Using remote.it to connect to the GL-iNet MT300N V2 router using OpenVPN

The remoteit Device Package 4.14.1 was installed on the MT300N using the script on this page:

OpenVPN Server was enabled on the GL-iNet router, all settings left at default.

I confirmed that OpenVPN was running on UDP port 1194:

root@MT300N-V2:~# netstat -lpn | grep 1194
udp        0      0 0.0.0.0:1194            0.0.0.0:*                           17373/openvpn
root@MT300N-V2:~#

Next I added a remoteit UDP Service on port 1994. The default “OpenVPN” configuration in remoteit Desktop uses TCP.

image

I exported the OpenVPN Config file:

Opening this in a text editor on my Windows PC, I looked for this line:

remote <my external IP address> 1194

The default assumption is that you are going to use port forwarding and connect using your router’s public IP address. This needs to be changed to the remote.it connection hostname and port.

I turned off the “Named Connections” option in remote.it Desktop:

Then I added the Connection to my Network, resulting in:

Next I edited the “remote” line in the client.ovpn file:

remote 127.0.0.1 33014

In our testing, we could not get this to work with the OpenVPN Connect application 3.3. We had to download the older version 2.7.1 instead.

After installing OpenVPN Connect 2.7.1, import the client.ovpn file, then connect to the 127.0.0.1 entry:
image

Now, when you run ipconfig (Windows) you will see the OpenVPN created network interface:
image

Thanks for the description, @gary Can you please explain why it didn’t work with OpenVPN 3.3? It didn’t work for me on 3.3.4, nor on 2.7.1.

I have already set up an SSH connection successfully, and I was able to connect to the server for VPN using OpenVPN connect (I have a raspberry pi and a pivpn as a VPN server) on UDP 1194, and the server logged that I have successfully signed in to the VPN service, but then my PC started to send packages at a rate higher than my ISP’s upload speed (I guess some internal loop has been created) and I cannot reach any webpage then. Remote.it has been set up, it uses 127.0.0.1:33002, and I modified the .ovpn config file accordingly (see below). The VPN server’s log is also attached. Is it possible that the problem lies in the config modification the VPN server sends back?

PUSH_REPLY,dhcp-option DNS 9.9.9.9,dhcp-option DNS 149.112.112.112,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0,peer-id 1,cipher AES-256-GCM

It didn’t work with tcp either.
I reinstalled pivpn to use tcp instead of udp, used the default port 443, recreated the vpn config files, added the right remote.it service, connected to the remote.it service, and I was able to connect to the vpn server (according to the server log), however, I was not able to open any webpage.

The full log (with udp):

Apr  9 16:31:49 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 TLS: Initial packet from [AF_INET]127.0.0.1:35374, sid=685b6072 7281fa92
Apr  9 16:31:49 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 VERIFY OK: depth=1, CN=ChangeMe
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 Validating certificate key usage
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 ++ Certificate has key usage  0080, expects 0080
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 VERIFY KU OK
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 Validating certificate extended key usage
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 VERIFY EKU OK
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 VERIFY OK: depth=0, CN=myPCname
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 peer info: IV_VER=3.5.4
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 peer info: IV_PLAT=win
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 peer info: IV_NCP=2
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 peer info: IV_TCPNL=1
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 peer info: IV_PROTO=2
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 peer info: IV_AUTO_SESS=1
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 peer info: UV_ASCLI_VER=2.7.1.111
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 peer info: UV_PLAT_REL=Windows_10_Enterprise_6.3.19044
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 peer info: IV_GUI_VER=ovpnmi_1.0.0
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES256-GCM-SHA384
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: 127.0.0.1:35374 [myPCname] Peer Connection Initiated with [AF_INET]127.0.0.1:35374
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: MULTI: new connection by client 'myPCname' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/myPCname
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: MULTI: Learn: 10.8.0.4 -> myPCname/127.0.0.1:35374
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: MULTI: primary virtual IP for myPCname/127.0.0.1:35374: 10.8.0.4
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: myPCname/127.0.0.1:35374 PUSH: Received control message: 'PUSH_REQUEST'
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: myPCname/127.0.0.1:35374 SENT CONTROL [myPCname]: 'PUSH_REPLY,dhcp-option DNS 9.9.9.9,dhcp-option DNS 149.112.112.112,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: myPCname/127.0.0.1:35374 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Apr  9 16:31:50 ovpn_server_name ovpn-server[434]: myPCname/127.0.0.1:35374 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Apr  9 16:35:55 ovpn_server_name ovpn-server[434]: myPCname/127.0.0.1:35374 [myPCname] Inactivity timeout (--ping-restart), restarting
Apr  9 16:35:55 ovpn_server_name ovpn-server[434]: myPCname/127.0.0.1:35374 SIGUSR1[soft,ping-restart] received, client-instance restarting

The vpn client’s config file (for udp):

client
dev tun
proto udp
remote 127.0.0.1 33002
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name ovpn_server_name_36d5ddd4-d882-4ad1-9f4c-3ef3aa5f9360 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----

I honestly don’t know why it doesn’t work with the most recent version of the OpenVPN client! I’ve shown how I set it up for a specific case and it worked.