I've got OpenVPN setup on an internal server, running behind a Ubiquity Ubifi based router/firewall. If I try and connect to OpenVPN via the local LAN, it works perfectly. If I try and connect through the router, using an external IP it fails.
Going through all the options to rule out Ubifi as the culprit, I ended up using tcpdump to watch packets on the OpenVPN server. Ubifi is passing everything through correctly, and the packets arrive on the OpenVPN server, showing up in tcpdump, but the OpenVPN logs show not connection attempts (log level 6).
Running the same tcpdump command, but connecting through the local network, OpenVPN connects immediately.
I am at a loss as to why OpenVPN is ignoring packets from one origin, but not the other? Below is the packet output from tcpdump, as well as my server.conf:
Connection from the local LAN (10.73.41.xxx)
tcpdump packet
18:23:31.710044 IP (tos 0x0, ttl 64, id 58459, offset 0, flags [DF], proto UDP (17), length 42)
10.73.41.25.48991 > 10.73.41.253.1194: [udp sum ok] UDP, length 14
0x0000: 4500 002a e45b 4000 4011 eebf 0a49 2919 E..*.[@.@....I).
0x0010: 0a49 29fd bf5f 04aa 0016 f2d3 3803 b089 .I).._......8...
0x0020: cdb7 e1f7 4900 0000 0000 0000 0000 ....I.........
10.73.41.25.48991 > 10.73.41.253.1194: [udp sum ok] UDP, length 14
0x0000: 4500 002a e45b 4000 4011 eebf 0a49 2919 E..*.[@.@....I).
0x0010: 0a49 29fd bf5f 04aa 0016 f2d3 3803 b089 .I).._......8...
0x0020: cdb7 e1f7 4900 0000 0000 0000 0000 ....I.........
tcpdump packet
18:25:25.213048 IP (tos 0x58, ttl 54, id 54666, offset 0, flags [DF], proto UDP (17), length 42)
107.72.99.99.55388 > 10.73.41.253.1194: [udp sum ok] UDP, length 14
0x0000: 4558 002a d58a 4000 3611 6bef 6b48 6363 EX.*..@.6.k.kHcc
0x0010: 0a49 29fd d85c 04aa 0016 ca4e 38ad bf37 .I)..\.....N8..7
0x0020: 0759 ec3c 6a00 0000 0000 4e4d 1d2e .Y.<j.....NM..
107.72.99.99.55388 > 10.73.41.253.1194: [udp sum ok] UDP, length 14
0x0000: 4558 002a d58a 4000 3611 6bef 6b48 6363 EX.*..@.6.k.kHcc
0x0010: 0a49 29fd d85c 04aa 0016 ca4e 38ad bf37 .I)..\.....N8..7
0x0020: 0759 ec3c 6a00 0000 0000 4e4d 1d2e .Y.<j.....NM..
server.conf
local 10.73.41.253
port 1194
proto udp
dev tun
ca server/ca.crt
cert server/lvpn.crt
key server/vpn.key # This file should be kept secret
dh server/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 6
port 1194
proto udp
dev tun
ca server/ca.crt
cert server/lvpn.crt
key server/vpn.key # This file should be kept secret
dh server/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 6