PiVPN not connecting externally..

The keys seem to work over LAN but for some reason I can not connect externally.

My router is set up correctly but I am not sure what happened this time around (I had to fresh install due to a HHD failure which caused a failed boot)…

I checked all ports with an online tester.
1194 (the default) shows that I can not connect as the port is closed.

I checked in server.conf and changed a couple of settings:

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/.crt
key /etc/openvpn/easy-rsa/pki/private/
dh none
ecdh-curve prime256v1
topology subnet
server ************ <<< ************ This is the IP of my internal RPi

Set your primary domain name server address for clients

push “dhcp-option DOMAIN *****.ddns.net”
push “dhcp-option DNS”
push “dhcp-option DNS”

Prevent DNS leaks on Windows

push “block-outside-dns”

Override the Client default gateway by using and rather than This has the benefit of

overriding but not wiping out the original default gateway.

push “redirect-gateway def1”
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.

Generated for use by PiVPN.io

I am not sure what else to do at this point.

I had everything working great before the crash, and now I just can’t seem to get it to work at all.

I’ve tried reinstalling multiple times, and still no dice.

I am not sure what else to do at this point.

I have all the other installs I wish for installed and working correctly, I am trying to avoid yet another fresh install.

Any light on this would be great.

Thanks in advance!


I’m not using PiPVN/OpenPVN but probably PiVPN created a new client configuration file. Did you upload this on client side as well?


But it refuses… (The key, which works locally)

It was a fresh install, so not sure why I can’t get it to work externally now.

I can open over LAN / the key works great.

I’ve checked through loads of forums etc, but everything I have tried does not seem to work.

I do not believe it to be a key issue.

It seems to be a port related issue?

I’m just wondering if there is a way I can return everything to default in terms of routing / firewall etc without disturbing other installations?

I tested PiVPN/OpenVPN and for me it was working well. Just to be sure, let’s check following

  1. your router is forwarding port 1194 UDP (not TCP) correctly?
  2. OpenVPN is LISTEN on correct port?
ss -tulpn |grep openvpn
  1. your client config file contains correct DDNS/external IP address?
cat /home/dietpi/ovpns/<your_file>.ovpn | grep 1194

You could also check the logs for any useful hint.

your router is forwarding port > 1194 UDP > (not TCP) correctly?

Yes. I have both TCP and UDP open and forwarded to the correct IP address.

OpenVPN is > LISTEN > on correct port?

I have it set to the default 1194. This is matched in my router settings.

When I use

ss -tulpn |grep openvpn

I get zero echo / readout.
It just moves on to the next line. This is regardless of using sudo / root.

your client config file contains correct DDNS/external IP address?

I am using no-ip to forward as my public domain and pointing in.
I have cloudFlare pointing out for searches.

When using

cat /home/***/ovpns/***.ovpn | grep 1194

I get back:
remote ***.ddns.net 1194

I believe this to be correct ( *** == hidden / private details).

I believe this to be correct

Well, you are the only one who knows if this is correct :wink: . You can check if the NoIP DDNS is correctly set and pointing to your external IP your router has.

As connection is working inside your network (according your info), the issue doesn’t seems to be with DietPi

This means that the server is not running.
Check the logs.

Now this is odd…

I checked the logs, and for both openvpn files that I could find, there was zero information in them.

I then ran

sudo ps -A

and openvpn is nowhere to be found!

So then I opened dietpi-services, and it says that openvpn is running??

I tried to uninstall, and openvpn still appears in services as inactive, despite an uninstall and reboot.

After unistalling a second time it then doesn’t appear in installations, but still does in processes as “inactive”.

I am really not sure what has happened here, so have decided to bite the bullet, back up the entire system, backup all configs of known working installs, and returning everything to scratch, attempting to install piVPN first and making sure this works.

I am not sure if this is a bug or something I have done by accident, but wish me luck!

usually PiVPN is working and I verified it this week. PiVPN will install OpenVPN if selected during PiVPN installation process.

I have done a fresh install today which gave more info

I used an external port sniffer and opened all my router ports.
Everything was as expected except 1194.
It stated that it was closed.

I am a little confused as to why this is.
Does the port normally get seen externally or is it closed until handshake etc?

sudo ps -A

3073 ? 00:00:00 openvpn


sudo ss -tulpn |grep openvpn

udp UNCONN 0 0* users:((“openvpn”,pid=3073,fd=6))

nano openvpn-status.log

TITLE OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] b$
TIME Fri Feb 5 23:52:55 2021 1612569175
HEADER CLIENT_LIST Common Name Real Address Virtual Address Virtual IPv6 Address Bytes Received Byte$
CLIENT_LIST ********* 80570 71093 Fri Feb 5 23:52:18 $
HEADER ROUTING_TABLE Virtual Address Common Name Real Address Last Ref Last Ref (time_t)
ROUTING_TABLE ******** Fri Feb 5 23:52:50 2021 1612569170
GLOBAL_STATS Max bcast/mcast queue length 0
END isn’t responding on port 1194 (openvpn).

lsof -i -P -n

openvpn 3073 openvpn 6u IPv4 45126 0t0 UDP *:1194

I guess it’s ok for the port scanner not detecting the VPN Server port because VPN server is running UDP and most of scanner checking on TCP

Anyway, OpenVPN is running correctly. If I understood as well, you are able to connect inside you network as well. Means it is working. You still need to find out what happen on your port forwarding.