.global.ovpn
if [ ! -e “$cfg” ];then
logger -st $NAME -p3 “Openvpn server config no found.”
return 0
fistart_server “$cfg”
}
i’ve change port in this string. but server doesnt run with same error(port occupied)…
By default openvpn binds to all interfaces. But you really only need this to bind on the wan side. Use the command “local put-your-ddns-name-here” in the server config to do this. Then edit the vpn-service script to not trip that error, and see if it starts.
I did some testing on my router (GL-MV1000W) and got the same results as @pavelgruz.
Unfortunately, the GL.iNet → VPN → OpenVPN Server webpage does not run /etc/init.d/vpn-service directly and calls another function (non-open source in cgi-bin/api???) that gives an error message with slightly different wording.
Instead of clicking on the Start button on the OpenVPN Server webpage, I exited and logged into SSH. I edited /etc/config/vpn_service and changed in the global section:
enabled = 1
When I run the following that had 443 removed, the OpenVpn server started up:
/etc/init.d/vpn-service start
Yes. Pls use try start the service manually.
The UI is stupid.
Server start. it is good. client connect) thanks
but the solution is like a crutch
Is it necessary to use SSH if I want to start at 443? Does the update fix this?
It is a 2-year old post.
Yes you have to use ssh. Firmware update does not deal with this issue.
Okay one time or like SSH every time might be required?
asking cause I am not a software engineer and not familiar with SSH, I will need to learn…
Okay … it was
option enable ‘0’
int my file which I changed to
option enable ‘1’
Is that Okay?
I was not able to start vpn with the command after that though … this was my output:
uci: Entry not found
uci: Entry not found
uci: Entry not found
uci: Entry not found
uci: Entry not found
uci: Entry not found
uci: Entry not found
uci: Entry not found
Warning: Section @zone[1] (wan) cannot resolve device of network ‘wan6’
Warning: Option ‘vpn_server_zone’.masq6 is unknown
Warning: Option ‘sambasharewan’.dest_proto is unknown
Warning: Option ‘sambasharelan’.dest_proto is unknown
does not specify a protocol, assuming TCP+UDP
does not specify a protocol, assuming TCP+UDP
- Clearing IPv4 filter table
- Clearing IPv4 nat table
- Clearing IPv4 mangle table
- Clearing IPv4 raw table
- Populating IPv4 filter table
- Zone ‘lan’
- Zone ‘wan’
- Zone ‘guestzone’
- Zone ‘vpn-server’
Warning: fw3_ipt_rule_append(): Can’t find target ‘input_vpn-server_rule’
Warning: fw3_ipt_rule_append(): Can’t find target ‘output_vpn-server_rule’
Warning: fw3_ipt_rule_append(): Can’t find target ‘forwarding_vpn-server_rule’ - Rule ‘Allow-DHCP-Renew’
- Rule ‘Allow-Ping’
- Rule ‘Allow-IGMP’
- Rule #7
- Rule #8
- Rule ‘guestzone_DHCP’
- Rule ‘guestzone_DNS’
- Rule #11
- Rule #12
- Rule ‘Allow-OpenVPN-Inbound’
- Forward ‘lan’ → ‘wan’
- Forward ‘guestzone’ → ‘wan’
- Forward ‘lan’ → ‘vpn-server’
- Forward ‘vpn-server’ → ‘wan’
- Forward ‘vpn-server’ → ‘guestzone’
- Populating IPv4 nat table
- Zone ‘lan’
- Zone ‘wan’
- Zone ‘guestzone’
- Zone ‘vpn-server’
Warning: fw3_ipt_rule_append(): Can’t find target ‘prerouting_vpn-server_rule’
Warning: fw3_ipt_rule_append(): Can’t find target ‘postrouting_vpn-server_rule’
- Populating IPv4 mangle table
- Zone ‘lan’
- Zone ‘wan’
- Zone ‘guestzone’
