My YunoHost server
Hardware: Dedicated NUC
YunoHost version: Latest (cannot access at the moment, see below)
I have access to my server : Through SSH, web-admin, direct access (at home)
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes
If yes, please explain: Had to configure VPN to enable access outside of my home network, see below
Description of my issue
I recently changed to a new, more stable ISP. Unfortunately, this particular ISP blocks all incoming connections, unlike my old ISP, and at this moment I’m unable to switch back to the old one. In the meanwhile I’m testing a VPN to connect my home server to the outside world. Since none of the VPNs recommended by YunoHost are available in my country, I’m currently using RapidVPN, one of the few VPNs that don’t block incoming connections… problem is, it periodically drops the connection and takes upwards of an hour to recover connectivity:
May 31 08:33:00 azkware.net ovpn-client[953836]: TLS: soft reset sec=3600/3600 bytes=200152954/-1 pkts=291832/0
May 31 08:33:00 azkware.net ovpn-client[953836]: VERIFY OK: depth=2, C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
May 31 08:33:00 azkware.net ovpn-client[953836]: VERIFY OK: depth=1, C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
May 31 08:33:00 azkware.net ovpn-client[953836]: VERIFY OK: depth=0, CN=*.rapidvpn.com
May 31 08:33:00 azkware.net ovpn-client[953836]: Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
May 31 08:33:00 azkware.net ovpn-client[953836]: Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
May 31 08:33:00 azkware.net ovpn-client[953836]: Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
May 31 08:33:00 azkware.net ovpn-client[953836]: Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
May 31 08:33:00 azkware.net ovpn-client[953836]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
May 31 09:09:17 azkware.net ovpn-client[953836]: [*.rapidvpn.com] Inactivity timeout (--ping-restart), restarting
May 31 09:09:17 azkware.net ovpn-client[953836]: SIGUSR1[soft,ping-restart] received, process restarting
May 31 09:09:17 azkware.net ovpn-client[953836]: Restart pause, 5 second(s)
May 31 09:09:22 azkware.net ovpn-client[953836]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
May 31 09:09:22 azkware.net ovpn-client[953836]: TCP/UDP: Preserving recently used remote address: [AF_INET]173.44.50.70:443
May 31 09:09:22 azkware.net ovpn-client[953836]: Socket Buffers: R=[131072->131072] S=[16384->16384]
May 31 09:09:22 azkware.net ovpn-client[953836]: Attempting to establish TCP connection with [AF_INET]173.44.50.70:443 [nonblock]
May 31 09:11:22 azkware.net ovpn-client[953836]: TCP: connect to [AF_INET]173.44.50.70:443 failed: Connection timed out
May 31 09:11:22 azkware.net ovpn-client[953836]: SIGUSR1[connection failed(soft),init_instance] received, process restarting
May 31 09:11:22 azkware.net ovpn-client[953836]: Restart pause, 5 second(s)
I actually went and purchased two different one-month plans in two different locations (Switzerland and Florida) and in both plans the issue happens at random. Since RapidVPN has a limit of up to four different devices connected at once to a single plan, I have the suspicion that it might be caused by RapidVPN rate-limiting my specific IP from the server’s side - whenever that issue happened, I tried using the connection from my phone, or my neighbor’s WiFi, and it connects no problem. Could it potentially be that I have misconfigured OpenVPN, and as a result, RapidVPN accidentally considers that my server connected to their servers four consecutive times, then proceeds to block further attempts to connect? (I’d love to be able to paste my current configuration but as I said, I’m waiting for my server to be accessible again as I’m currently out of my house)