HowTo install OpenVPN server

[Tamadite]

Hi,

Tried to follow the tutorial exactly, didn't work. Then I tried to tweak the post-firewall rules, yet no matter what I'm doing, I keep getting:

Code:

xxx.dyndns.org isn't responding on port 1194 (openvpn)

when scanning the 1194 port
And yes, I am able to eg. ssh into my router with the given dyndns host.
Conclusion: I don't know how to open the 1194 port for the OpenVPN client to even start doing transactions. Please, help.

If firewall rules and the notes given and the end of the rules do not help to open the port, you should take a look at the policy you have on the INPUT and PREROUTING tables to see if it is "I" (insert) or "A" (append) the parameter to use on the rules.

On the other hand "isn't responding on port 1194" does not imply the port is not open. It implies there is no service responding to the request on port 1194; reasons can be multiple, e.g. no service behind the port, closed port, etc.

[dreamer69]

Adding --float to client.ovpn solved the problem.


I'm trying to connect to OpenVPN for days now and i keep getting this error

Code:

TCP/UDP: Incoming packet rejected from 192.168.18.254:1194[2], expected peer address: 79.112.107.146:1194 (allow this incoming source address/port by removing --remote or adding --float)

.
I would really appreciate if someone could help me out.

post-firewall looks like this

Code:

#!/bin/sh
# this opens the ssh port to internet! Be sure to have strong passwords!
iptables -I INPUT -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --sport 1194 --dport 1194 -j ACCEPT
iptables -A OUTPUT -p udp --sport 1194 --dport 1194 -j ACCEPT

#OpenVPN access from WAN
iptables -D INPUT -j DROP
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -I PREROUTING -i eth1 -p udp --dport 1194 -j DNAT
--to-destination 192.168.18.254:1194
iptables -A INPUT -j DROP

iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT

ifconfig

Code:

ifconfig
br0       Link encap:Ethernet  HWaddr 00:1D:60:9F:1D:3C
          inet addr:192.168.18.254  Bcast:192.168.18.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2431 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1883 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:582528 (568.8 KiB)  TX bytes:826719 (807.3 KiB)

eth0      Link encap:Ethernet  HWaddr 00:1D:60:9F:1D:3C
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1112 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:306676 (299.4 KiB)
          Interrupt:4 Base address:0x1000

eth1      Link encap:Ethernet  HWaddr 00:1D:60:9F:1D:3C
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1824 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1263 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:680250 (664.3 KiB)  TX bytes:368687 (360.0 KiB)
          Interrupt:5 Base address:0x2000

eth2      Link encap:Ethernet  HWaddr 00:1D:60:9F:1D:3C
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2424 errors:0 dropped:0 overruns:0 frame:112907
          TX packets:2577 errors:31 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:615892 (601.4 KiB)  TX bytes:1004952 (981.3 KiB)
          Interrupt:12 Base address:0x4000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:xxx.xxx.107.146  P-t-P:10.0.0.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:1529 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1163 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:600547 (586.4 KiB)  TX bytes:340013 (332.0 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

server.conf

Code:

dev tun
proto udp
ifconfig 10.8.0.1 10.8.0.2
secret /opt/etc/openvpn/static.key
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
comp-lzo
keepalive 10 60
daemon

client.ovpn

Code:

remote xxx.xxx.xxx.xxx ;server IP address
dev tun
ifconfig 10.8.0.2 10.8.0.1
secret static.key
comp-lzo
keepalive 10 60
redirect-gateway def1
route-method exe
route-delay 2
dhcp-option DNS 10.8.0.1

Works great connecting from LAN , but i can't connect from WAN.