OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

[Closed] Firewall and tcp ip connection

https://forums.openvpn.net/viewtopic.php?t=14017

Page 1 of 1

[Closed] Firewall and tcp ip connection

Posted: Tue Oct 08, 2013 5:24 pm
by method
hello everyone,

so here is my problem, my vpn server is working just fine, but when I apply my personal firewall rules (we are in school so I blocked several ports/websites/protos), the TCP Connection is failing, of course, because I do not allow ip:port connections.

Hostname would work, like domain.com:443 (port not blocked on my configuration).

But ...
Tue Oct 08 16:03:19 2013 MANAGEMENT: CMD 'http-proxy-fallback 10.64.0.1 3128 nct'
Tue Oct 08 16:03:20 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Oct 08 16:03:20 2013 NOTE: OpenVPNAS 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Oct 08 16:03:20 2013 Re-using SSL/TLS context
Tue Oct 08 16:03:20 2013 LZO compression initialized
Tue Oct 08 16:03:20 2013 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Oct 08 16:03:20 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Oct 08 16:03:20 2013 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Oct 08 16:03:20 2013 Local Options hash (VER=V4): 'd6e4d6ac'
Tue Oct 08 16:03:20 2013 Expected Remote Options hash (VER=V4): '308ee575'
Tue Oct 08 16:03:20 2013 Attempting to establish TCP connection with 10.64.0.1:3128
Tue Oct 08 16:03:20 2013 MANAGEMENT: >STATE:1381241000,TCP_CONNECT,,,
Tue Oct 08 16:03:20 2013 TCP connection established with 10.64.0.1:3128
Tue Oct 08 16:03:20 2013 Send to HTTP proxy: 'CONNECT mydomain.com:443 HTTP/1.0'
Tue Oct 08 16:03:22 2013 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
Tue Oct 08 16:03:24 2013 TCPv4_CLIENT link local: [undef]
Tue Oct 08 16:03:24 2013 TCPv4_CLIENT link remote: 10.64.0.1:3128
Tue Oct 08 16:03:24 2013 MANAGEMENT: >STATE:1381241004,WAIT,,,
Tue Oct 08 16:03:24 2013 Connection reset, restarting [0]
Tue Oct 08 16:03:24 2013 TCP/UDP: Closing socket
Tue Oct 08 16:03:24 2013 SIGUSR1[soft,connection-reset] received, process restarting
Tue Oct 08 16:03:24 2013 MANAGEMENT: >STATE:1381241004,RECONNECTING,connection-reset,,
Tue Oct 08 16:03:24 2013 Restart pause, 5 second(s)
Tue Oct 08 16:03:29 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Oct 08 16:03:29 2013 NOTE: OpenVPNAS 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Oct 08 16:03:29 2013 Re-using SSL/TLS context
Tue Oct 08 16:03:29 2013 LZO compression initialized
Tue Oct 08 16:03:29 2013 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Oct 08 16:03:29 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Oct 08 16:03:29 2013 MANAGEMENT: >STATE:1381241009,RESOLVE,,,
Tue Oct 08 16:03:29 2013 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Oct 08 16:03:29 2013 Local Options hash (VER=V4): 'd6e4d6ac'
Tue Oct 08 16:03:29 2013 Expected Remote Options hash (VER=V4): '308ee575'
Tue Oct 08 16:03:29 2013 Attempting to establish TCP connection with 75.988.17.321:443
Tue Oct 08 16:03:29 2013 MANAGEMENT: >STATE:1381241009,TCP_CONNECT,,,
Tue Oct 08 16:03:50 2013 TCP: connect to 75.988.17.321:443 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Tue Oct 08 16:03:50 2013 SIGUSR1[soft,init_instance] received, process restarting
Tue Oct 08 16:03:50 2013 MANAGEMENT: >STATE:1381241030,RECONNECTING,init_instance,,
Tue Oct 08 16:03:50 2013 Restart pause, 5 second(s)
What I want to do is

a) Prevent openvpn from resolving mydomain.com to 75.988.17.321
b) Force somehow hostname so it never display 75.988.17.321
c) ???? o_o

ps: I'm talking about a situation.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/