I am trying to test vpn client setup using free vpngate openvpn service.
Here is their ovpn file.
I tried setting up a client using the gui getting parameters from their ovpn file and also command line option
I have opened their udp port 1787 in the firewall.
openvpn --config vpngate.ovpn.
I see following errors in the log and the connection does not work. I think this is a firewall but now sure. Am I supposed to open a port for inbound when I initiate the contact from the router? I testing this behind another LEDE router so my wan for test router is in 192.168 network.
BTW The same ovpn file works from tunnelblick on a MAC.
Sat Nov 18 23:59:10 2017 Initialization Sequence Completed
Sat Nov 18 23:59:11 2017 write UDP: Operation not permitted (code=1)
Sat Nov 18 23:59:21 2017 [*.opengw.net] Inactivity timeout (--ping-restart), restarting
Sat Nov 18 23:59:21 2017 SIGUSR1[soft,ping-restart] received, process restarting
Sat Nov 18 23:59:21 2017 Restart pause, 5 second(s)
Sat Nov 18 23:59:26 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]60.128.11.153:1787
Sat Nov 18 23:59:26 2017 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sat Nov 18 23:59:26 2017 UDP link local: (not bound)
Sat Nov 18 23:59:26 2017 UDP link remote: [AF_INET]60.128.11.153:1787
BTW I am also running load balancing but only one wan is connected right now. When I start openvpn, it does create a proper TUN device.
Here is my firewall config.
root@LEDE:/etc/openvpn# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'lan'
option forward 'ACCEPT'
config zone
option name 'wan'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option network 'wan wan2 wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'vpn'
option output 'ACCEPT'
option masq '1'
option network 'vpn0'
option input 'ACCEPT'
option forward 'ACCEPT'
config forwarding
option dest 'wan'
option src 'lan'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '1787'
option name 'Openvpn'
config forwarding
option dest 'lan'
option src 'vpn'
config forwarding
option dest 'wan'
option src 'vpn'
config forwarding
option dest 'vpn'
option src 'lan'
config forwarding
option dest 'vpn'
option src 'wan'