Forward port 53 to 1194

mxavier2 · Post by **mxavier2** » Tue Oct 22, 2013 12:20 pm

Sorry if this has been asked, but I have tried every script I can find without success. I have my own Open VPN server configuration running on port 1194. Everything works great, I can connect back to home server and all traffic gets redirected like I want.

Here is the issue, I want to use port 53, however as I understand it port 53 is used by DNS Masq and my server refuses to start when I specify port 53 for the server. I am trying to forward incoming traffic from the client to the server from port 53 to 1194 which is on my router (DDWRT build 21061). The connection form the client hangs at 'waiting for server reply'. Here are the firewall scripts which I have tried below:

iptables -t nat -A WANPREROUTING -p udp --dport 53 -j DNAT --to-destination :1194
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -j MASQUERADE

What am I doing wrong? Thanks

mxavier2 · Post by **mxavier2** » Thu Oct 24, 2013 12:01 pm

Sorry if am being impatient, any support on this one? Here are the client logs. Keep in mind the server which is on my DDWRT router is set to use port UDP 1194, since this port os sometimes blocked, I was hoping to use 53 or 443 and have the traffic forwarded on to port 1194. If i specify port 1194 on the client the connection works flawlessly, when I use a client with port 53, this is where I get stumped. Logs below and any support would be greatly appreciated.

