[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Problem with connection behind firewall


  • Subject: Re: [Openvpn-users] Problem with connection behind firewall
  • From: Christian Guedel <me@xxxxxxxxxx>
  • Date: Tue, 14 Dec 2004 22:28:09 +0100

Am Dienstag, den 14.12.2004, 21:55 +0100 schrieb Mathias Sundman:
> On Tue, 14 Dec 2004, Christian Guedel wrote:
> 
> > Hi list,
> >
> > I'm new here on the list, and I'm also new to VPN. I ran a PPTP server
> > for several days now, but this seems not to work on another port than
> > 1739. So I tried openvpn. This doesn't work as expected:
> >
> > The facts:
> >  - at my school we got a firewall that is very restrictive, but there
> > are some
> >  - open ports: TCP/80, TCP/443, TCP/110
> >  - I've running a gentoo server at home
> >  - I'd like to forward the whole connection from my home to school
> > through the firewall
> >  - I think this is possible?
> >
> > At home I get 4 public IP's assigned by my ISP, so I can try the VPN.
> > This does work for me at home with no problem (no encryption, but this
> > isn't necessary for me). But at school I get some strange errors:
> >
> > On the server:
> > Dec 14 13:06:10 [openvpn] Listening for incoming TCP connection on
> > [undef]:5000
> > Dec 14 13:06:11 [openvpn] TCP connection established with
> > 212.117.97.246:45193
> > Dec 14 13:06:11 [openvpn] TCPv4_SERVER link local (bound): [undef]:5000
> > Dec 14 13:06:11 [openvpn] TCPv4_SERVER link remote:
> > 212.117.97.246:45193
> > Dec 14 13:06:21 [openvpn] Connection reset, restarting [-1]
> > Dec 14 13:06:22 [openvpn] LZO compression initialized
> > Dec 14 13:06:22 [openvpn] TUN/TAP device tap0 opened
> > Dec 14 13:06:22 [openvpn] /sbin/ifconfig tap0 10.100.100.1 netmask
> > 255.255.255.0 mtu 1492 broadcast 10.100.100.255
> > Dec 14 13:06:22 [openvpn] Listening for incoming TCP connection on
> > [undef]:5000
> > Dec 14 13:06:24 [openvpn] TCP connection established with
> > 212.117.97.246:45200
> > Dec 14 13:06:24 [openvpn] TCPv4_SERVER link local (bound): [undef]:5000
> > Dec 14 13:06:24 [openvpn] TCPv4_SERVER link remote:
> > 212.117.97.246:45200
> > Dec 14 13:07:14 [openvpn] Connection reset, restarting [-1]
> > Dec 14 13:07:15 [openvpn] LZO compression initialized
> > Dec 14 13:07:15 [openvpn] TUN/TAP device tap0 opened
> > Dec 14 13:07:15 [openvpn] /sbin/ifconfig tap0 10.100.100.1 netmask
> > 255.255.255.0 mtu 1492 broadcast 10.100.100.255
> > Dec 14 13:07:15 [openvpn] Listening for incoming TCP connection on
> > [undef]:5000
> >
> > And on the client:
> > Dec 14 13:06:47 mobile openvpn[29548]: LZO compression initialized
> > Dec 14 13:06:47 mobile openvpn[29548]: TUN/TAP device tap0 opened
> > Dec 14 13:06:47 mobile openvpn[29548]: /sbin/ifconfig tap0 10.100.100.2
> > netmask 255.255.255.0 mtu 1492 broadcast 10.100.100.255
> > Dec 14 13:06:47 mobile openvpn[29548]: /etc/openvpn/lan/route.sh tap0
> > 1492 1571 10.100.100.2 255.255.255.0 init
> > Dec 14 13:06:47 mobile openvpn[29548]: Attempting to establish TCP
> > connection wi th 217.162.245.52:110
> > Dec 14 13:06:47 mobile openvpn[29548]: TCP connection established with
> > 217.162.2 45.52:110
> > Dec 14 13:06:47 mobile openvpn[29548]: TCPv4_CLIENT link local: [undef]
> > Dec 14 13:06:47 mobile openvpn[29548]: TCPv4_CLIENT link remote:
> > 217.162.245.52: 110
> > Dec 14 13:06:47 mobile openvpn[29548]: Connection reset, restarting [0]
> > Dec 14 13:06:50 mobile openvpn[29548]: LZO compression initialized
> > Dec 14 13:06:50 mobile openvpn[29548]: TUN/TAP device tap0 opened
> > Dec 14 13:06:50 mobile openvpn[29548]: /sbin/ifconfig tap0 10.100.100.2
> > netmask 255.255.255.0 mtu 1492 broadcast 10.100.100.255
> > Dec 14 13:06:50 mobile openvpn[29548]: /etc/openvpn/lan/route.sh tap0
> > 1492 1571 10.100.100.2 255.255.255.0 init
> > Dec 14 13:06:50 mobile openvpn[29548]: Attempting to establish TCP
> > connection wi th 217.162.245.52:110
> > Dec 14 13:06:50 mobile openvpn[29548]: TCP connection established with
> > 217.162.2 45.52:110
> > Dec 14 13:06:50 mobile openvpn[29548]: TCPv4_CLIENT link local: [undef]
> > Dec 14 13:06:50 mobile openvpn[29548]: TCPv4_CLIENT link remote:
> > 217.162.245.52: 110
> >
> > I don't know why this doesn't work! Maybe some of you have...
> 
> Hmm, you must have left some details out. Your client is connecting to 
> port 110, while your server is listening on port 5000. How do you get this 
> working at all? Do you have a firewall at home forwarding port 110 to port 
> 5000?
> 
> Use a packet sniffer to watch how the traffic flow. Are you sure those 
> ports are really open, and not just available through a proxy?
> 

I have a firewall that is forwarding port 5000 on the WAN interface to
port 110 to the server. The packets are logged by the firewall, so
traffic gets really passed.

I think the ports are open, as tunneling sshd over port 443 does also
work...

I can't try all this out, because I'm back in school at January 4th in
the new year... But maybe you know something that is important in this
situation... don't know ;)
-- 
Christian Guedel <me@xxxxxxxxxx>


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users