I've attempted to setup an OpenVPN server on my Pi B+ by following the Read/Write tutorial (http://bit.ly/1kyqTYR).
I had no issues with generating certificates, forwarding the port, and in general following the tutorial -- however when connecting to the server via an Android OpenVPN client on a mobile 3g network the connection times out.
To further diagnose the problem, I followed the OpenVPN tutorial to set up a Windows VPN server on another machine, on the same network with the same port -- 1194. On Windows it worked like a charm -- which tells me that the problem I am having on the PI is not ISP blocking ports and not the router (which is running DD-WRT).
Which leads me to believe that when attempting to connect to the Pi VPN server, Pi is not accepting the incoming connection.
The output for nmap is as follows:
Code: Select all
$ sudo nmap -sU 192.168.1.132 -p 1194
Starting Nmap 6.00 ( http://nmap.org ) at 2015-01-07 13:21 PST
Nmap scan report for raspberrypi.socal.rr.com (192.168.1.132)
Host is up (0.00060s latency).
PORT STATE SERVICE
1194/udp closed openvpn
Code: Select all
local 192.168.1.132
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/piserver.crt
key /etc/openvpn/easy-rsa/keys/pieater.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
Code: Select all
client
dev tun
proto udp
remote ***.**.***.*** 1194 (public ip obscured intentionally)
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
Code: Select all
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 10.8.0.0/24 192.168.1.0/24 ctstate NEW
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
By the way, when I successfully connected to the Windows OpenVPN server, I used the same android client over a mobile 3g connetcion-- without any issues. Thank you in advance for any help/feedback you can provide.