Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-19 03:10:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

Created FAQ (markdown)

Orazio 2020-02-01 11:49:53 +01:00
parent af1be3c312
commit f7c93a2d24
1 changed files with 70 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
FAQ.md Normal file

@ -0,0 +1,70 @@
# FAQ (Frequently Asked Questions)
## Links to protocol specific FAQs
- [WireGuard](https://github.com/pivpn/pivpn/wiki/WireGuard)
- [OpenVPN](https://github.com/pivpn/pivpn/wiki/OpenVPN)
## How do I diagnose port forwarding?
This guide assumes that the PiVPN installation was successful and you see all `[OK]` on the `pivpn -d` self check (i.e. the server is working and listening for connections).
We will use `tcpdump` take a peek into the network interface to see if packets are reaching our Raspberry Pi.
First off, if you want to test the connection using your smartphone as a client, make sure to use MOBILE DATA, do not test from the same network where the Raspberry Pi is located. If you want to use a PC, connect to the internet via TETHERING/HOTSPOT.
Connecting from the same network as the server not only doesn't make sense (you are already inside the network the VPN is supposed to connect you to) but may not work with many routers.
From your device, go to https://ipleak.net and check what's your IP address, let's say we have 192.0.2.45.
1. Open a root shell: `sudo -s`
1. Install tcpdump: `apt install tcpdump -y`
2. Acquire the installation settings: `cat /etc/pivpn/setupVars.conf`
3. Take note of the values of `IPv4dev`, `pivpnPROTO` and `pivpnPORT`, for example `eth0`, `udp`, `51820`
3. Run `tcpdump -n -i IPv4dev pivpnPROTO port pivpnPORT`, in our example would be `tcpdump -n -i eth0 udp port 51820` (it will block the terminal but don't worry)
Now you are looking at udp or tcp packets coming to your Raspberry Pi on the port you specified, via the network interface (ethernet or wifi) you chose. The LAN address of the Raspberry Pi is 192.168.23.211.
6. Try to connect from your device.
7. Shortly after you should see some packets being exchanged between your Raspberry Pi and your device.
Here's a successful conversation:
```
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:57:38.952503 IP 192.0.2.45.28050 > 192.168.23.211.51820: UDP, length 32 <--- Your device sent a packet to the Raspberry Pi
10:57:49.109202 IP 192.168.23.211.51820 > 192.0.2.45.28050: UDP, length 128 <--- Your Raspberry Pi responded to your device
10:57:49.144774 IP 192.0.2.45.28050 > 192.168.23.211.51820: UDP, length 128
10:57:59.490185 IP 192.168.23.211.51820 > 192.0.2.45.28050: UDP, length 32
```
Here's an unsuccessful one (no packets reach the Raspberry Pi):
```
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
```
8. Press CTRL-C to stop the capture
9. Exit the root shell: `exit`
### What to do if I see no packets?
- Check your port forwarding, make sure you forwarded the correct PORT, with the correct PROTOCOL, to the correct IP of your Pi. Again, you can see what you chose by looking at `IPv4dev`, `pivpnPROTO` and `pivpnPORT` inside `/etc/pivpn/setupVars.conf`.
- Check if the router still assigned the internal IP you chose during the installation. If it changed even though you set up a static IP when installing PiVPN, use DHCP reservation on the router and reserve `IPv4dev`.
- If you set up PiVPN with ethernet and later switched to wifi, you will have a different IP. Easiest what to fix is to reinstall and pick the new network interface.
- Check if your ISP uses Carrier-grade NAT. With CGNAT, your router gets a private IP, making port forwarding ineffective. This is mostly the norm if your router connects via 4G/LTE. If that's the case, you need to ask the ISP for a public IP.
### What if I see packets coming but my client does not connect?
Example:
```
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:57:38.952503 IP SOURCE_IP.28050 > 192.168.23.211.51820: UDP, length 32
10:57:49.144774 IP SOURCE_IP.28050 > 192.168.23.211.51820: UDP, length 128
```
- If SOURCE_IP is the IP of your device, this may indicate routing issues, attempts to block the connection (on either side), or poor connectivity. In all cases, try to connect from a different network.
- If SOURCE_IP is NOT the IP of your device, this indicates that SOURCE_IP is just a bot trying to scan your Pi and that your client is not trying to connect to your Pi. Check if the IP in your client config matches the public IP of your Pi or that the DDNS is updated. To see the public IP of your Pi, run `curl -s https://checkip.amazonaws.com`.