Running on SGH-M919 (MSM8960) samsung, Android API 17, version 0.5.46, official build
Log cleared.
Building configuration…
started Socket Thread
P:Initializing Google Breakpad!
P:Current Parameter Settings:
P: config = '/data/data/de.blinkt.openvpn/cache/android.conf'
P: mode = 0
P: show_ciphers = DISABLED
P: show_digests = DISABLED
P: show_engines = DISABLED
P: genkey = DISABLED
P: key_pass_file = '[UNDEF]'
P: show_tls_ciphers = DISABLED
P: connect_retry_max = 5
P:Connection profiles [default]:
P: proto = udp
P: local = '[UNDEF]'
P: local_port = '1194'
P: remote = '[UNDEF]'
P: remote_port = '1194'
P: remote_float = DISABLED
P: bind_defined = DISABLED
P: bind_local = DISABLED
P: connect_retry_seconds = 5
P: connect_timeout = 10
P: socks_proxy_server = '[UNDEF]'
P: socks_proxy_port = '[UNDEF]'
P: socks_proxy_retry = DISABLED
P: tun_mtu = 1500
P: tun_mtu_defined = DISABLED
P: link_mtu = 1500
P: link_mtu_defined = DISABLED
P: tun_mtu_extra = 0
P: tun_mtu_extra_defined = DISABLED
P: mtu_discover_type = -1
P: fragment = 0
P: mssfix = 1450
P: explicit_exit_notification = 0
P:Connection profiles [0]:
P: proto = udp
P: local = '[UNDEF]'
P: local_port = '[UNDEF]'
P: remote = 'xxxxxx.dyndns.org'
P: remote_port = '53'
P: remote_float = DISABLED
P: bind_defined = DISABLED
P: bind_local = DISABLED
P: connect_retry_seconds = 5
P: connect_timeout = 10
P: socks_proxy_server = '[UNDEF]'
P: socks_proxy_port = '[UNDEF]'
P: socks_proxy_retry = DISABLED
P: tun_mtu = 1500
P: tun_mtu_defined = ENABLED
P: link_mtu = 1500
P: link_mtu_defined = DISABLED
P: tun_mtu_extra = 0
P: tun_mtu_extra_defined = DISABLED
P: mtu_discover_type = -1
P: fragment = 0
P: mssfix = 1450
P: explicit_exit_notification = 0
P:Connection profiles END
P: remote_random = DISABLED
P: ipchange = '[UNDEF]'
P: dev = 'tun'
P: dev_type = '[UNDEF]'
P: dev_node = '[UNDEF]'
P: lladdr = '[UNDEF]'
P: topology = 1
P: tun_ipv6 = DISABLED
P: ifconfig_local = '[UNDEF]'
P: ifconfig_remote_netmask = '[UNDEF]'
P: ifconfig_noexec = DISABLED
P: ifconfig_nowarn = DISABLED
P: ifconfig_ipv6_local = '[UNDEF]'
P: ifconfig_ipv6_netbits = 0
P: ifconfig_ipv6_remote = '[UNDEF]'
P: shaper = 0
P: mtu_test = 0
P: mlock = DISABLED
P: keepalive_ping = 0
P: keepalive_timeout = 0
P: inactivity_timeout = 0
P: ping_send_timeout = 0
P: ping_rec_timeout = 0
P: ping_rec_timeout_action = 0
P: ping_timer_remote = DISABLED
P: remap_sigusr1 = 0
P: persist_tun = ENABLED
P: persist_local_ip = DISABLED
P: persist_remote_ip = ENABLED
P: persist_key = DISABLED
P: passtos = DISABLED
P: resolve_retry_seconds = 1000000000
P: username = '[UNDEF]'
P: groupname = '[UNDEF]'
P: chroot_dir = '[UNDEF]'
P: cd_dir = '[UNDEF]'
P: writepid = '[UNDEF]'
P: up_script = '[UNDEF]'
P: down_script = '[UNDEF]'
P: down_pre = DISABLED
P: up_restart = DISABLED
P: up_delay = DISABLED
P: daemon = DISABLED
P: inetd = 0
P: log = DISABLED
P: suppress_timestamps = ENABLED
P: nice = 0
P: verbosity = 6
P: mute = 0
P: gremlin = 0
P: status_file = '[UNDEF]'
P: status_file_version = 1
P: status_file_update_freq = 60
P: occ = ENABLED
P: rcvbuf = 65536
P: sndbuf = 65536
P: sockflags = 0
P: fast_io = DISABLED
P: comp.alg = 2
P: comp.flags = 1
P: route_script = '[UNDEF]'
P: route_default_gateway = '[UNDEF]'
P: route_default_metric = 0
P: route_noexec = DISABLED
P: route_delay = 0
P: route_delay_window = 30
P: route_delay_defined = DISABLED
P: route_nopull = DISABLED
P: route_gateway_via_dhcp = DISABLED
P: max_routes = 100
P: allow_pull_fqdn = DISABLED
P: management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
P: management_port = 'unix'
P: management_user_pass = '[UNDEF]'
P: management_log_history_cache = 250
P: management_echo_buffer_size = 100
P: management_write_peer_info_file = '[UNDEF]'
P: management_client_user = '[UNDEF]'
P: management_client_group = '[UNDEF]'
P: management_flags = 4390
P: shared_secret_file = '[UNDEF]'
P: key_direction = 0
P: ciphername_defined = ENABLED
P: ciphername = 'AES-128-CBC'
P: authname_defined = ENABLED
P: authname = 'SHA1'
P: prng_hash = 'SHA1'
P: prng_nonce_secret_len = 16
P: keysize = 0
P: engine = DISABLED
P: replay = ENABLED
P: mute_replay_warnings = DISABLED
P: replay_window = 64
P: replay_time = 15
P: packet_id_file = '[UNDEF]'
P: use_iv = ENABLED
P: test_crypto = DISABLED
P: tls_server = DISABLED
P: tls_client = ENABLED
P: key_method = 2
P: ca_file = '[[INLINE]]'
P: ca_path = '[UNDEF]'
P: dh_file = '[UNDEF]'
P: cert_file = '[[INLINE]]'
P: priv_key_file = '[[INLINE]]'
P: pkcs12_file = '[UNDEF]'
P: cipher_list = '[UNDEF]'
P: tls_verify = '[UNDEF]'
P: tls_export_cert = '[UNDEF]'
P: verify_x509_type = 0
P: verify_x509_name = '[UNDEF]'
P: crl_file = '[UNDEF]'
P: ns_cert_type = 1
P: remote_cert_ku = 0
P: remote_cert_ku = 0
P: remote_cert_ku = 0
P: remote_cert_ku = 0
P: remote_cert_ku = 0
P: remote_cert_ku = 0
P: remote_cert_ku = 0
P: remote_cert_ku = 0
