OpenVPN not able to connect to public IP interface
I have 2 sites that used to be linked via OpenVPN. For some reason it stopped working.
General setups: Server OS: CentOS 7 OpenVPN v2.4.9 EasyRSA v.3.0.7 Edge firewall and VPN server is the same box. Using firewalld. IPTables is not running on either machine. Firewall settings: Quote:
Quote:
Quote:
I have also asked my ISP whether they are actively filtering OpenVPN, to which they have answered in the negative. Any help / advice would be greatly appreciated. |
Quote:
active zone is public and target shows DROP -> a source zone with the target DROP would drop all packets, even if they were whitelisted, first, change target to default. TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) TLS Error: TLS handshake failed -> this message means firewall blocking conn |
Quote:
Code:
--local host |
Quote:
|
Quote:
Also, if you're running through any sort of network device/firewall (network topology things), you may have to NAT UDP on your openVPN port to the server THERE as well. |
Quote:
client.conf Quote:
Quote:
Quote:
|
You could observe the packet filter stats on the server soon after attempting to connect from the client....
Code:
sudo iptables -vnL Code:
sudo watch iptables -vnL That might show where the traffic is blocked (unintentionally). |
Quote:
|
Firewalld is just a userspace utility. The resulting applied filter rules are run kernelspace. The iptables command allows us to examine these.
|
Quote:
|
Not quite sure what I should be looking for. Below is the result of
Code:
iptables -vnL I've removed entries that have no entries in them. But you might say I'm a total iptables noob... Quote:
|
The output shows the tun0 interface present and the following suggests two rules for the same service
Code:
Chain IN_public_allow (1 references) |
Quote:
I did add the 2nd rule (1194/udp). I should probably remove it. but does this indicate why my client can't connect? |
It might be useful to show us
Code:
iptables -S Just in case the following is helpful... https://forums.openvpn.net/viewtopic.php?t=14286#p35352 |
Results of iptables -S
Quote:
|
All times are GMT -5. The time now is 06:26 AM. |