[ previous ] [ next ] [ threads ]
 
 From:  Vincent Fleuranceau <vincent at bikost dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] OpenVPN major issues
 Date:  Tue, 26 Oct 2004 12:11:37 +0200 
-------- Original Message --------

> Hello Vincent,
> 
> thanks a lot for this Howto!
> But I still have a problem with inbound pakets at the clients WAN side.
> What does work is a non-m0n0wall OpenVPN client, but m0n0wall itself
> does not. I opened anything coming from my OpenVPN server on the WAN
> side, but m0n0wall is still blocking all pakets coming in from port 
> 5000/udp.
> Don't know, what's the reason for this :(
> 

On the server, 5000 this is the DESTINATION port. You should have 
something like:

pass on WAN interface from any port = 5001 to SERVER_WAN_IP port = 5000

On the client (for those who are using m0n0wall as client too), it's the 
contrary:

pass on WAN interface from any port = 5000 to CLIENT_WAN_IP port = 5001

To get started, don't specify a source port at first, hen tighten this 
when you're sure it's working.

That should do it: of course, if your client uses a different port, 
don't forget to adapt the rules.

Hint: in the log "Settings" tab, check the "Log packets blocked by the 
default rule" to see exactly what gets blocked on the WAN interface.

-- Vincent