Results 1 to 3 of 3

Thread: OpenVPN Use TCP

  1. #1
    Newbie
    Join Date
    Mar 2020
    Posts
    2

    Question OpenVPN Use TCP

    I am trying to switch from using UDP to TCP on Untangle due to known issues with Ubuntu OS.

    Please can someone review my steps

    Internet --> Untangle

    1. Upgraded Untangle Build v15.0
    2. Enabled OpenVPN & Tested using UDP
    3. Switch from UDP to TCP in "Advanced" section (Left port 1194)
    4. Downloaded Updated Client File
    5. Setup Port Forwarding Rule & Firewall Rule
    6. Added "Access Rule"
    Destination Port: 1194
    Protocol: TCP
    Source: Any WAN

    Server configuration was not touched only the protocol drop down was changed from UDP to TCP


    The client configuration is this:-

    client
    resolv-retry 20
    keepalive 10 60
    nobind
    mute-replay-warnings
    ns-cert-type server
    comp-lzo
    max-routes 500
    verb 1
    persist-key
    persist-tun
    explicit-exit-notify 1
    dev tun
    proto tcp
    port 1194
    cipher AES-256-CBC
    remote x.x.x.x

    When I used the above setting got an error about "explicit-exit-notifiy 1" so I removed that line but still had problems.

    If I switch it to UDP & Download the client file it works so there must be a parameter either on the OpenVPN Client or Server I am missing.

    Many Thanks
    Last edited by jman177; 03-23-2020 at 05:29 AM. Reason: mistake where made

  2. #2
    Master Untangler TirsoJRP's Avatar
    Join Date
    Oct 2010
    Posts
    409

    Default

    What known issues?

    The client conf seems to point to port 1190 while server is running on 1194. AFAIK Untangle doesn't need manual rules for VPN.
    Jim.Alles likes this.

  3. #3
    Newbie
    Join Date
    Mar 2020
    Posts
    2

    Default

    Thanks for responding :-)

    By default there is a OpenVPN Access Rule for UDP 1194 so that's why I added an OpenVPN Access rule for TCP 1194 maybe I don't need the Firewall rule.

    I found alot of posts on Ubuntu Openvpn UDP problems.

    We current had a staff connecting fine to Synology Openvpn running on TCP but when we told him to use Untangle Openvpn it wouldn't route correctly.

    Using openvpn UDP the staff situation on Ubuntu the interface tun0 he was getting a valid ip in the Openvpn dhcp range but a invalid gateway address and then after a few minutes it disconnects.

    On Windows connecting via Openvpn and doing Ipconfig I get a ip in openvpn dhcp but the gateway is empty and it all works fine.

    On other forums they noticed UDP traffic being blocked by Ubuntu firewall which could be causing the issue.

    - MTU issues
    - Ubuntu firewall issues
    forums.openvpn.net/viewtopic.php?t=28444

    A quick solution was to switch untangle Openvpn to TCP to see if that would resolve issue but cannot connect via Windows openvpn client & port scanning it doesn't appear to be open.

    Sorry about the confusion I meant port 1194 updated client config just a typo on my part I did also change from cipher on the server from AES-128-CBC to AWS-256-CBC forgot to mention that ut doing a test again on AES-128-CBC still couldn't connect via TCP.

    Please advise the best course of action then:-

    1) Add new paramters to client/server config to make Ubuntu work properly
    OR
    2) Enable TCP OpenVPN on Untangle

    I assume Switching Untangle OpenVPN from UDP to TCP should be a simple thing so just need the steps as the above method I tried didn't work for some odd reason unless it's not supported by Untangle but if not supported why give you the option to switch from UDP to TCP.
    Last edited by jman177; 03-23-2020 at 02:37 PM.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2