Re: [m0n0wall] OpenVPN get blocked in firewall

From:	Vincent Fleuranceau <vincent at bikost dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Cc:	Morten Trab <mailing at trab dot dk>
Subject:	Re: [m0n0wall] OpenVPN get blocked in firewall
Date:	Sun, 09 Jan 2005 23:41:24 +0100

Morten Trab a écrit :
> Hi,
> 
> I'm trying to make OpenVPN in 1.2b3 work...
> Whenever trying to get the client to connect the following line get repeated
> in the firewall logs of m0n0wall:
> 
> X WAN 80.197.xxx.xxx, port 5000 80.62.xxx.xxx, port 5000 UDP
> 
> In my firewall I have the following rule under the WAN pane:
> 
> UDP * * LAN net 5000 OpenVPN -> LAN
> 
> How come the connections get blocked??
> 
> The client keep saying the following:
> 
> Sun Jan  9 21:48:22 2005 30[1]: TLS Error: TLS key negotiation failed to
> occur within 60 seconds
> Sun Jan  9 21:48:22 2005 31[1]: TLS Error: TLS handshake failed

Morten,

All OpenVPN clients connect to the server which is litening on port 
5000. There must be a rule to allow this (note : 5000 is the DESTINATION 
port in the rule).

Assuming your are testing m0n0wall's OpenVPN client feature, there must 
be a rule for the server to reach the client, too. On a given host, the 
(first) OpenVPN client is listening on port 5001, the next client (on 
the same host) on port 5002, and so on. I hope your problem is here...

Cheers,

-- Vincent