P: remote_cert_ku = 0
P: remote_cert_ku = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_ku[i] = 0
P: remote_cert_eku = '[UNDEF]'
P: ssl_flags = 0
P: tls_timeout = 2
P: renegotiate_bytes = 0
P: renegotiate_packets = 0
P: renegotiate_seconds = 3600
P: handshake_window = 60
P: transition_window = 3600
P: single_session = DISABLED
P: push_peer_info = DISABLED
P: tls_exit = DISABLED
P: tls_auth_file = '[UNDEF]'
P: client = ENABLED
P: pull = ENABLED
P: auth_user_pass_file = '[UNDEF]'
P:OpenVPN 2.3.2+dspatch4 android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [EPOLL] [MH] [IPv6] built on Sep 12 2013
P:MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
Network Status: CONNECTED LTE to mobile fast.t-mobile.com
P:MANAGEMENT: CMD 'state on'
P:MANAGEMENT: CMD 'proxy NONE'
P:LZO compression initializing
P:Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
P:MANAGEMENT: >STATE:1382615213,RESOLVE,,,
P:Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:395 ET:0 EL:0 ]
P:Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
P:Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
P:Local Options hash (VER=V4): '66096c33'
P:Expected Remote Options hash (VER=V4): '691e95c7'
P:Socket Buffers: R=[163840->131072] S=[163840->131072]
P:Protecting socket fd 4
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:UDP link local: (not bound)
P:UDP link remote: [AF_INET]xxxxxxxxx:53
P:MANAGEMENT: >STATE:1382615213,WAIT,,,
P:[unknown protocol] WRITE [14] to [AF_INET]xxxxxxxxxxxxxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
P:[unknown protocol] WRITE [14] to [AF_INET]xxxxxxxxxx:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
P:[unknown protocol] WRITE [14] to [AF_INET]xxxxxxxxxxxxx:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
P:[unknown protocol] WRITE [14] to [AF_INET]xxxxxxxxxxxxxxx:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
P:[unknown protocol] WRITE [14] to [AF_INET]xxxxxxxxxxx:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
P:TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
P:TLS Error: TLS handshake failed
P:TCP/UDP: Closing socket
P:SIGUSR1[soft,tls-error] received, process restarting
P:MANAGEMENT: >STATE:1382615273,RECONNECTING,tls-error,,
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:MANAGEMENT: CMD 'proxy NONE'
P:LZO compression initializing
P:Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
P:TCP/UDP: Preserving recently used remote address: [AF_INET]xxxxxxxxx:53
P:Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:395 ET:0 EL:0 ]
P:Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
P:Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
P:Local Options hash (VER=V4): '66096c33'
P:Expected Remote Options hash (VER=V4): '691e95c7'
P:Socket Buffers: R=[163840->131072] S=[163840->131072]
P:Protecting socket fd 4
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:UDP link local: (not bound)
P:UDP link remote: [AF_INET]xxxxxxxx:53
P:MANAGEMENT: >STATE:1382615274,WAIT,,,
P:[unknown protocol] WRITE [14] to [AF_INET]7xxxxxxxx:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
P:[unknown protocol] WRITE [14] to [AF_INET]xxxxxxx:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
P:[unknown protocol] WRITE [14] to [AF_INET]xxxxxxxx:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
P:[unknown protocol] WRITE [14] to [AF_INET]xxxxxxxx.xx:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
P:[unknown protocol] WRITE [14] to [AF_INET]xxxxxxxx7:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
P:TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
P:TLS Error: TLS handshake failed
P:TCP/UDP: Closing socket
P:SIGUSR1[soft,tls-error] received, process restarting
P:MANAGEMENT: >STATE:1382615334,RECONNECTING,tls-error,,
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:MANAGEMENT: CMD 'proxy NONE'
P:LZO compression initializing
P:Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
P:TCP/UDP: Preserving recently used remote address: [AF_INET]xxxxxxxx:53
P:Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:395 ET:0 EL:0 ]
P:Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
P:Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
P:Local Options hash (VER=V4): '66096c33'
P:Expected Remote Options hash (VER=V4): '691e95c7'
P:Socket Buffers: R=[163840->131072] S=[163840->131072]
P:Protecting socket fd 4
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:UDP link local: (not bound)
P:UDP link remote: [AF_INET]76.110.180.37:53
P:MANAGEMENT: >STATE:1382615335,WAIT,,,
P:[unknown protocol] WRITE [14] to [AF_INET]xxxxxxxxx:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
P:[unknown protocol] WRITE [14] to [AF_INET]7xxxxxxxxx:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
P:[unknown protocol] WRITE [14] to [AF_INET]xxxxxxx:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0

