Jump to content
TorGuard

Replacing OpenVPN hostname with IP to connect

Rate this topic


secretprobation

Recommended Posts

secretprobation

In the hotel I am currently staying in, I ran ping tests for some of the US servers and found that I could successfully connect to the New York and Atlanta servers but not Miami. The attached image shows the cmd results of said ping tests. However if you conduct a hostname to IP lookup on the internet, you can put one of those resolved IPs into your openvpn config file in place of the hostname. If I ping the top URL "173.44.37.122" I do get a successful connection and I can connect to the server.

On the windows client, it stores a cached list like this for every server location, and you can disable the "look up server hostname before connecting" to alleviate these issues. However if you wanted to use the OpenVPN app on your phone or computer, you would have to change the "remote" line in the *.ovpn from "remote us-fl.secureconnect.me port" to "remote 173.44.37.122 port"

 

This is obviously just my experience with this particular server, but the point stands for whatever you are trying and failing to connect to. The hotel wifi was blocking UDP port 500 so IPsec and Ikev2 was not working across the board. So I was trying to connect to the Miami server (closest to me at the time) via the iOS openvpn app when I came across this solution.

ping.PNG

hostname to ip.png

Link to post
Share on other sites
secretprobation

Slightly related, the same solution works for the AnyConnect app on the iphone. Anyconnect and Openconnect have compatability, so if you enter into the url "https://173.44.37.122:22" you will be able to connect that way as well if "https://us-fl.secureconnect.me:22" is not working.

Link to post
Share on other sites
  • 2 weeks later...
harvinator1900

what actually causes this? I'm no longer able to connect to most of the us servers through my openvpn config on my vpn router - I have to use an IP address from one of them. is my isp blocking something?

Link to post
Share on other sites
Support
15 hours ago, harvinator1900 said:

what actually causes this? I'm no longer able to connect to most of the us servers through my openvpn config on my vpn router - I have to use an IP address from one of them. is my isp blocking something?

 

It may just be your ISP's cache - we migrated DNS to a new DNS system, for the vast majority its seamless but some users ISP may take a while to update there cache or you may need to flush the DNS cache on your OS or device. Unfortunately there are a large number of ISPs that seem to ignore TTLs all together in their DNS caching schemes. If you happen to be on one of those ISPs it could be hours or even days before they respect the new records, even if you have a very low TTL set.

Link to post
Share on other sites
secretprobation

Maybe your ISP is blocking certain domains of the "secureconnect.me" hostname? Im guessing a similar thing is happening on my end. Glad you found a workaround though.

Link to post
Share on other sites
harvinator1900

im starting to think the issue may be in my router somewhere. i can ping the atl server on every machine except my router. Even pinging from within the isp's gateway works fine. I posted in my router's manufacturers forum and provided some dns logs, which doesn't seem to be the issue either. im stumped. 

Link to post
Share on other sites
  • 4 months later...

Most companies, which hotels are, do use firewall solutions which are very restricted. @secretprobation wrote already to use openconnect/anyconnect if you are in companies network which is very correct. Most companies known to me had some faulty approach in restricting their firewalls, they first make some basic research about services which they use and after it passes everything in a test network, it is applied on main and everything else is restricted. Responsible admins and IT departments create by that a bottleneck for support in simply knowing in forefront that those restrictions will stop their employees in usage of some services not related to a company but they are lazy to find it out by themself, and their bosses dont care, it is normal employee (or hotel guest in current case) who has to waste time on finding and testing. For most companies which do not have clients outside of own network it is not a big problem, where even in that case in first weeks users would complain and IT decides then if this service/port will be allowed or not. For the same reason, a lot of companies do use anyconnect as their own VPN which is also not blocked by the firewall and as most companies do use anyconnect, mostly, no further adaptions would be required (unless its really hardcore where no outer connections are allowed, like in specific bank departments).

I call such approach lazy and bad, done by bad admins and supported by incompetent bosses, but it is still mostly used one for most companies as bigger percentage of admins have actually no clue about better ways/solutions and are never forced to elaborate on it.

Same happened in my old company where I worked, they restricted everything so that people could not even use links from the customers servers and 20Gbit line was giving mostly 20Mbits per user due to firewall actually not having performant hardware to handle it all. All in all, they slowed the network down more than 100 times and as addition nothing worked and all users which I know got the advice from me to actually use their mobile phones and LTE when they are in office. It did not really backfire on the IT, the opposite happened, they were proud in how they restricted users so that they cant watch prom or play games during the work, in real, it was the opposite, as over their mobile phones they were able to watch prom and play games without a company having a notice about it at all.

If you are in a hotel or within a company network, the chance is very high that if you use Openconnect/Anyconnect that you will be able to establish your connection, even if company uses some other VPN solution for own employees, in many years, I never saw a company not allowing anyconnect connection.

You can find a lot of rubbish about openconnect/anyconnect, but TorGuard offering those is important, as in most companies you will be able to connect only with that protocol.

PS: That old company which I worked for, now, 5 years later, their network is still broken.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...