My OpenVPN client cannot connect to server

I have purchased two GL-AR750S routers. And I intend to use one as a VPN server that stays at my home, and one as a VPN client that travels with me. That way when I am traveling, my perceived IP address would always be the IP address at my home.

For the router used as the “VPN server”, I connected it to my “home router” via LAN, and the IP address assigned to it is “192.168.1.10”. I then started a new OpenVPN server and exported the config file.

In my “home router”, I map the UDP 1194 port for “192.168.1.10”.

For the router used as the “VPN client”, I connected it to my phone’s hotspot “Leandro 13 Pro”. I then import the config file to the OpenVPN client and start the connection. But it seems like the connection is not bound because I could not access any web page on my browser.

Here are all the screenshots:
https://drive.google.com/drive/folders/1G1cvLss6jTkPlEGC16zZ-yaAbppcjOZQ?usp=sharing

Could you help me debug what went wrong?

First, try testing the OpenVPN server by installing and connecting with a free OpenVPN client app on your smartphone using the same client config file.

I do not work for and I am not directly associated with GL.iNet

Good tip. I tried using OpenVPN Connect app on my iPhone. I imported the client.ovpn config file to the app and tried to connect. But it timed out and failed.

Have you enabled Dynamic DNS (DDNS) on the server router and edited the client config file to replace IP address in the “remote” line with the DDNS domain name (xxx.glddns.com)?

Also, the 2 GL-AR750S routers must be on different LAN IP subnets, e.g., 192.168.8.xxx and 192.168.10.xxx.

In case port forwarding is not working on the home router, you can test OpenVPN client-to-server connectivity directly, without going out on the Internet. Connect the WAN ports of both client router and server router to 2 LAN ports on the home router, then edit the client config file to replace the IP address in the “remote” line to 192.168.1.10.

1 Like

Thanks! DDNS is a cool feature and I will probably use it in the future. But right now I already know my main router’s public IP address and I can use it to test the VPN connection for now.

To simplify things, I now use my iPhone’s OpenVPN Connect app as the VPN client, and use it connect to my “VPN server”.

I tried connecting my iPhone to the same “home router” as the “VPN server” device and then modifying the remote line to be remote 192.168.1.10 1194. Now my iPhone client is able to connect to the VPN server instantly without any problem. That proves that my VPN server is running fine. And it implies that the VPN server is not accessible from the Internet, probably due to port forwarding not working.

Is there a way to verify if the port forwarding is working or not?

It appears the OpenVPN client is not able to go through the home router to reach the OpenVPN server. This could be because port forwarding is not working, but could also be that the config file has an incorrect remote public IP address, a rule on the home router, or something else.

It is not so easy to test going through the home router on UDP 1194. If you can set up a device (e.g, computer, NAS, appliance) on your home router LAN that has a webpage URL, then you can temporarily port forward TCP 80 (http) or TCP 443 (https) to that device and try accessing the webpage URL from the Internet WAN to verify that works at least.

I do have a Synology NAS connected to my home router. I used DDNS there. The given domain name translates to an IPv4 address as well as an IPv6 address. When I use the IPv4 address to access my NAS portal, it does not work. But when I use the IPv6 address, it does work. That should prove that my port forwarding is not working. Because IPv4 relies on port forwarding, while IPv6 does not.

Are there any settings on your home router related to enabling/disabling IPv4 functionality?

By the way, GL.iNet DDNS (xxx.glddns.com) also resolves to both IPv4 and IPv6, but I do not personally use IPv6.

I think I might know the cause of port forwarding not working. My ISP does not have a fixed IPv4 address for me, only a fixed IPv6 address. Since my IPv4 public address is shared with other customers, they probably put us under an additional layer of NAT, therefore the port forwarding on my home router does do anything good because it’s not the router that directly connects to the Internet.

However, since IPv6 is not limited to the NAT feature, the DDNS on my Synology NAS successfully resolves my customized domain to an IPv6 address that points directly to my NAS. In order to use IPv6 to set up my VPN server, I have two problems:

  1. GLDDNS doesn’t seem to resolve to an IPv6 address, even if I enabled IPv6 on the GL-AR750S router.
  2. I am not sure if the OpenVPN server app supports IPv6 on GL-AR750S router.

IPV6 is just added now. But may need firmware update.

The same. Need to update firmware.

hey @alzhao ,

I just updated my firmware to 3.215. Are you sure the OpenVPN server on the router supports IPv6? I can see the config file .ovpn only lists my public IPv4 address. How should I properly set it up via IPv6?

And my DDNS ax11233.glddns.com still does not resolve to an IPv6, but only an IPv4 address.

No. 3.215 still does not support ipv6 for vpn server.

@alzhao Hmm but that’s the latest version I got when I go to the Upgrade tab on the admin portal. What version supports ipv6 server and how do I upgrade to it?

I also suspected that your ISP was not assigning you a fixed IPv4, but that is not very common and seemed unlikely.

There is a 3.215 beta4 firmware available, but I do not know if it supports IPv6 for OpenVPN. It may be that GL.iNet has to develop a new firmware release.

Yes my ISP does not assign me a fixed IPv4. It is stated on their website. They do, however, assign me fixed IPv6. Unfortunately I only have a public IPv4 that is shared with other home routers (other customers in the building probably), and my home router is not directly connected to the Internet, but only connect to a layer of subnetwork with the internal IP (started with 10.x.x.x). So now I have no choice but to use IPv6 protocal for OpenVPN server.

@alzhao What version of firmware supports ipv6 OpenVPN server? and How do I upgrade to it?

The latest firmware should support ipv6 in wireguard and openvpn.

It may have bugs though.

@alzhao You just told me “ No. 3.215 still does not support ipv6 for vpn server”. So what is the version number that starts to support it? Could you be specific?

Sorry I messed up.

It has limited support for IPV6 when using vpn client.

It does not have support for IPV6 when using as vpn server.

Gotcha. That’s a bummer though. Do you have plan to support it in the near future?

Yes. Will add support for sure.