mxavier2 · Post by **mxavier2** » Thu Oct 24, 2013 12:11 pm

Here are logs from my laptop trying to connect from the outside network. The previous logs were from my android phone.

Thu Oct 24 07:58:47 2013 us=1000 Current Parameter Settings:
Thu Oct 24 07:58:47 2013 us=1000 config = 'Laptop.ovpn'
Thu Oct 24 07:58:47 2013 us=1000 mode = 0
Thu Oct 24 07:58:47 2013 us=1000 show_ciphers = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 show_digests = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 show_engines = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 genkey = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 key_pass_file = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 show_tls_ciphers = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 Connection profiles [default]:
Thu Oct 24 07:58:47 2013 us=1000 proto = udp
Thu Oct 24 07:58:47 2013 us=1000 local = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 local_port = 0
Thu Oct 24 07:58:47 2013 us=1000 remote = 'xxxxxx.dyndns.org'
Thu Oct 24 07:58:47 2013 us=1000 remote_port = 53
Thu Oct 24 07:58:47 2013 us=1000 remote_float = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 bind_defined = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 bind_local = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 connect_retry_seconds = 5
Thu Oct 24 07:58:47 2013 us=1000 connect_timeout = 10
Thu Oct 24 07:58:47 2013 us=1000 connect_retry_max = 0
Thu Oct 24 07:58:47 2013 us=1000 socks_proxy_server = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 socks_proxy_port = 0
Thu Oct 24 07:58:47 2013 us=1000 socks_proxy_retry = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 Connection profiles END
Thu Oct 24 07:58:47 2013 us=1000 remote_random = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 ipchange = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 dev = 'tun'
Thu Oct 24 07:58:47 2013 us=1000 dev_type = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 dev_node = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 lladdr = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 topology = 1
Thu Oct 24 07:58:47 2013 us=1000 tun_ipv6 = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 ifconfig_local = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 ifconfig_remote_netmask = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 ifconfig_noexec = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 ifconfig_nowarn = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 shaper = 0
Thu Oct 24 07:58:47 2013 us=1000 tun_mtu = 1500
Thu Oct 24 07:58:47 2013 us=1000 tun_mtu_defined = ENABLED
Thu Oct 24 07:58:47 2013 us=1000 link_mtu = 1500
Thu Oct 24 07:58:47 2013 us=1000 link_mtu_defined = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 tun_mtu_extra = 0
Thu Oct 24 07:58:47 2013 us=1000 tun_mtu_extra_defined = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 fragment = 0
Thu Oct 24 07:58:47 2013 us=1000 mtu_discover_type = -1
Thu Oct 24 07:58:47 2013 us=1000 mtu_test = 0
Thu Oct 24 07:58:47 2013 us=1000 mlock = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 keepalive_ping = 0
Thu Oct 24 07:58:47 2013 us=1000 keepalive_timeout = 0
Thu Oct 24 07:58:47 2013 us=1000 inactivity_timeout = 0
Thu Oct 24 07:58:47 2013 us=1000 ping_send_timeout = 0
Thu Oct 24 07:58:47 2013 us=1000 ping_rec_timeout = 0
Thu Oct 24 07:58:47 2013 us=1000 ping_rec_timeout_action = 0
Thu Oct 24 07:58:47 2013 us=1000 ping_timer_remote = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 remap_sigusr1 = 0
Thu Oct 24 07:58:47 2013 us=1000 explicit_exit_notification = 0
Thu Oct 24 07:58:47 2013 us=1000 persist_tun = ENABLED
Thu Oct 24 07:58:47 2013 us=1000 persist_local_ip = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 persist_remote_ip = DISABLED
Thu Oct 24 07:58:47 2013 us=1000 persist_key = ENABLED
Thu Oct 24 07:58:47 2013 us=1000 mssfix = 1450
Thu Oct 24 07:58:47 2013 us=1000 resolve_retry_seconds = 1000000000
Thu Oct 24 07:58:47 2013 us=1000 username = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 groupname = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 chroot_dir = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 cd_dir = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 writepid = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 up_script = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 down_script = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=1000 down_pre = DISABLED
Thu Oct 24 07:58:47 2013 us=328000 up_restart = DISABLED
Thu Oct 24 07:58:47 2013 us=328000 up_delay = DISABLED
Thu Oct 24 07:58:47 2013 us=328000 daemon = DISABLED
Thu Oct 24 07:58:47 2013 us=328000 inetd = 0
Thu Oct 24 07:58:47 2013 us=328000 log = DISABLED
Thu Oct 24 07:58:47 2013 us=328000 suppress_timestamps = DISABLED
Thu Oct 24 07:58:47 2013 us=328000 nice = 0
Thu Oct 24 07:58:47 2013 us=328000 verbosity = 6
Thu Oct 24 07:58:47 2013 us=328000 mute = 0
Thu Oct 24 07:58:47 2013 us=328000 gremlin = 0
Thu Oct 24 07:58:47 2013 us=328000 status_file = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=328000 status_file_version = 1
