Can't connect to openvpn, located in LAN behind router

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. Local router address is 192.168.16.1, openvpn local address is 
192.168.16.2:1194
2. Forwarded router WAN port 30777 to local port 1194 using this:

http://192.168.16.1/Advanced_VirtualServer_Content.asp

Имя службы|Порт|Локальный IP|Локальный 
порт|Протокол
openvpn|30777|192.168.16.2|1194|TCP

3.Tried with openvpn client for android. 

What is the expected output? What do you see instead?

The expected behavior is openvpn connection, or at least openvpn 
authentification error

Client failed with "Connection timeout" error.

What version of the product are you using? On what operating system?

1. Firmware 3.4.3.7-072

Original issue reported on code.google.com by djab...@gmail.com on 29 Nov 2013 at 4:22

GoogleCodeExporter commented 9 years ago

If you scan/trace the port using tcptraceroute or nmap, is the port even open? 
I have not encountered these issues w. any andoid devices.

/Kitch

Original comment by kitch2400 on 30 Nov 2013 at 12:50

GoogleCodeExporter commented 9 years ago

No, 30777 is closed. Scanner found just 8081 - router http interface and 21022 
- ssh, they work both.

Original comment by djab...@gmail.com on 30 Nov 2013 at 3:28

GoogleCodeExporter commented 9 years ago

How could i test on the router, that port forwarding is configured properly?
Here is output of "iptables -nvL"
/opt/home/admin # iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
   57  2376 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVAL
 9190  708K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELAT
  358 21975 ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67
  311 18660 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.16.1         tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.16.1         tcp dpt:22
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:33
 6930  453K logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 7391 packets, 485K bytes)
 pkts bytes target     prot opt in     out     source               destination
 123K  143M maclist    all  --  br0    *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVAL
 5926  354K TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0
S clamp to PMTU
 183K  153M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELAT
   10   600 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.16.2         tcp dpt:119
 7391  485K UPNP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 logdrop    all  --  *      br0     0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 9852 packets, 10M bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain UPNP (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain doslimit (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0
: avg 20/sec burst 30
    0     0 logdrop    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0
: avg 1/sec burst 5
    0     0 logdrop    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0
    0     0 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
ec burst 5
/opt/home/admin #

Original comment by djab...@gmail.com on 30 Nov 2013 at 3:52

GoogleCodeExporter commented 9 years ago

Do you use the TCP on server? Maybe you need to open a UDP port?
Maybe your provider block the port TCP30777?

Original comment by Dr.Sydorenko.O on 1 Dec 2013 at 10:29

GoogleCodeExporter commented 9 years ago

That OS is installed on your server? Maybe it's firewall block this port?

Original comment by Dr.Sydorenko.O on 1 Dec 2013 at 10:31

GoogleCodeExporter commented 9 years ago

If you're running openvpn it's supposed to be 1194 udp, try setting ot to 
both/any.
/Kitch

Original comment by kitch2400 on 2 Dec 2013 at 7:22

GoogleCodeExporter commented 9 years ago

Sorry for silence.
Yes, I use tcp.will try to use udp, then report.

Original comment by djab...@gmail.com on 2 Dec 2013 at 9:11

GoogleCodeExporter commented 9 years ago

Yes!!! Thank you very much! When I fixed oprenvpn config (modified UDP to TCP), 
the port scanner could see the port 30777 is open. Openvpn client also could 
open port 30777.
So it was my mistake, thank you!

Original comment by djab...@gmail.com on 2 Dec 2013 at 9:31

GoogleCodeExporter commented 9 years ago

No worries! I would recommend udp though, but thats up you ^.^

/Kitch

Original comment by kitch2400 on 3 Dec 2013 at 8:23

GoogleCodeExporter commented 9 years ago

Original comment by Dr.Sydorenko.O on 4 Dec 2013 at 4:50

Changed state: Done

lixuewei / rt-n56u

Can't connect to openvpn, located in LAN behind router #1089