I am using openwrt-19.07. I'm trying to configure the OpenVPN server for incoming connections. Created a rule:
But the port appears to be closed:
Tell me what I did wrong?
Try to connect from WAN while checking the output:
opkg update
opkg install tcpdump
tcpdump -evni any port 1194
iptables-save -c | grep -e 1194
See also:
2 Likes
Did this. Output:
root@OpenWrt:~# tcpdump -evni any port 1194
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
09:40:51.837569 P a0:af:bd:c9:a2:c0 ethertype 802.1Q (0x8100), length 66: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 128, id 20573, offset 0, flags [none], proto UDP (17), length 42)
192.168.100.6.1194 > 192.168.100.100.1194: UDP, length 14
09:40:51.837598 In a0:af:bd:c9:a2:c0 ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 20573, offset 0, flags [none], proto UDP (17), length 42)
192.168.100.6.1194 > 192.168.100.100.1194: UDP, length 14
09:40:54.327635 P a0:af:bd:c9:a2:c0 ethertype 802.1Q (0x8100), length 66: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 128, id 20576, offset 0, flags [none], proto UDP (17), length 42)
192.168.100.6.1194 > 192.168.100.100.1194: UDP, length 14
09:40:54.327665 In a0:af:bd:c9:a2:c0 ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 20576, offset 0, flags [none], proto UDP (17), length 42)
192.168.100.6.1194 > 192.168.100.100.1194: UDP, length 14
09:40:59.285271 P a0:af:bd:c9:a2:c0 ethertype 802.1Q (0x8100), length 66: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 128, id 20578, offset 0, flags [none], proto UDP (17), length 42)
192.168.100.6.1194 > 192.168.100.100.1194: UDP, length 14
09:40:59.285302 In a0:af:bd:c9:a2:c0 ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 20578, offset 0, flags [none], proto UDP (17), length 42)
192.168.100.6.1194 > 192.168.100.100.1194: UDP, length 14
^C
6 packets captured
8 packets received by filter
0 packets dropped by kernel
And:
root@OpenWrt:~# iptables-save -c | grep -e 1194
[4:168] -A INPUT -p udp -m udp --dport 1194 -m comment --comment "!fw3: Allow-OpenVPN" -j ACCEPT
root@OpenWrt:~#
NMAP still shows that UDP port is closed:
1 Like
Not responding to UDP scans is normal since UDP behaves differently than TCP.
Although you can still see some difference compared to other ports:
> sudo netstat -l -n -p | grep -e 119[3-5]
udp 0 0 0.0.0.0:1194 0.0.0.0:* 2282/openvpn
> sudo nmap -sU -p 1193-1195 localhost
...
PORT STATE SERVICE
1193/udp closed fiveacross
1194/udp open|filtered openvpn
1195/udp closed rsf-1
However, the final result depends on your firewall configuration.
1 Like
This might be a dim question, but is the OpenVPN server daemon running? Even if the firewall port is open, if the associated listener (in this case OpenVPN) isn't running, the port will still appear to be "closed"; there's nothing there to respond to the nmap scan so the kernel simply says, "Closed, go away."
1 Like
Thanks for the advice, the port is actually open, everything worked.
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.