Thu Oct 24 07:58:47 2013 us=328000 status_file_update_freq = 60
Thu Oct 24 07:58:47 2013 us=328000 occ = ENABLED
Thu Oct 24 07:58:47 2013 us=328000 rcvbuf = 0
Thu Oct 24 07:58:47 2013 us=328000 sndbuf = 0
Thu Oct 24 07:58:47 2013 us=328000 sockflags = 0
Thu Oct 24 07:58:47 2013 us=328000 fast_io = DISABLED
Thu Oct 24 07:58:47 2013 us=359000 lzo = 7
Thu Oct 24 07:58:47 2013 us=359000 route_script = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=359000 route_default_gateway = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=359000 route_default_metric = 0
Thu Oct 24 07:58:47 2013 us=359000 route_noexec = DISABLED
Thu Oct 24 07:58:47 2013 us=359000 route_delay = 5
Thu Oct 24 07:58:47 2013 us=359000 route_delay_window = 30
Thu Oct 24 07:58:47 2013 us=359000 route_delay_defined = ENABLED
Thu Oct 24 07:58:47 2013 us=359000 route_nopull = DISABLED
Thu Oct 24 07:58:47 2013 us=359000 route_gateway_via_dhcp = DISABLED
Thu Oct 24 07:58:47 2013 us=359000 max_routes = 100
Thu Oct 24 07:58:47 2013 us=359000 allow_pull_fqdn = DISABLED
Thu Oct 24 07:58:47 2013 us=359000 management_addr = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=359000 management_port = 0
Thu Oct 24 07:58:47 2013 us=359000 management_user_pass = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=359000 management_log_history_cache = 250
Thu Oct 24 07:58:47 2013 us=391000 management_echo_buffer_size = 100
Thu Oct 24 07:58:47 2013 us=391000 management_write_peer_info_file = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=391000 management_client_user = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=391000 management_client_group = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=391000 management_flags = 0
Thu Oct 24 07:58:47 2013 us=391000 shared_secret_file = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=391000 key_direction = 0
Thu Oct 24 07:58:47 2013 us=391000 ciphername_defined = ENABLED
Thu Oct 24 07:58:47 2013 us=391000 ciphername = 'AES-128-CBC'
Thu Oct 24 07:58:47 2013 us=391000 authname_defined = ENABLED
Thu Oct 24 07:58:47 2013 us=391000 authname = 'SHA1'
Thu Oct 24 07:58:47 2013 us=391000 prng_hash = 'SHA1'
Thu Oct 24 07:58:47 2013 us=391000 prng_nonce_secret_len = 16
Thu Oct 24 07:58:47 2013 us=391000 keysize = 0
Thu Oct 24 07:58:47 2013 us=391000 engine = DISABLED
Thu Oct 24 07:58:47 2013 us=422000 replay = ENABLED
Thu Oct 24 07:58:47 2013 us=422000 mute_replay_warnings = DISABLED
Thu Oct 24 07:58:47 2013 us=422000 replay_window = 64
Thu Oct 24 07:58:47 2013 us=422000 replay_time = 15
Thu Oct 24 07:58:47 2013 us=422000 packet_id_file = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=422000 use_iv = ENABLED
Thu Oct 24 07:58:47 2013 us=422000 test_crypto = DISABLED
Thu Oct 24 07:58:47 2013 us=422000 tls_server = DISABLED
Thu Oct 24 07:58:47 2013 us=422000 tls_client = ENABLED
Thu Oct 24 07:58:47 2013 us=422000 key_method = 2
Thu Oct 24 07:58:47 2013 us=422000 ca_file = '[[INLINE]]'
Thu Oct 24 07:58:47 2013 us=422000 ca_path = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=422000 dh_file = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=422000 cert_file = '[[INLINE]]'
Thu Oct 24 07:58:47 2013 us=422000 priv_key_file = '[[INLINE]]'
Thu Oct 24 07:58:47 2013 us=422000 pkcs12_file = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=422000 cryptoapi_cert = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=437000 cipher_list = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=437000 tls_verify = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=437000 tls_export_cert = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=437000 tls_remote = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=437000 crl_file = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=437000 ns_cert_type = 64
Thu Oct 24 07:58:47 2013 us=437000 remote_cert_ku = 0
Thu Oct 24 07:58:47 2013 us=437000 remote_cert_ku = 0
Thu Oct 24 07:58:47 2013 us=437000 remote_cert_ku = 0
Thu Oct 24 07:58:47 2013 us=437000 remote_cert_ku = 0
Thu Oct 24 07:58:47 2013 us=437000 remote_cert_ku = 0
Thu Oct 24 07:58:47 2013 us=437000 remote_cert_ku = 0
Thu Oct 24 07:58:47 2013 us=437000 remote_cert_ku = 0
Thu Oct 24 07:58:47 2013 us=437000 remote_cert_ku = 0
Thu Oct 24 07:58:47 2013 us=437000 remote_cert_ku = 0
Thu Oct 24 07:58:47 2013 us=437000 remote_cert_ku = 0
Thu Oct 24 07:58:47 2013 us=469000 remote_cert_ku[i] = 0
Thu Oct 24 07:58:47 2013 us=469000 remote_cert_ku[i] = 0
Thu Oct 24 07:58:47 2013 us=469000 remote_cert_ku[i] = 0
Thu Oct 24 07:58:47 2013 us=469000 remote_cert_ku[i] = 0
Thu Oct 24 07:58:47 2013 us=469000 remote_cert_ku[i] = 0
Thu Oct 24 07:58:47 2013 us=469000 remote_cert_ku[i] = 0
Thu Oct 24 07:58:47 2013 us=469000 remote_cert_eku = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=469000 tls_timeout = 2
Thu Oct 24 07:58:47 2013 us=469000 renegotiate_bytes = 0
Thu Oct 24 07:58:47 2013 us=469000 renegotiate_packets = 0
Thu Oct 24 07:58:47 2013 us=469000 renegotiate_seconds = 3600
Thu Oct 24 07:58:47 2013 us=469000 handshake_window = 60
