VPN Server Configuration

Granted I didn’t invest a ton of effort, but I was never able to get wireguard to work through remote.it. Probably a lack of my current networking skills. I did get openvpn with tcp connection working fine.

My remote VPN servers are raspberry pis. I’m lazy and just used https://www.pivpn.io/

One thing that’s different is for some reason the default config wasn’t using port 443 instead of 1194. Perhaps choosing TCP instead of UDP caused that. Regardless, I had to check the port openvpn was listening on and update the remote.it desktop app config on the local machine.

I chose TCP because of reports UDP didn’t work. I’ll probably switch to UDP now that I know it works.

As always, @gary your assistance is much appreciated.

Here’s my working openvpn server config for anyone interested:
/etc/openvpn/server.conf

dev tun
proto tcp
port 443
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/<redacted>.crt
key /etc/openvpn/easy-rsa/pki/private/<redacted>.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device. 
#duplicate-cn

and the client config:

client
dev tun
proto tcp
# mapped to port 33001 in remote.it desktop app
remote 127.0.0.1 33001
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name <redacted> name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<redacted certs/keys here>

Strange, I have the same settings, but it still doesn’t work. I can connect to the VPN, and today, the only problem is that I cannot reach the internet, if log in via the help remote.it. The server confirms that the connection is established. The firewall on my Windows is turned off. Once connected, I cannot ssh into the server via it’s VPN address 10.8.0.0. However, the connection breaks every ~ 3 min. As there’s no proper internet, remote.it also stops working properly.

If I do it with a port forward on the router and connect to the port directly without remote.it, the VPN connection is not only established, but Internet works, and IP shows as the servers. SSH also works properly via remote.it, without VPN.

Windows’ ipconfig when it is connected to the VPN:

Unknown adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::9592:bcf2:1f8d:3663%63
   IPv4 Address. . . . . . . . . . . : 10.8.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

I use OpenVPN 3.3.6 and remote.it 3.6.0. Any ideas for debugging?

I’m using OpenVPN Client Connect for Windows 3.1.1. May want to try downgrading to test.

My settings in remote.it desktop app for the openvpn service show ‘routing’:‘peer to peer only’, and ‘local network sharing’:‘off’.