TCP: connect to [AF_INET]209.xxx.xxx.xxx:7494 failed: Unknown error

hasan

TCP: connect to [AF_INET]209.xxx.xxx.xxx:7494 failed: Unknown error
SIGUSR1[connection failed(soft),init_instance] received, process restarting
MANAGEMENT: >STATE:1615008963,RECONNECTING,init_instance,,,,,
Restart pause, 40 second(s)
MANAGEMENT: >STATE:1615009003,RESOLVE,,,,,,
TCP/UDP: Preserving recently used remote address: [AF_INET]209.xxx.xxx.xxx:7494
Socket Buffers: R=[8192->8192] S=[8192->8192]
Attempting to establish TCP connection with [AF_INET]209.xxx.xxx.xxx:7494 [nonblock]
MANAGEMENT: >STATE:1615009006,TCP_CONNECT,,,,,,

1. VPS has no firewall blocking 7494 port
2. I use cloudflare it was working before no change but recent updates and I searched forum and have whitelisted 7494 as below:

OpenVPN port 7494

sudo -u yellowtent

touch ports.json

vi ports.json

{
"allowed_tcp_ports": [ 7494 ],
"allowed_udp_ports": [ ]
}

Esc

:wq

sudo -u root

systemctl restart cloudron-firewall

3. Should I check my ISP might be blocking the IP but it is not the case as cloudron panel is reachable?

I will end up uninstall/reinstall OpenVPN app in case no solution.

Any idea? Thanks!

girish

@hasan

• Are you proxying via cloudflare? If so, cloudflare cannot proxy VPN, only http(s).
• You can also check if telnet <cloudron-server-ip> 7494 connects.
• You don't (and shouldn't) need to white list port 7494. Cloudron will do this automatically for apps. The ports.json is only required for apps that you run outside Cloudron. So, in fact, I recommend removing this because I don't know what side effect it has on internal routing.

hasan

@girish Yes I use Cloudflare and OpenVPN was working well I don't know why maybe I should not update unless a stable version of Cloudron.

I mean I do not proxy for OpenVPN only for the https for the my. domain. com panel and another app both works.

Just removed ports.json

$ telnet 209.xxx.xxx.xxx 7494
Trying 209.xxx.xxx.xxx...
Connected to 209.xxx.xxx.xxx.
Escape character is '^]'.
Connection closed by foreign host.
(after a little while)

Seemingly my ISP ... and connect error, guess where I'm living

mehdi

@hasan You can try

• doing the same telnet stuff but from a shell on the server itself, to see if the problem comes from the server or the connectivity.
• changing the port for the VPN on cloudron's management dashboard, then try the telnet stuff again with the new port

hasan

@mehdi I tellnet from another ubuntu works fine there's no issue with neither OpenVPN nor Cloudron. In another country it works so no problem.

girish

@hasan Is the conclusion that VPN is somehow blocked in your country ?

mehdi

Recognizing TCP OpenVPN traffic is really not easy, as it kinda looks like any other TLS encrypted stream. As far as I know, doing so requires advanced Deep Packet Inspection capabilities that are only available to few countries, and even this is not foolproof.

May I ask, @hasan, where are you based?