Thu Oct 24 07:58:47 2013 us=469000 transition_window = 3600
Thu Oct 24 07:58:47 2013 us=469000 single_session = DISABLED
Thu Oct 24 07:58:47 2013 us=469000 push_peer_info = DISABLED
Thu Oct 24 07:58:47 2013 us=469000 tls_exit = DISABLED
Thu Oct 24 07:58:47 2013 us=469000 tls_auth_file = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=500000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=500000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=500000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=500000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=500000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=500000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=500000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=500000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=500000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=500000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=500000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=500000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=515000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=515000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=515000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=515000 pkcs11_protected_authentication = DISABLED
Thu Oct 24 07:58:47 2013 us=515000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=515000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=515000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=515000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=515000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=515000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=531000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=531000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=531000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=531000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=547000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=547000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=547000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=547000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=547000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=547000 pkcs11_private_mode = 00000000
Thu Oct 24 07:58:47 2013 us=547000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=547000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=547000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=547000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=547000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=547000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=547000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=547000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=578000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=578000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=578000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=578000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=578000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=578000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=578000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=578000 pkcs11_cert_private = DISABLED
Thu Oct 24 07:58:47 2013 us=578000 pkcs11_pin_cache_period = -1
Thu Oct 24 07:58:47 2013 us=578000 pkcs11_id = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=578000 pkcs11_id_management = DISABLED
Thu Oct 24 07:58:47 2013 us=578000 server_network = 0.0.0.0
Thu Oct 24 07:58:47 2013 us=578000 server_netmask = 0.0.0.0
Thu Oct 24 07:58:47 2013 us=578000 server_bridge_ip = 0.0.0.0
Thu Oct 24 07:58:47 2013 us=578000 server_bridge_netmask = 0.0.0.0
Thu Oct 24 07:58:47 2013 us=609000 server_bridge_pool_start = 0.0.0.0
Thu Oct 24 07:58:47 2013 us=609000 server_bridge_pool_end = 0.0.0.0
Thu Oct 24 07:58:47 2013 us=609000 ifconfig_pool_defined = DISABLED
Thu Oct 24 07:58:47 2013 us=609000 ifconfig_pool_start = 0.0.0.0
Thu Oct 24 07:58:47 2013 us=609000 ifconfig_pool_end = 0.0.0.0
Thu Oct 24 07:58:47 2013 us=609000 ifconfig_pool_netmask = 0.0.0.0
Thu Oct 24 07:58:47 2013 us=609000 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=609000 ifconfig_pool_persist_refresh_freq = 600
Thu Oct 24 07:58:47 2013 us=609000 n_bcast_buf = 256
Thu Oct 24 07:58:47 2013 us=609000 tcp_queue_limit = 64
Thu Oct 24 07:58:47 2013 us=609000 real_hash_size = 256
Thu Oct 24 07:58:47 2013 us=609000 virtual_hash_size = 256
Thu Oct 24 07:58:47 2013 us=609000 client_connect_script = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=609000 learn_address_script = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=625000 client_disconnect_script = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=625000 client_config_dir = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=625000 ccd_exclusive = DISABLED
Thu Oct 24 07:58:47 2013 us=625000 tmp_dir = 'C:\Users\MIKEXA~1\AppData\Local\Temp\'
Thu Oct 24 07:58:47 2013 us=625000 push_ifconfig_defined = DISABLED
Thu Oct 24 07:58:47 2013 us=625000 push_ifconfig_local = 0.0.0.0
