Mathias Sundman wrote:
On Mon, 13 Dec 2004, ad_koster wrote:
Does OpenVPN require the source port and destination port to be the
setup a tunnel ??
No. The recent 2.0 releases of OpenVPN defaults to udp port 1194 as
sourceport (and destination), unless --nobind is used, which causes
OpenVPN to pick the first free unprivileged port, like most applications.
The source port can however be changed by NAT devices, so you not
check the sourceport on your OpenVPN server. You could check that it
is a highport if you want (1024:65535).
The OpenVPN server does not depend on what source port was used, so
the problem you had was probably because of your iptables rule trying
to check the source port.
We encountered exactly the same problem. Different devices do NAT in a
whole lot of different ways and some even use some fixed high range as
source for udp-natting. Even on the most reasonable of NAT setups, the
sourceport cannot be guarenteed because the
source(ip:port)-dest(ip:port) (where source is the outside ip adres) may
be in use from another user. The NAT implementation is then required to
pick another source port.
Openvpn-users mailing list