[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] TCP works UDP fails

  • Subject: [Openvpn-users] TCP works UDP fails
  • From: col_mil@xxxxxxxxxx
  • Date: Wed, 06 Jul 2005 15:01:09 +1200
  • Priority: normal
Have been stumped by this for months.

Both server + client running debian sarge + openvpn 2.0-3.

server receives client data via wireless access point on
eth1, (client is wireless)

server also runs iptables firewall.

proto tcp works without a hitch.

proto udp fails with the following:

===<snip>===
TLS key negotiation failed to occur within 60 seconds (check
your network connectivity)
===<snip>===

server config:
===<snip>===
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
cipher AES-256-CBC
mlock
comp-lzo
persist-key
persist-tun
user nobody
group nogroup
tun-mtu 1500
lport 1194
rport 1194
proto udp
#fragment 1300
mssfix
mtu-disc no
verb 6
mute 5
mode server
server 10.8.0.0 255.255.255.0
push "redirect-gateway local def1"
status openvpn-status.log
tls-server
tls-auth /etc/openvpn/keys/ta.key 0
dh /etc/openvpn/keys/dh1024.pem
ping 15
ping-restart 60
===<snip>===

client config:
===<snip>===
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client.crt
key /etc/openvpn/keys/client.key
cipher AES-256-CBC
mlock
comp-lzo
persist-key
persist-tun
user nobody
group nogroup
tun-mtu 1500
lport 1194
rport 1194
proto udp
#fragment 1300
mssfix
mtu-disc no
verb 6
mute 5
client
remote 192.168.182.1 1194
float
ns-cert-type server
tls-client
tls-auth /etc/openvpn/keys/ta.key 1
resolv-retry infinite
===<snip>===


servers' firewall config:
===<snip>===
##########
# GLOBAL #
##########
# related + established
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j
ACCEPT
# http
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
# https
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
# 3990
$IPTABLES -A INPUT -p tcp -m tcp --dport 3990 --syn -j
ACCEPT
# openvpn
$IPTABLES -A INPUT -p udp --dport 1194 -j ACCEPT

############
# EXTERNAL # (-> world)
############
# ping
$IPTABLES -A INPUT -i $EXTIF -p icmp -j ACCEPT
# ssh
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn
-j ACCEPT
# input
$IPTABLES -A INPUT -i $EXTIF -j DENY
# forward
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
# output
$IPTABLES -A OUTPUT -o $EXTIF -j ACCEPT
# nat
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

#######
# TUN #
#######
# input
$IPTABLES -A INPUT -i tun+ -j ACCEPT
# forward
$IPTABLES -A FORWARD -i tun+ -j ACCEPT
# output
$IPTABLES -A OUTPUT -o tun+ -j ACCEPT

############
# INTERNAL # (-> client)
############
# ping
$IPTABLES -A INPUT -i $INTIF -p icmp -j ACCEPT
# input
$IPTABLES -A INPUT -i $INTIF -j DENY
# forward
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j DENY
# output
$IPTABLES -A OUTPUT -o $INTIF -j ACCEPT
===<snip>===


Any ideas appreciated!

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-07/msg00044.html on line 319

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-07/msg00044.html on line 319