I have a RaspberryPi on my parents' house with PiVPN set up and configured to provide a personal VPN service for me and a few friends. This VPN has worked flawlessly since the beggining, I have used it with my PC and never got an error.
I recently set up another computer with Windows10 at my parents' house, to act as a server for various purposes (in case it is related to this issue, I use it as a home multimedia server with Plex Media Server and also as a Git Repository for personal use). I need it to connect automatically to the VPN, so I did the following:
- I configured PiVPN to generate the correspondent .ovpn file, installed OpenVPN GUI client on the new server machine and imported the ovpn file. As a matter of fact, I configured static IPs for all the connections to my VPN as I want them to always have the same IPs.
- I configured OpenVPN to automatically connect at server's startup. I achieved this by placing a direct link to OpenVPN GUI in this folder
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp, and that direct link had this argument"C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect ServerW10.ovpn -
I configured the server BIOS to automatically boot whenever the AC came back (so the server boots up again if the electricity goes down) and I also configured it to log in automatically into the user I created when installing Win10. So with this, the server is hopefully always logged in whenever is powered on.
-
As I am concerned about power consumption on my parents' house, I configured this server to sleep after 3h of inactivity (Windows 10 settings) and to sleep always (with a batch script) when reaching 2AM
-
Due to the automatic sleep stuff, I configured the BIOS to accept Wake-on-LAN packets to wake up the server. I tested this several times and it worked nicely. This way I could wake up the server whenever I needed to for 3h (enough for my purposes).
-
I spent a few days testing the server: putting it to sleep manually, letting it sleep after 3h of inactivity, forcing shutdown, etc, and OpenVPN always worked nice and reconnected without issues.
Now the problem appeared when I tested the VPN connection to the server after the "2AM sleep". I woke up the server and then tried to ping it as usual with its static VPN IP but I couldn't reach it. I logged in through TeamViewer to check what was happening and when I opened OpenVPN's gui, I found that it was stuck in a loop like this:
Thu Mar 01 10:26:28 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Thu Mar 01 10:26:28 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Mar 01 10:26:28 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Thu Mar 01 10:26:29 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Mar 01 10:26:29 2018 TCP/UDP: Preserving recently used remote address: [AF_INET](my ip):(my port)
Thu Mar 01 10:26:29 2018 UDP link local: (not bound)
Thu Mar 01 10:26:29 2018 UDP link remote: [AF_INET](my ip):(my port)
Thu Mar 01 10:27:29 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Mar 01 10:27:29 2018 TLS Error: TLS handshake failed
Thu Mar 01 10:27:29 2018 SIGUSR1[soft,tls-error] received, process restarting
Thu Mar 01 10:27:34 2018 TCP/UDP: Preserving recently used remote address: [AF_INET](my ip):(my port)
Thu Mar 01 10:27:34 2018 UDP link local: (not bound)
Thu Mar 01 10:27:34 2018 UDP link remote: [AF_INET](my ip):(my port)
Thu Mar 01 10:28:34 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Mar 01 10:28:34 2018 TLS Error: TLS handshake failed
etc...
I tested the VPN with my PC and works nicely as usual, so the best bet is that it's the server's fault.
I personally think that maybe has something to do with the batch script I made and programmed to run at 2AM to put the PC to sleep at 2AM, because I had no problems with other sleep methods (manual sleep and inactivity sleep). The batch script looks like this:
rundll32.exe powrprof.dll,SetSuspendState 0,1,0
I used this script because I saw a tutorial on how to do a batch script for this. As in that tutorial said, I also ran the following command in order to do sleep instead of hibernation:
Powercfg -H OFF
What could be the problem?
Best Answer
I finally fixed it, though I had 2 problems in my setup.
First of all, the "VPN Setup" had one problem: the OpenVPN server (the RaspberryPi with PiVPN) was in the same subnet that the server machine was.
The .ovpn configuration file pointed to my personal DNS, so the server machine, in order to connect to the RaspberryPi's VPN, had to reach the DNS and then reach my RaspberryPi through my parents router's public IP (that I had linked with my router). This is a problem because all of the VPN traffic is redirected through a fixed UDP port to the RaspberryPi's local IP, which means that the responses the RaspberryPi sent to the server machine, when they arrived at the router, they ended up in the RaspberryPi due to the redirected UDP port, so the server machine never received a response.
I fixed this opening the .ovpn file and modifying the line that contained the destination URL to connect to the VPN from this:
to this
Also, the sleep script was somehow buggy with the OpenVPN setup, and I'm not very sure why but I think it had something to do with disabling hibernation. I downloaded Microsoft PsTools and made a new script to put the pc to sleep at 2AM. The new script looks like this
C:\{path_where_pstools_was_extracted}\PsTools\psshutdown.exe -d -t 0 -accepteulaWith these modifications the server now finally works as expected.