Thu Oct 24 07:58:47 2013 us=625000 push_ifconfig_remote_netmask = 0.0.0.0
Thu Oct 24 07:58:47 2013 us=625000 enable_c2c = DISABLED
Thu Oct 24 07:58:47 2013 us=625000 duplicate_cn = DISABLED
Thu Oct 24 07:58:47 2013 us=625000 cf_max = 0
Thu Oct 24 07:58:47 2013 us=625000 cf_per = 0
Thu Oct 24 07:58:47 2013 us=625000 max_clients = 1024
Thu Oct 24 07:58:47 2013 us=625000 max_routes_per_client = 256
Thu Oct 24 07:58:47 2013 us=625000 auth_user_pass_verify_script = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=640000 auth_user_pass_verify_script_via_file = DISABLED
Thu Oct 24 07:58:47 2013 us=640000 ssl_flags = 0
Thu Oct 24 07:58:47 2013 us=640000 client = ENABLED
Thu Oct 24 07:58:47 2013 us=640000 pull = ENABLED
Thu Oct 24 07:58:47 2013 us=640000 auth_user_pass_file = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=640000 show_net_up = DISABLED
Thu Oct 24 07:58:47 2013 us=640000 route_method = 0
Thu Oct 24 07:58:47 2013 us=640000 ip_win32_defined = DISABLED
Thu Oct 24 07:58:47 2013 us=640000 ip_win32_type = 3
Thu Oct 24 07:58:47 2013 us=640000 dhcp_masq_offset = 0
Thu Oct 24 07:58:47 2013 us=640000 dhcp_lease_time = 31536000
Thu Oct 24 07:58:47 2013 us=640000 tap_sleep = 0
Thu Oct 24 07:58:47 2013 us=640000 dhcp_options = DISABLED
Thu Oct 24 07:58:47 2013 us=640000 dhcp_renew = DISABLED
Thu Oct 24 07:58:47 2013 us=640000 dhcp_pre_release = DISABLED
Thu Oct 24 07:58:47 2013 us=640000 dhcp_release = DISABLED
Thu Oct 24 07:58:47 2013 us=671000 domain = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=671000 netbios_scope = '[UNDEF]'
Thu Oct 24 07:58:47 2013 us=671000 netbios_node_type = 0
Thu Oct 24 07:58:47 2013 us=671000 disable_nbt = DISABLED
Thu Oct 24 07:58:47 2013 us=671000 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Thu Oct 24 07:58:47 2013 us=671000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Oct 24 07:58:48 2013 us=77000 LZO compression initialized
Thu Oct 24 07:58:48 2013 us=77000 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Oct 24 07:58:48 2013 us=77000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Oct 24 07:58:48 2013 us=295000 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Oct 24 07:58:48 2013 us=295000 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Oct 24 07:58:48 2013 us=295000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Oct 24 07:58:48 2013 us=295000 Local Options hash (VER=V4): '66096c33'
Thu Oct 24 07:58:48 2013 us=295000 Expected Remote Options hash (VER=V4): '691e95c7'
Thu Oct 24 07:58:48 2013 us=295000 UDPv4 link local: [undef]
Thu Oct 24 07:58:48 2013 us=295000 UDPv4 link remote: xxxxxxxxxxx:53
Thu Oct 24 07:58:48 2013 us=295000 UDPv4 WRITE [14] to xxxxxxx7:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Oct 24 07:58:48 2013 us=295000 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Thu Oct 24 07:58:50 2013 us=542000 UDPv4 WRITE [14] to 76.110.180.37:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Oct 24 07:58:55 2013 us=3000 UDPv4 WRITE [14] to 7xxxxxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Oct 24 07:59:03 2013 us=864000 UDPv4 WRITE [14] to xxxxx:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Oct 24 07:59:19 2013 us=558000 UDPv4 WRITE [14] to 7xxxxxx7:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Oct 24 07:59:48 2013 us=340000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Oct 24 07:59:48 2013 us=340000 TLS Error: TLS handshake failed
Thu Oct 24 07:59:48 2013 us=340000 TCP/UDP: Closing socket
Thu Oct 24 07:59:48 2013 us=340000 SIGUSR1[soft,tls-error] received, process restarting
Thu Oct 24 07:59:48 2013 us=340000 Restart pause, 2 second(s)
Thu Oct 24 07:59:50 2013 us=353000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Oct 24 07:59:50 2013 us=353000 Re-using SSL/TLS context
Thu Oct 24 07:59:50 2013 us=353000 LZO compression initialized
Thu Oct 24 07:59:50 2013 us=353000 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Oct 24 07:59:50 2013 us=353000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Oct 24 07:59:50 2013 us=602000 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Oct 24 07:59:50 2013 us=602000 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Oct 24 07:59:50 2013 us=602000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Oct 24 07:59:50 2013 us=602000 Local Options hash (VER=V4): '66096c33'
Thu Oct 24 07:59:50 2013 us=602000 Expected Remote Options hash (VER=V4): '691e95c7'
Thu Oct 24 07:59:50 2013 us=602000 UDPv4 link local: [undef]
Thu Oct 24 07:59:50 2013 us=602000 UDPv4 link remote: xxxxxx:53
Thu Oct 24 07:59:50 2013 us=602000 UDPv4 WRITE [14] to xxxx:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Oct 24 07:59:50 2013 us=602000 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Thu Oct 24 07:59:52 2013 us=739000 UDPv4 WRITE [14] to xxxx:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Oct 24 07:59:57 2013 us=14000 UDPv4 WRITE [14] to xxxx7:53: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Oct 24 08:00:04 2013 us=876000 TCP/UDP: Closing socket
Thu Oct 24 08:00:04 2013 us=876000 SIGTERM[hard,] received, process exiting