- Zone ‘vpn-server’
- Populating IPv4 raw table
- Zone ‘lan’
- Zone ‘wan’
- Zone ‘guestzone’
- Zone ‘vpn-server’
- Clearing IPv6 filter table
- Clearing IPv6 nat table
- Clearing IPv6 mangle table
- Clearing IPv6 raw table
- Populating IPv6 filter table
- Zone ‘lan’
- Zone ‘wan’
- Zone ‘guestzone’
- Zone ‘vpn-server’
Warning: fw3_ipt_rule_append(): Can’t find target ‘input_vpn-server_rule’
Warning: fw3_ipt_rule_append(): Can’t find target ‘output_vpn-server_rule’
Warning: fw3_ipt_rule_append(): Can’t find target ‘forwarding_vpn-server_rule’ - Rule ‘Allow-DHCPv6’
- Rule ‘Allow-MLD’
- Rule ‘Allow-ICMPv6-Input’
- Rule ‘Allow-ICMPv6-Forward’
- Rule #7
- Rule #8
- Rule ‘guestzone_DHCP’
- Rule ‘guestzone_DNS’
- Rule #11
- Rule #12
- Rule ‘Allow-OpenVPN-Inbound’
- Forward ‘lan’ → ‘wan’
- Forward ‘guestzone’ → ‘wan’
- Forward ‘lan’ → ‘vpn-server’
- Forward ‘vpn-server’ → ‘wan’
- Forward ‘vpn-server’ → ‘guestzone’
- Populating IPv6 nat table
- Zone ‘lan’
Warning: fw3_ipt_rule_append(): Can’t find target ‘prerouting_lan_rule’
Warning: fw3_ipt_rule_append(): Can’t find target ‘postrouting_lan_rule’ - Zone ‘wan’
Warning: fw3_ipt_rule_append(): Can’t find target ‘prerouting_wan_rule’
Warning: fw3_ipt_rule_append(): Can’t find target ‘postrouting_wan_rule’ - Zone ‘guestzone’
Warning: fw3_ipt_rule_append(): Can’t find target ‘prerouting_guestzone_rule’
Warning: fw3_ipt_rule_append(): Can’t find target ‘postrouting_guestzone_rule’ - Zone ‘vpn-server’
Warning: fw3_ipt_rule_append(): Can’t find target ‘prerouting_vpn-server_rule’
Warning: fw3_ipt_rule_append(): Can’t find target ‘postrouting_vpn-server_rule’
Warning: fw3_ipt_rule_append(): Can’t find target ‘delegate_prerouting’
Warning: fw3_ipt_rule_append(): Can’t find target ‘delegate_postrouting’
Warning: fw3_ipt_rule_append(): Can’t find target ‘prerouting_rule’
Warning: fw3_ipt_rule_append(): Can’t find target ‘postrouting_rule’
- Zone ‘lan’
- Populating IPv6 mangle table
- Zone ‘lan’
- Zone ‘wan’
- Zone ‘guestzone’
- Zone ‘vpn-server’
- Populating IPv6 raw table
- Zone ‘lan’
- Zone ‘wan’
- Zone ‘guestzone’
- Zone ‘vpn-server’
- Set tcp_ecn to off
- Set tcp_syncookies to on
- Set tcp_window_scaling to on
- Running script ‘/etc/firewall.user’
uci: Entry not found
uci: Entry not found
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
ipset v6.24: The set with the given name does not exist
iptables: No chain/target/match by that name. - Running script ‘/var/etc/gls2s.include’
! Skipping due to path error: No such file or directory - Running script ‘/usr/bin/glfw.sh’
- Running script ‘/usr/sbin/glqos.sh’
! Skipping due to path error: No such file or directory - Flushing conntrack table …
2023-09-27 07:35:57 DEPRECATED OPTION: ncp-disable. Disabling dynamic cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6
I have another issue now, after applying this change. The router is not starting.
I suggest that you reset the firmware and don’t do it.
Just don’t try if you are not sure, especially a solution for 2 years old.
Okay… but I want to run openvpn on 443, is there any other solution? My ISP is blocking other ports…
If you ovpn use port 443 and tcp, that just works.
Hi, i have upgraded software two days ago. And in new version software, you needed only is change tls port of web server. And openvpn server start