Help, ik krijg open VPN niet werkend

Hallo, ik probeer al 1,5 dag mijn openVPN werkend te krijgen.
Ben een heel eind gekomen maar blijf nu hangen bij het volgende:
- Tunnelblick geeft de hele tijd aan: wachten op antwoord van server;
- OpenVPN op mijn iPhone geeft aan: There was an error attempting to connect to the selected server.

OpenVPN draait op mijn Raspberry Pi, met de verbinding wil ik mijn home assistant ook buitenshuis kunnen bekijken/bedienen.

----------------------------------------------------------------------------------------
mijn OVPN bestand ziet er als volgt uit:

code:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177

############################################## # Sample client-side OpenVPN 2.0 config file # # for connecting to multi-client server. # # # # This configuration can be used by multiple # # clients, however each client should have # # its own cert and key files. # # # # On Windows, you might want to rename this # # file so it has a .ovpn extension # ############################################## # Specify that we are a client and that we # will be pulling certain config file directives # from the server. client # Use the same setting as you are using on # the server. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. ;dev tap dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap # Are we connecting to a TCP or # UDP server? Use the same setting as # on the server. ;proto tcp proto udp # The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. remote "mijn uitgaand ip adres van de server" "mijn gekozen poort" ;remote my-server-2 1194 # Choose a random host from the remote # list for load-balancing. Otherwise # try hosts in the order specified. ;remote-random # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite # Most clients don't need to bind to # a specific local port number. nobind # Downgrade privileges after initialization (non-Windows only) user nobody group nogroup # Try to preserve some state across restarts. persist-key persist-tun # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] # Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. ;mute-replay-warnings # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ;ca ca.crt ;cert client.crt ;key client.key # Verify server certificate by checking that the # certicate has the correct key usage set. # This is an important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the keyUsage set to # digitalSignature, keyEncipherment # and the extendedKeyUsage to # serverAuth # EasyRSA can do this for you. remote-cert-tls server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. # Note that v2.4 client/server will automatically # negotiate AES-256-GCM in TLS mode. # See also the ncp-cipher option in the manpage cipher AES-256-CBC # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. #comp-lzo # Set log file verbosity. verb 3 # Silence repeating messages ;mute 20 <ca> -----BEGIN CERTIFICATE----- "De code" -----END CERTIFICATE----- </ca> <cert> Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: Issuer: C=NL, ST=xx, L=xx, O=xxx, CN=xxx CA/name=server/emailAddress=xx Validity Not Before: Jan 18 12:08:50 2021 GMT Not After : Jan 16 12:08:50 2031 GMT Subject: C=NL, ST=xx, L=xx, O=xxx, CN=client1/name=server/emailAddress=xx Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: "De code" Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: Easy-RSA Generated Certificate X509v3 Subject Key Identifier: "De key" X509v3 Authority Key Identifier: keyid:"de key" DirName:/C=NL/ST=XX/L=xx/O=xxx/CN=xxx CA/name=server/emailAddress=xx serial:"de code" X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Key Usage: Digital Signature Signature Algorithm: sha1WithRSAEncryption " de code" -----BEGIN CERTIFICATE----- " De code" -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- " De code -----END PRIVATE KEY----- </key>

----------------------------------------------------------------------------------------

Daarnaast heb ik op mijn (Sagemcom F5359 van KPN) bij port forwarding het volgende ingevuld:
Service: Other
Protocol: UDP
External host: "Het uitgaande IP adres van mijn router"
External port "Het poort nummer dat ik bovenstaande bestand heb ingevoerd"
Internal host: "Het internet IP adres van mijn raspberry" 192.168.x.x (de x' en natuurlijk ingevuld met de juiste nummers).
Internal port: "dezelfde poort als de external.

-------------------------------------------------------------------------------------------
Ik heb mijn filewal (UFW) op de raspberry al uitgezet maar hier lag het niet aan.

Kan iemand mij helpen alsjeblieft?

Mijn dank is groot.

[ Voor 0% gewijzigd door rens-br op 19-01-2021 08:38 . Reden: Quote tags toegevoegd ]

Frogmen schreef op maandag 18 januari 2021 @ 17:28:
En als je UDP en TCP forward?

Dit had ik ook geprobeerd (excuus voor het niet vermelden). Maar dit was zonder resultaat.

Oké, ik heb alvast verander in mijn router dat de externe poort 1194 is en deze naar door mij gekozen (die ook in de ovpn file staat) interne poort gaat.

In deze file staat ook het volgende:

# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp

dit betekend toch dat hij via udp werkt?

Echter heb ik in de router tcp, udp en tcp-ud beide geprobeerd.