OpenVPN bad encapsulated packet length question
-
That is interesting. So if I am not running a web server, I can just redirect to a IP to an internal IP that doesn't exist?
I have a 192.168.1.x network but not 192.168.2.x.
port-share 192.168.2.111 443; -
Yup you could though I'm not sure what advantage that might give.
But I certainly wouldn't try that until you have a basic UDP server setup and working as expected. Any custom server config is likely to make diagnosing issue more difficult. Start simple, add fun stuff later!
-
I think I may be dealing with the issue @netblues mentioned that on one particular network, it is blocking VPN.
I am not sure what that would look like in the logs but I can create a new post on the topic if that would be more appropriate. What would a Firewall block on VPN look like in the logs? Would it hang the connection? Would it look like this?
It can find the VPN server but cannot connect.
It then hangs on attempting to establish a TCP connection.
My VPN is functional over other networks, this is the only network that is giving me issues.
-
Yes you would likely just see no replies at all because the server never sees the incoming connection.
-
Ok, I will do some research on VPN port share tonight and do some testing.
-
I would not expect that to help in this situation, just FYI.
-
Good to know. Is there a way around DPI?
-
It depends. Probably not if it's any good. Not easily at least.
-
yep, looks like I am done. I checked 443 and 1194 from another network and both are connecting. The network I need openVPN to work appears to be blocking both ports. Port 443 wasn't working before so I gave 1194 a shot just to check if default was allowed, however, the firewall appears to also block 1194.
Bummer
-
You can try something like UDP port 53 or 123 which are commonly passed. But you would need to do some shuffling for that since pfSense is already listening on those ports for DNS and NTP. You could forward traffic incoming on those to port 1194 on localhost for example.
-
Though 'no route to host' there could be a local networking issue rather than a firewall blocking anything.
-
Thank you. I will do some research on this option
