1

I have installed OpenVPN via PiVPN Script on my Raspberry Pi. Nearly Everything works fine. I can connect to it and my traffic passes my VPN-Server. My only problem is that I am not in my Local Network. So I cannot connect to it via ssh which was a reason why I installed OpenVPN. On my IPhone I can connect to the shell with termius without any problems. I am using Manjaro Linux on my notebook.

OpenVPN Version: 2.4.0

I hope s.o. has an Idee. If you need any output just ask me.

Thanks in advance,

HH

Improve this question

3 Answers 3

Reset to default
3

If you haven't solved the problem yet. Check where your connection has problems.

  1. I'd first ping into the server with ping <local ip of the server>. If you can ping to your server, you're virtually in your local network. If that doesn't work, you need to add route. Please check this post for that. But I don't think your problem is here.

  2. Try ssh -v <server>, if it stops at debug1: expecting SSH2_MSG_KEX_ECDH_REPLY . You need to solve a small bug about encryption. Simply add this line to your .ssh/config file:

    KexAlgorithms ecdh-sha2-nistp521

https://unix.stackexchange.com/questions/274274/specifying-ssh-kexalgorithms-works-at-cli-but-not-via-ssh-config

Improve this answer
1
  • This solved my problem which seems to have been caused by some OpenVPN MTU negotiation bug related to this: askubuntu.com/questions/1229456/…. For command line, -oKexAlgorithms=ecdh-sha2-nistp521 to set it once.
    – bfrguci
    Commented May 17, 2021 at 6:23
0

I have solved the issue by changing the client configuration of OpenVPN. Now it makes sense why my vpn worked when I was using my mobile phone.

Improve this answer
1
  • 1
    What did you change?
    – bfrguci
    Commented May 17, 2021 at 6:19
0

Anyone, who has

debian openvpn debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

should adjust the openvpn configuration and add (nano /etc/openvpn/server.conf)

#Set Local Server MTU on TUN/TAP
tun-mtu 1492
mssfix 1400
#Set REMOTE Client MTU on TUN/TAP
push "tun-mtu 1492"
push "mssfix 1400"

Previous issue:

this fixed the problem for me as using ssh -vvvv did tell that the connect was successfull, but hangs on that point - after using tcpdump and wireguard, i figured this point out - and then applied. works for now.

A word After:

Remind, that it could also be needed, to lower 1492 by steps of minus 8 (1byte equals 8 bit) that is the reason why -8

PUSH has the nice feature, that you dont need to take care about any client!

If you find it usefule, leave an upvote on me ;-)

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .