Need help setting up a VPN on home server

Pratyay67 · Oct 29, 2016

I have a home server running on Amahi (Fedor Linux), which is used currently as a NAS and media server. However, I am a frequent traveler, and it'd really help to have universal access to my home server; which could only be done using a VPN.

So, I installed the openVPN plugin that Amahi offers, and I did the port-forwarding that the manual page directed ( port 1194/UDP) on my Netgear router. Then it required me to install an app on the client side for connecting, and I did that too.

Well, then it boils down to this; the thing doesn't work. No matter what I do, how many times I reboot my server or my router, I can't connect to my home network from outside.

A local IT guy told me that the problem lies with the internet connection I am using. I don't know all the tech stuff, but he said that the connection uses NAT, and I get IP address dynamically from my ISP (also they do not map the ports from local to public IP). Could this be a problem?
Is there any type of internet connection that might prevent accessing home network from outside with a VPN? Is that the case with my problem?

As for my network setup, I have a 3-router network. A master router on 2nd floor, which handles the internet traffic (also it's the one which the server is connected to), and two slave routers set up as access points, connected LAN-LAN to the master router.

Any help would be greatly appreciated.

bill001g · Oct 29, 2016

If the WAN ip you get on your main router from your ISP is private ip (google this) you will not be able to use a VPN. Even if you have a public IP if it does not stay the same for long periods of time you are going to have to use one of the dns services so you can know what IP to connect to when you are remote.

Pratyay67 · Oct 29, 2016

bill001g :

My IP address begins with 150. , so I fathom it's a public IP; atleast that's what the google search revealed. It keeps changing almost everyday, that too multiple times.

But, there's another issue I forgot to mention. To use the internet connection, the ISP requires us to login to a certain UI, by typing an address in the browser - 10.254.254..... and then providing a username and password the ISP gave us.

If that's some IP address, that falls into the private IP range, doesn't it?

bill001g · Oct 29, 2016

You still have a public IP should you should be good. Hard to say what the login thing is. Problem might be that once you open the VPN you can no longer get to that private ip block at the isp. It really depends what they are up to. If you can login and it stays open for a while it maybe fine. If it is something that has to stay open then VPN won't work.

VPN is a little tricky to setup. Watch the log messages in the server. Problem is you can not connect to your vpn from a device inside your network. You would have to connect over say a cellphone network to test it.

Pratyay67 · Oct 29, 2016

Well I might again be wrong.
The IP adress that begins with 150.217... is one what I got by running 'whats my IP'. It changes multiple times a day.

The internet connection that I use is a cable connection; the cable runs directly into my router without a modem. The guys from the ISP when came to configure the network settings, used the following settings:

Internet IP address:

Use static IP address
IP address: 172.20....
Subnet: 255.255...
Gateway IP: The last block is different from Internet IP, the rest are same.

That falls in the private IP range, right? Yet when I used 'whats my IP', it gave something beginning with 150...

I'm confused.

bill001g · Oct 29, 2016

The 172.20 is a private block. If that is the ip you have on WAN port of your router then you will not be able to get vpn to work. You might be better off using one of the public services like gotomypc or similar where you go through a common server.

You could have 100 routers running NAT and whatsmyip will only show the final one which may not be one you control. Your router should have a screen that lets you display the wan address you receive.

There always needs to be some device that acts as a modem. Ethernet will only go 100 meters and I am sure you do not live in the ISP office. If it is fiber then you could have a ONT which does the same function as a modem just for fiber.

Now if you mean your router has a cable modem built in then it really function the same as if you had 2 devices you just can't see them.

Maybe a simpler test would be to put your server in the DMZ and then just ping the server. Make sure you have disable the feature that allows the router to respond to ping. You should be able to run wireshark on your server and see if you are receive the data packets. If ping is blocked you could try the trick of telnet to some random port on the server. You should see the packet come in on wireshark even though your server does nor not respond or maybe it sends a reset. Once you can be sure you are actually getting data from the internet to your server you can then work on the VPN. Wireshark is really good for troubleshooting vpn setup issues also.

Pratyay67 · Oct 29, 2016

The hierarchy of the connection is 3-4 fold.
I live next door to the house which provides us the connection. A cable runs from that house to a switch on a nearby lamp-post, which then ouputs multiple connections that runs to nearby houses, my house being one of them.

Probably the house from which the connection is provided, gets the connection similarly from someone of higher denomination, and so on.
Probably the modem is stationed in the nearby house that I deacribed, mine has none that I'm sure.

I don't have a separate dedicated modem, and the router (Netgear AC750) doesn't have any built in modem.

AlejandroL · Oct 29, 2016

More than things not working it sounds to me that you have a dynamic IP address assigned by your ISP and since it changes frequently you can not connect to your home VPN.
I would recommend getting a free trial on some of the services that provide free dynamic dns mapping, like dyndns or no-ip, and test if that fixes the problem. Check your main router, since it probably already has a dynamic dns configuration page you can set up.
Also, make sure that your ISP does not block incoming ports to your connection and make sure you DMZ the IP you are giving your server.
Hope that helps.

Pratyay67 · Oct 29, 2016

Well, the IP address assigned is indeed dynamic. But my server, which runs on Amahi, provides a DDNS itself. When I try to connect to the server from the client side, the app requires me to input the DNS address, and the admin username/password for the server.
And the window which comes up thereafter, indeed shows the IP address of the gateway the network is then currently connected to.
So the dns service of the server works fine I guess.

Search

Need help setting up a VPN on home server

Pratyay67

Honorable

bill001g

Titan

Pratyay67

Honorable

bill001g

Titan

Pratyay67

Honorable

bill001g

Titan

Pratyay67

Honorable

AlejandroL

Commendable

Pratyay67

Honorable

TRENDING THREADS

Latest posts

Moderators online

Share this page