Closed sunny75016 closed 4 years ago
jwsi
commented
4 years ago Hi @sunny75016,
UH VPN servers are free for this reason. You can have as many servers as you wish in a premium group and it won't affect the price. Therefore, you should create a UH VPN UDP server and a UH VPN TCP server within the group and allow your clients to choose between the two within the client applications.
sunny75016
commented
4 years ago My apology jwsi - I should have explained better. The doubling of cost happens only because one has to create a new VPS (e.g. DigitalOcean droplet) one for TCP and one for UDP and incur a monthly cost for both servers. Perhaps I have missed a tick here.
jwsi
commented
4 years ago @sunny75016, sorry that makes sense. The good news is that each droplet/ubuntu instance can operate any number of UH VPN servers. To configure a droplet/ubuntu instance to operate more than one UH VPN server, simply add the token into the configuration file by following this guide:
https://docs.uh-vpn.com/en/latest/servers/adding-servers.html
Let me know if that solves things for you 👍
sunny75016
commented
4 years ago @jwsi - The problems is partly solved. Now the DigitalOcean Droplet VPS runs UH-VPN on both TCP/443 and UDP/443 and has accepted both tokens as per the logfile tail. My problems is that the connection on TCP/443 works perfectly well (iOS client) but not on UDP/443. I tried using WiFi as well as 4G - but simply unable to connect to the server. I checked that both tcp and udp are opened on ufw. I have attached the redacted-log file by removing token codes and IP addresss. Please help. redacted-log.txt
jwsi
commented
4 years ago Hi @sunny75016 UH VPN server software definitely supports multiple servers, but here are some pitfalls that people often make:
172.31.0.0/24 and TCP to 172.31.1.0/24.TCP 2802 is not open on the droplet. This is required to push configuration updates from the UH VPN API to the UH VPN Server.If you're still having issues after checking this, then let me know 👍
sunny75016
commented
4 years ago Very helpful, thanks @jwsi. I double checked firewall and ports 443/tcp 443/udp and 2802/tcp which were already open. Here are the results.
root@vpn:~# nc -z -v -u [IP redacted] 443 Connection to [IP redacted] port [udp/] succeeded! root@vpn:~# nc -z -v [IP redacted] 443 Connection to [IP redacted] port [tcp/https] succeeded! root@vpn:~# nc -z -v [IP redacted] 2802 Connection to [IP redacted] port [tcp/] succeeded!
In addition, the IPv4 and IPv6 subnets are as follows TCP instance: 172.31.1.0/24 fe81::/64 UDP instance: 172.31.0.0/24 fe80::/64
I checked that the server has two separate tokens one for TCP and another for UDP.
After these changes to subnets, I have rebooted the VPS just in case. I also deleted the iOS VPN profile and created again (just in case). Still TCP/443 works fine but UDP/443 does not connect at all. It is stuck at "Connecting to UH VPN..." both via WiFi and 4G.
Need your help (and I owe you a beer :-) )
jwsi
commented
4 years ago Hi @sunny75016, have you installed ufw onto the UH VPN Server droplet separately? If so can you try disabling that:
service ufw stop
sudo systemctl disable ufw
Then reboot the VPS and test. If it works, then we know this is the issue and it can probably be solved by turning off the "Auto add" rules in the server settings.
Let me know if turning off ufw temporarily solves the issue, once I know that then I'll be able to give advice on how we can get it working with ufw :)
sunny75016
commented
4 years ago Hi @jwsi - Thanks. I have now stopped and disabled ufw and rebooted VPS. I also ensured that the UDP/443 port is open and visible from the internet. Unfortunately VPS does not work on UDP at all; although it connects to TCP within milliseconds. I deleted and recreated the whole server without firewall. Same issue.
sunny75016
commented
4 years ago I am using Ubuntu 20.04 - Has UH VPN been tested fully on it?
jwsi
commented
4 years ago Yes we have lots of people (including myself) who run UDP and TCP instances concurrently on Ubuntu.
Are you able to connect to UDP only server? This sounds like a censorship issue to me...
jwsi
commented
4 years ago Hi @sunny75016, i just configured a fresh VPS from DO using our marketplace image with the parameters you have mentioned above and have obtained the following configs (see below) and it works well. Can you please tell me if any of your outputs to the commands in my screenshots look different to yours:
service uh-vpn-server status
cat /var/log/uh-vpn-server/<udp_token>.log
cat /var/log/uh-vpn-server/<tcp_token>.log
iptables --list FORWARD
iptables -t nat --list POSTROUTING
If you can post images to what you get from those commands I'll be able to work out the issue :)
sunny75016
commented
4 years ago Thanks @jwsi - I deleted the older droplet altogether and created a new Digital Ocean droplet. I followed the Ubuntu route for installation. I also deleted the older firewall altogether and created a new with the ports. Finally, I double checked that the subnets were different for TCP and UDP. End result - Both UDP and TCP installed on the same VPS are working perfectly fine using the iOS clients. I still owe you the beer....and I am glad we can treat this as permanently closed.
jwsi
commented
4 years ago @sunny75016 that's great news, glad to hear it worked out in the end! Looking forward to the beer sometime ;)
At the moment, for each server we have to explicitly choose UDP (on / off). For situations where the UDP traffic is blocked we are forced to use the TCP which reduces the efficiency for all users (including those who can use UDP). The alternative solution to have one server each for TCP and UDP is not acceptable as it simply multiplies the cost to Premium customers by two.
I would like UH-VPN to allow both TCP and UDP on the server side and the client side should first try to connect over UDP and switch over to TCP after a timeout. If you want to make this even more efficient the "Connect" UI can have two options instead i.e. Connect UDP / Connect TCP.