Question

OpenVPN no longer works, is it blocked?

Posted December 25, 2020 993 views
VPNDigitalOcean Droplets

I’ve been using OpenVPN hosted on my droplet successfully for several months. But recently it won’t connect. At first I guessed maybe my ISP has blocked all OpenVPN connections, but I tested it on other servers and it’s working. So I think maybe Digital Ocean has blocked OpenVPN connection from the country I live in.

How can I find out which is the case? Has it been blocked by my ISP or Digital Ocean?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi there @ahmadx87,

What I could suggest is running a traceroute or an MTR from your PC to the server. That way you will be able to check where exactly the connection is being lost.

Regards,
Bobby

  • Hi @bobbyiliev . Thanks for your input.
    I’m a noob at networking tools, I’m on a windows machine so ran traceroute in an Ubuntu VM. I ran:

    sudo traceroute -p 1194 my-droplet-ip

    But I got all * * *, then I used -I (ICMP) option

    sudo traceroute -I -p 1194 my-droplet-ip

    and it was done and 19 hops were listed.
    I also ran traceroute for the working openvpn port and address and it was the same (all * * * without -I option)

    Is there something I’m missing?
    Any help is appreciated.

    • Hi there @ahmadx87,

      I think that it looks like your connection reaches the server, is the OpenVPN service up and running?

      Also, I could suggest checking your syslog at /var/log/syslog to see if there are any errors that could be causing the problme.

      Regards,
      Bobby

      • Yes the service is running, of 4 ISPs I can test just one of them works the others do not work.

        I also checked /var/log/syslog but there were no info.
        with UDP port 1194 in the client I get the following log (3 last lines)

        Mon Dec 28 12:39:58 2020 UDP link local: (not bound)
        Mon Dec 28 12:39:58 2020 UDP link remote: [AF_INET]206.189.72.***:1194
        Mon Dec 28 12:39:58 2020 MANAGEMENT: >STATE:1609146598,WAIT,,,,,,

        However if I change to port 443 TCP, it is not stable but after some trying I get

        Mon Dec 28 12:43:37 2020 TCP_CLIENT link remote: [AF_INET]206.189.72.***:443
        Mon Dec 28 12:43:37 2020 MANAGEMENT: >STATE:1609146817,WAIT,,,,,,
        Mon Dec 28 12:43:37 2020 MANAGEMENT: >STATE:1609146817,AUTH,,,,,,
        Mon Dec 28 12:43:37 2020 TLS: Initial packet from [AF_INET]206.189.72.***:443, sid=1585634f a9378290

        but still no success, it won’t connect.

        • Hi there,

          As you can access the service from 1 of the ISPs, to me it looks like that the other ISPs might be blocking the IP range.

          What I could suggest in such cases, is to get in touch with the ISP in question and ask them for more information on why your IP is blocked and request that block to be lifted.

          Regards,
          Bobby

  • hi @bobbyiliev
    i got same problem here,
    when i reconfigure the openvpn server to listen on tcp instead of udp it works,
    so it look like something wrong with DO’s networking

    btw to make sure it’s not my ISP problem, I tried to connect from amazon ec2 instance, and got same result

    • Hi,

      May I ask what region (datacenter) your droplet is running in ? I could replicate the problem then. I have openvpn server running in LON1, and the tunnel is configured over UDP. It works well so far.