OpenVPN server on Router Help

Kevin Doe

Pulling my weight
Joined
Jan 24, 2021
Messages
117
Reaction score
100
Location
Ohio, USA
I'm working to securely and remotely monitor my Dahua cams via the DMSS app, when I'm away from my home network. I read that the right way to do this is through a VPN connection. I have a TP Link router that has an OpenVPN server option. I created a certificate, enabled the VPN server, and exported the configuration file.

Then on my iPhone, I installed the OpenVPN client app, and attempted to load the OpenVPN profile that I exported. It does not load/connect and I get a message of "There was an error attempting to connected to the selected server."

Here are my OpenVPN server settings on the router:
1653535148620.png


I suspect it's something really simple/easy to fix, but unfortunately I'm not that knowledgeable on this stuff, even after a lot of reading and research. Looking for some help. Thanks.
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
2,699
Reaction score
3,934
Is the error when importing the .opvn file or on connect?

Assuming the latter, how are you trying to access the VPN server? By IP or using DDNS? If you have a relatively stable external IP address, then try that first. That takes anything with DDNS out of the equation and you can set up that later once you have things working.

There are a bunch of other settings related to the cypher used, whether it requires a cert and/or just password, etc. Don't know how TP Link does all of that by default.

Maybe post the first part of the .opvn file here before where the cert starts. It's just a text file. You can open in anything.
 

Kevin Doe

Pulling my weight
Joined
Jan 24, 2021
Messages
117
Reaction score
100
Location
Ohio, USA
The import seems to go ok. When I click the connect button on my iOS app client, I get the error. I first tried with the default IP address (the one assigned by my ISP I suppose). That didn't work, so I setup a DDNS thinking that may help. Same error message. Here is the beginning of my .ovpn file:

client
dev tun
proto udp
float
nobind
cipher AES-128-CBC
comp-lzo adaptive
resolv-retry infinite
remote-cert-tls server
persist-key
persist-tun
remote xxxxxxxxxx.tplinkdns.com 1194

After this there is are some certificates (looks like ca, cert, and key stuff)
 
Last edited:

The Automation Guy

Getting comfortable
Joined
Feb 7, 2019
Messages
945
Reaction score
1,720
Location
USA
Can you connect using VPN while on your local network?

I realize this seems counter productive and not something that you would do normally, but it will allow you to determine where the problem lies. If the VPN connection works on the local network, then you know the VPN configuration works and it is the DDNS that is the problem. On the other hand, if the VPN connection doesn't work on the local network, then it's something in the VPN configuration that is causing the issue.

If you are worried that your local network won't do loopback (I'm probably using the wrong term here), you can always find your public IP address of your local network by googling "What's my IP address". Use that address instead of your DDNS setup. Again, if it works then you know the issue is the DDNS. If it doesn't work, you know it is the VPN configuration.
 
Last edited:

Kevin Doe

Pulling my weight
Joined
Jan 24, 2021
Messages
117
Reaction score
100
Location
Ohio, USA
I updated my .ovpn file to point to my public IP, retried the connection. While my phone was connected to my wifi, I was unable to connect. I disconnected my phone from my wifi network and then the connection succeeded. I then pulled up the DMSS app and confirmed I was able to access my camera feeds remotely! I then went back and used my DDNS address, and it worked when I was disconnected from my wifi.

Is this normal that it won't connect while I'm on my wifi network? I suppose there is no reason why I'd want to connect via VPN when I'm already on my network, just curious.

Is there some sort of username/password stuff I should setup, in event someone got my .ovpn file, so they don't have access to my network?
 
Last edited:

dudemaar

Getting comfortable
Joined
Aug 18, 2018
Messages
929
Reaction score
1,821
Location
Canada
I know it’s not same router, but this is a guide I used for my setup
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
2,699
Reaction score
3,934
Is this normal that it won't connect while I'm on my wifi network? I suppose there is no reason why I'd want to connect via VPN when I'm already on my network, just curious.

Is there some sort of username/password stuff I should setup, in event someone got my .ovpn file, so they don't have access to my network?
Yes, normal given various ways that things can be configured. You'd need to enable what's called a "hairpin" to access while on your local network. I searched quickly to see how TPLink does options like that in the setup but looks very limited (as in your image above) and apparently some models don't support it. Try searching for your TPLink model number and hairpin.

Same with the credentials. It is possible to require both cert and password using OpenVPN but you'd need a way to set that up on the server and not sure how that's done. I wouldn't worry all that much about that for a typical home system.
 

wepee

Getting the hang of it
Joined
Jul 16, 2016
Messages
220
Reaction score
41
xxxxxxxxxx.tplinkdns.com
Are you using Cable/Fibre internet connection?
If yes continue to read on.

Are you a windows user?
In windows, open up windows command prompt, and type in the following command:
nslookup xxxxxxxxxx.tplinkdns.com
This command will translate your current domain name= xxxxxxxxxx.tplinkdns.com
into a public IP.
Next, launch your web browser and type in: What is my IP. What is the result?
Does the public IP match with your result?
 
Top