does not work with latest Amazon Linux AMI

[gitsnaf]

I had a working open vpn configuration on my ec2 server. A few days ago I did a "yum update" and since then I get no connection through the vpn.

Today I set up a completely "Amazon Linux AMI 2013.03.1"-server. Installed the latest (security) updates and installed openvpn via this setup script. It worked so far, I could connect my iphone but then the same problem: no traffic goes through the vpn :(

Could it be something with the latest amazon linux ami or with the updates?

[viljoviitanen]

Sorry, cannot reproduce.

I first created a new amazon linux 2013.03.1 server, then set up the vpn with my script, connected, ran "yum update", and the connection worked fine. Also, a reconnect after server reboot was ok.

Then I created a new server, first ran yum update, rebooted, then set up the vpn, and the vpn worked perfectly.

[gitsnaf]

I can reproduce it unfortunately. It still does not work on my iPhone and on my iPad. I'm doing exactly the few steps to install the openvpn. The connection to my openvpn server is established successfully. But then I cannot work with it, no traffic goes through the vpn. So what could be the problem?

[viljoviitanen]

Sorry, I have no idea, and I'm also sorry to say I have zero interest in debugging the problem further. It "works for me". Let me suggest you get other clients than your iphone and ipad to test the vpn with, because I suspect there's something going on there, and it's just coincidence that the vpn stopped working after the amazon linux updates.

[gitsnaf]

It also does not work on my mac book and on my windows pc.

[viljoviitanen]

Oh well, still I can't help, as it works for me. I really have no idea then what could be the issue. Try with another OS (Amazon offers Red Hat with their free tier, Centos instructions apply) or another service provider (I've tested Rackspace Centos).

[viljoviitanen]

I just tested the script with the newly released Amazon Linux 2013.9, no problems.

[viljoviitanen]

I also tested Red Hat and it turned out there's a bug in Amazon RHEL 6.4 image which prevented the script from working. I added instructions to the readme on how to get rid of the bug.

[gitsnaf]

It works for me now or to be more precisely it works on a few public WLAN I was logged in with my iPhone. At home it still does not work at all. So I suspect my DSL provider is the obstacle.

[viljoviitanen]

A-ha. There are a few things you can do in that case:

• Use different ports, if your dsl provider only blocks the standard openvpn port (which is 1194).
• Or maybe udp just plain doesn't work at all with your dsl modem (it probably is a router/firewall, which may have its own issues). Then you can switch to a tcp connection instead of udp - it's not as efficient, but still works.

Remember to open the ports/protocols on the amazon ec2 firewall/security group too.

Actually that gave me an idea for the next thing I'll do: make the protocol and port parameters to the script!

[gitsnaf]

I now have a solution for my VDSL connection at home. After a lot of research it seems to be something with the paket fragmentation. I added "tun-mtu 1400" to the server and client configuration and now it works.