Troubleshooting for gateway OpenVPN connection failure

Knowledgebase
Troubleshooting Guide
VPN
10-30-2024

Contents

Objective

Requirements

Introduction

Troubleshooting Steps

Conclusion

Objective

This article provides steps for troubleshooting when an OpenVPN tunnel cannot be established.

Requirements

  • Omada Gateway which supports OpenVPN (such as ER605v2, ER7206v2)

Introduction

Improper client configuration (such as wrong server address, service port, or inconsistent encryption method) or incorrect certificates (such as expired certificates or incorrect account passwords) can lead to the failure to establish an OpenVPN tunnel. Confirm that your device is connected to the internet, and then follow the troubleshooting steps below to solve your problem.

Troubleshooting Steps

Step1. Check your network settings

1) Local network restriction: The OpenVPN connection may be restricted by a front-end device, usually a firewall or router. Make sure the devices and software are allowed to use OpenVPN for communications.

2) DNS resolution issue: The connection will fail if the VPN server's domain name cannot be resolved. Confirm that DNS is running correctly, or try to connect using the server's IP address instead of the domain name.

3) Unstable network: The connection may fail due to an unstable network. Try again later.

Step2. Check the configuration file

1) Incorrect server address or port number: The OpenVPN configuration file (usually with the .ovpn extension) contains various parameters required for a VPN connection, such as the server address, port number, and protocol type. If these parameters are not set correctly, the connection will fail. Contact the server administrator to obtain the correct configuration parameters.

The configurations of the OpenVPN client here need to focus on checking the Service Port and Remote Server.

2) Inconsistent encryption method: The client and the server must have the same encryption method.

3) Expired certificate and key: Ensure the certification and key are correct, valid, and consistent with the server settings.

Step3. Check the server status

1) There is a NAT device in front of the server: Make sure the NAT device has the correct port forwarding rules added for OpenVPN traffic.

2) The server is not running: The client cannot connect to the OpenVPN server when it is not running or disconnected from the internet.

3) The server is overloaded: When the server is overloaded, it may respond slowly or be unable to process new connection requests. In this case, contact the server administrator.

4) The server is incorrectly configured: Improper server configuration (such as a virtual address pool that is too small or has no virtual IPs to allocate) can cause connection failures.

The configurations of the OpenVPN server, including Server Name/AccountPWD/Status/Full Mode/Protocol, and so on.

Step4. Check the client's status

1) Incompatible software version: The connection may fail due to the incompatible client software version. Go to https://openvpn.net and update the client software to the latest version.

2) Unsynchronized time settings: The OpenVPN connection requires the client and server to use the same time settings. You can update the client’s system time.

3) TAP adapter disabled: Check the client's network adapter settings and ensure the TAP virtual network adapter is enabled.

Conclusion

If the problem persists, contact TP-Link Support team and provide your device model.

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

Please Rate this Document

Related Documents