ISP change now Can't get OpenVPN to connect to PIA.

[b0red04]

I had a transmission jail that connected to PIA with OpenVPN following one of the guides here on the forums for over a year. Recently i had an ISP change (Comcast). After the change, OpenVPN would no longer reconnect to PIA. I tried resetting up the jail from scratch about 5 times now. following varies different guides and ever single time the openvpn service starts up, but when i tried to check for my new IP it reports nothing.

I'm really at a lost at where to go next. Can anyone give me any ideas to try?

 

[snaptec]

Does your new isp block the traffic?


Gesendet von iPhone mit Tapatalk

 

[Allan Wilmath]

You can then try pinging the name of your vpn service used in OpenVPN to see if you get a reply and an IP address resolves for the address. If you don't get either or both of these, then you have more basic issues with your network to address first. The ping needs to be done from the shell in FreeNAS, and then from the shell inside the jail as well. Failure in FreeNAS is then the settings of FreeNAS, failure in the jail would be solved with the jail network settings.


I would try separating the issues by setting OpenVPN on your client computer and see if you can connect to your service. The obvious issues is either the DNS not working, or Comcast could be blocking the connection.

If you do get it working with your client then it eliminates your ISP.

 

[toyebox]

i found this: https://helpdesk.privateinternetacc...4827-What-ports-are-used-by-your-VPN-service-

it shows what ports are used by PIA. Good news is they use quite a lot. I would try and find the .conf file you use during your setup, that holds the info for your connection to PIA. in there, you should see something like: remote place.weburl.net 53 or something similar. the number after the url is the port it uses. You might be able to change that port to a different one if it is blocked by the looks of the article above.

Another question is, are you using UDP or TCP to connect? If you are using UDP, try TCP to see if it connects.

 

[b0red04]

You can then try pinging the name of your vpn service used in OpenVPN to see if you get a reply and an IP address resolves for the address. If you don't get either or both of these, then you have more basic issues with your network to address first. The ping needs to be done from the shell in FreeNAS, and then from the shell inside the jail as well. Failure in FreeNAS is then the settings of FreeNAS, failure in the jail would be solved with the jail network settings.


I would try separating the issues by setting OpenVPN on your client computer and see if you can connect to your service. The obvious issues is either the DNS not working, or Comcast could be blocking the connection.

If you do get it working with your client then it eliminates your ISP.

So i do get replys from my pings. PIA works on my windows PC but that is using their VPN app not OpenVPN.

root@transmission_1:/ # ping swiss.privateinternetaccess.com
PING swiss.privateinternetaccess.com (179.43.134.2): 56 data bytes
64 bytes from 179.43.134.2: icmp_seq=0 ttl=40 time=134.157 ms
64 bytes from 179.43.134.2: icmp_seq=1 ttl=40 time=128.104 ms
64 bytes from 179.43.134.2: icmp_seq=2 ttl=40 time=132.425 ms
64 bytes from 179.43.134.2: icmp_seq=3 ttl=40 time=138.777 ms
64 bytes from 179.43.134.2: icmp_seq=4 ttl=40 time=131.130 ms


 

[b0red04]

i found this: https://helpdesk.privateinternetacc...4827-What-ports-are-used-by-your-VPN-service-

it shows what ports are used by PIA. Good news is they use quite a lot. I would try and find the .conf file you use during your setup, that holds the info for your connection to PIA. in there, you should see something like: remote place.weburl.net 53 or something similar. the number after the url is the port it uses. You might be able to change that port to a different one if it is blocked by the looks of the article above.

Another question is, are you using UDP or TCP to connect? If you are using UDP, try TCP to see if it connects.

the default ovpn file use this "remote swiss.privateinternetaccess.com 1198"

Which would be a UDP port. Is there a way to Ping that?

 

[b0red04]

I tired changing the config to different udp port and tcp port. Still nothing. its just kills the connection to the internet.

root@transmission_1:/ # wget http://wtfismyip.com/text -O - -q ; echo

root@transmission_1:/ # ping google.com
ping: cannot resolve google.com: Host name lookup failure
root@transmission_1:/ # service openvpn stop
Stopping openvpn.
Waiting for PIDS: 63886.
root@transmission_1:/ # ping google.com
PING google.com (216.58.192.142): 56 data bytes
64 bytes from 216.58.192.142: icmp_seq=0 ttl=54 time=33.033 ms
64 bytes from 216.58.192.142: icmp_seq=1 ttl=54 time=43.313 ms


 

[Allan Wilmath]

It is likely they are using OpenVPN for the Windows client as well, maybe just wrapped up. You could review the config file between the windows machine and the FreeNAS box to see if anything stands out.

I am on Comcast and operate a OpenVPN server on my network using pfSense, and I also connect to another OpenVPN on a pfSense in another city. Both are on Comcast cable modems. I use port number 1122 for the servers.

Now that you have reinstalled a few times, increases the possibilities. I would double check the certificate and the config file for errors.

You said you have it working on Windows, if you installed the OpenVPN client, you can find the config folder in the program manger for openvpn on Windows and compare it to the config file on the server.

I found this: https://helpdesk.privateinternetacc...ke-OpenVPN-remember-my-username-and-password-

If you configure your windows machine properly so you can log in without a user name and password, then copy the entire config folder over to the server and restart the service, should work.

 

[b0red04]

I installed OpenVPN for windows and placed the .ovpn file in their config folder. Connected on first try.


client
dev tun
proto udp
remote swiss.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass pass.txt
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ

 

[toyebox]

Out of curiosity , did you have to change any port forwarding rules for the windows machine ?

Are you using any IPFW or firewall rules on your jail?

 

[b0red04]

Out of curiosity , did you have to change any port forwarding rules for the windows machine ?

Are you using any IPFW or firewall rules on your jail?

Nope, the only port forward i have on my network is the one port for plex.
all i did on windows was installed OpenVPN, Dropped the config file into the folder and clicked connect.

I did have IPFW before when i had this working. But since ive started over ive just been trying to get openvpn working first before setting IPFW up.

Here's a thought.....even when i delete a plugin-jail. is possible when go back to reinstall it. freenas is installing right back into the same location where there maybe be left overs from the previous install and its really didnt get deleted...
i was thinking of trying to see if it would work in some other random jail instead of a transmission jail.