openvpn server behind cradlepoint nat
Posted: Tue Sep 10, 2019 11:22 pm
My OpenVPN server is on a Mikrotik router, and the router is behind a CradlePoint CBA850 providing failover switching to a cell signal if the main fiber goes down. That puts my OpenVPN double NATed from the public address provided by either the fiber link or the wireless link. I've done what seems to be obvious in port forwarding 1194, but any attempts to connect to the VPN server just times out. Here is what I see on the client side:
I tried setting the Microtik as a DMZ on the CradlePoint without success in addition to just doing the port forward. Any ideas as to what I need to do to get this working? If I take the Cradlepoint out of the picture everything works as expected, but we lose the failover.
Code: Select all
Tue Sep 10 16:18:38 2019 MANAGEMENT: >STATE:1568157518,WAIT,,,,,, Tue Sep 10 16:19:38 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Tue Sep 10 16:19:38 2019 TLS Error: TLS handshake failed Tue Sep 10 16:19:38 2019 SIGUSR1[soft,tls-error] received, process restarting