Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19
  1. #11
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,342

    Default

    If you changed the ports its expected that a client can't connect because of the access rules.

    I would also suggest reinstall entirely or reinstall openvpn to get back to defaults and then run the above test when a client tries to connect.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  2. #12
    Untanglit
    Join Date
    Mar 2013
    Posts
    19

    Default

    So reverting to the default port on the advanced page won't be enough?

    Speaking of, with the client set to the default port again, tcpdump shows:
    Code:
    Mon Jul 02 2018 10:24:20 GMT-0700 (Pacific Daylight Time) - Test Started
    tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    
    10:24:35.649646 IP 173.183.113.165.52241 > 184.71.158.234.1194: UDP, length 14
    10:24:45.460970 IP 70.79.109.197.53824 > 184.71.158.234.1194: UDP, length 14
    10:24:47.799720 IP 70.79.109.197.53824 > 184.71.158.234.1194: UDP, length 14
    10:24:51.310696 IP 70.79.109.197.53824 > 184.71.158.234.1194: UDP, length 14
    10:25:00.028571 IP 70.79.109.197.53824 > 184.71.158.234.1194: UDP, length 14
    10:25:10.648648 IP 173.183.113.165.50857 > 184.71.158.234.1194: UDP, length 14
    10:25:12.666875 IP 173.183.113.165.50857 > 184.71.158.234.1194: UDP, length 14
    10:25:15.865203 IP 70.79.109.197.53824 > 184.71.158.234.1194: UDP, length 14
    10:25:16.729507 IP 173.183.113.165.50857 > 184.71.158.234.1194: UDP, length 14
    10:25:24.561156 IP 173.183.113.165.50857 > 184.71.158.234.1194: UDP, length 14
    10:25:40.502794 IP 173.183.113.165.50857 > 184.71.158.234.1194: UDP, length 14
    10:26:15.466833 IP 173.183.113.165.50858 > 184.71.158.234.1194: UDP, length 14
    10:26:17.421202 IP 173.183.113.165.50858 > 184.71.158.234.1194: UDP, length 14
    10:26:21.564395 IP 173.183.113.165.50858 > 184.71.158.234.1194: UDP, length 14
    Mon Jul 02 2018 10:26:22 GMT-0700 (Pacific Daylight Time) - Test Completed
    
    --------------------------------------------------------
    So not only no DPI, also no mindless port blocking. My client is still at 173.183.113.165, I don't know who 70.79.109.197 is but I suspect it's the person whose authorized attempt to connect started this thread.

  3. #13
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,342

    Default

    Quote Originally Posted by chazz View Post
    So reverting to the default port on the advanced page won't be enough?
    Its just an easy way to ensure you are at the defaults.
    Often times people change access rules or advanced OpenVPN settings and ignore the huge bold warnings at the top.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #14
    Master Untangler
    Join Date
    May 2008
    Posts
    707

    Default

    173.183.113.165 shows a linksys router. Did you port forward 1194?

  5. #15
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,342

    Default

    Thats the client not the server I think
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #16
    Untanglit
    Join Date
    Mar 2013
    Posts
    19

    Default

    Okay, I'll buy that, though I think I'm keeping better track of what I'm doing than many. And... the results are the same. TCPDump shows the packets coming in, OpenVPN shows the UDP session request count going up, connection does not happen. (I did regenerate an inline OVPN and am using that on the client, because I know that removing and restoring the OVPN server can change keys.)

  7. #17
    Untanglit
    Join Date
    Mar 2013
    Posts
    19

    Default

    If it matters, donhwyo, the server is at 184.71.158.234. Edit: Since the client is establishing the connection, the router should be open for replies on that port. I can open a port forward if necessary... but it's never been necessary anywhere else...
    Last edited by chazz; 07-02-2018 at 11:00 AM.

  8. #18
    Untanglit
    Join Date
    Mar 2013
    Posts
    19

    Default

    Okay. I admit it, I am stupid.

    I had actually set up an OpenVPN server on a Raspberry Pi inside my network and had set up a port forward to that internal IP address. So of course the firewall OpenVPN couldn't see it - it was going to the Pi... or would have been if the Pi was active.

    With the port forward removed, it connected flawlessly. Sorry for wasting everyone's time.

  9. #19
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,342

    Default

    Doh! That makes sense.
    It happens to all of us

    Thanks for circling back and updating the thread!
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2