IP Address confusion / Port Forwarding Problems

Feb 25, 2018
Okay, so this is probably a long one.

I'm setting up a raspberry Pi as a home vpn server, the connection always fails with the error "TLS key negotiation failed to occur within 60 seconds". The OpenVPN website is telling me this is likely because of a port forwarding failure.

When I go on the BT Hub control panel, and try and set up a port forwarding rule, the local IP address it gives for the Pi is different to the one I use to connect. The Hub gives it as .176, whereas if I try and connect on .176 it fails, however if I use .175 it works fine. Problem is, I can't change it on the hub control panel, or at least, I don't think I can.

As well as that, I'm not 100% sure on what I'm doing (always been more of a hardware than networking kind of guy). I need to open port 1194, and have tried to set up a rule to do that, but every Portscannng website says that it, and all the other ports on my pc are closed. I know that that isn't true, as I can connect and use the internet just fine, so I'm not sure what that means.

I've tried opening 1194 in windows firewall both in/outbound, but that hasn't worked either.

-Smarthub says Pi Local IP is different to the one I use to connect to it
-I have no idea how port forwarding is meant to work

Thanks in advance!



Aug 16, 2014

First off, it's important to give your Pi a static IP address to ensure it can always be reached at the address you assign. The IP must be outside of the DHCP range of the router (the range the router automatically assigns to devices). The DHCP range should be shown in the router settings. Go to your Pi's network settings and manually assign an IP address.

Next, you should be able to find your public IP address by Googling "what is my IP". The address shown must be the same as the BT's WAN IP address in order to forward ports.

Port 1194 will likely not be shown as "open" via online port check tools, even if successfully forwarded. My PiVPN works fine, but 1194 always shows "closed".

If you haven't used this site already, portforward.com is a pretty good resource for forwarding.
NATs do not allow communication to be started from the outside.

When communication goes to your public ip on a specific port and you have port forwarding setup, it's forwarded to a specific internal ip where a service is running. This way you don't have more than just your router on the public and you can run services off of your LAN. Your client should be trying to connect to your public ip, it doesn't need the private one. Most routers ignore port scans and the NAT will def not let you scan your LAN ports from the outside.

Make sure only 1 port is needed. You might need more. The ISP can block ports so that you aren't running services that they think you should pay them more money in order to run at home.