Port on wan interface does not open

I am using openwrt-19.07. I'm trying to configure the OpenVPN server for incoming connections. Created a rule:

But the port appears to be closed:

Tell me what I did wrong?

Try to connect from WAN while checking the output:

opkg update
opkg install tcpdump
tcpdump -evni any port 1194
iptables-save -c | grep -e 1194

See also:

2 Likes

Did this. Output:

root@OpenWrt:~# tcpdump -evni any port 1194
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes

09:40:51.837569   P a0:af:bd:c9:a2:c0 ethertype 802.1Q (0x8100), length 66: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 128, id 20573, offset 0, flags [none], proto UDP (17), length 42)
    192.168.100.6.1194 > 192.168.100.100.1194: UDP, length 14
09:40:51.837598  In a0:af:bd:c9:a2:c0 ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 20573, offset 0, flags [none], proto UDP (17), length 42)
    192.168.100.6.1194 > 192.168.100.100.1194: UDP, length 14
09:40:54.327635   P a0:af:bd:c9:a2:c0 ethertype 802.1Q (0x8100), length 66: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 128, id 20576, offset 0, flags [none], proto UDP (17), length 42)
    192.168.100.6.1194 > 192.168.100.100.1194: UDP, length 14
09:40:54.327665  In a0:af:bd:c9:a2:c0 ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 20576, offset 0, flags [none], proto UDP (17), length 42)
    192.168.100.6.1194 > 192.168.100.100.1194: UDP, length 14
09:40:59.285271   P a0:af:bd:c9:a2:c0 ethertype 802.1Q (0x8100), length 66: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 128, id 20578, offset 0, flags [none], proto UDP (17), length 42)
    192.168.100.6.1194 > 192.168.100.100.1194: UDP, length 14
09:40:59.285302  In a0:af:bd:c9:a2:c0 ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 20578, offset 0, flags [none], proto UDP (17), length 42)
    192.168.100.6.1194 > 192.168.100.100.1194: UDP, length 14

^C
6 packets captured
8 packets received by filter
0 packets dropped by kernel

And:

root@OpenWrt:~# iptables-save -c | grep -e 1194
[4:168] -A INPUT -p udp -m udp --dport 1194 -m comment --comment "!fw3: Allow-OpenVPN" -j ACCEPT
root@OpenWrt:~#

NMAP still shows that UDP port is closed:

1 Like

Not responding to UDP scans is normal since UDP behaves differently than TCP.

Although you can still see some difference compared to other ports:

> sudo netstat -l -n -p | grep -e 119[3-5]
udp        0      0 0.0.0.0:1194            0.0.0.0:*                           2282/openvpn

> sudo nmap -sU -p 1193-1195 localhost
...
PORT     STATE         SERVICE
1193/udp closed        fiveacross
1194/udp open|filtered openvpn
1195/udp closed        rsf-1

However, the final result depends on your firewall configuration.

1 Like

This might be a dim question, but is the OpenVPN server daemon running? Even if the firewall port is open, if the associated listener (in this case OpenVPN) isn't running, the port will still appear to be "closed"; there's nothing there to respond to the nmap scan so the kernel simply says, "Closed, go away."

1 Like

Thanks for the advice, the port is actually open, everything worked.

1 Like