mxavier2 · Post by **mxavier2** » Thu Oct 24, 2013 7:49 pm

Thanks for replying. UDP 53 is my preferance.

mxavier2 · Post by **mxavier2** » Thu Oct 24, 2013 8:20 pm

Here is the config. Keep in mind when I use UDP 1194 everything works fine.
client
dev tun
proto udp
remote xxxxxxx.dyndns.org 53
resolv-retry infinite
nobind
persist-key
persist-tun

ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 6
<ca>
-----BEGIN CERTIFICATE-----

Thanks again

mxavier2 · Post by **mxavier2** » Fri Oct 25, 2013 12:05 am

I believe this is the server config. If it is not, I have no idea where else to get it, but this came from the status page of my router, which is the server. My set up is OpenVPN on a DDWRT router (Netgear WNR2000 v2). When I use UDP 1194 on the client everything works flawlessly. I mainly VPN in using either my phone or Tablet. Please let me know what additional details you would like in order to help me.

Serverlog 20131024 19:23:56 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
20131024 19:23:56 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
20131024 19:23:56 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20131024 19:23:56 Diffie-Hellman initialized with 1024 bit key
20131024 19:23:56 Socket Buffers: R=[114688->131072] S=[114688->131072]
20131024 19:23:56 I TUN/TAP device tun2 opened
20131024 19:23:56 TUN/TAP TX queue length set to 100
20131024 19:23:56 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20131024 19:23:56 I /sbin/ifconfig tun2 10.0.1.1 netmask 255.255.255.0 mtu 1500 broadcast 10.0.1.255
20131024 19:23:56 I UDPv4 link local (bound): [undef]
20131024 19:23:56 I UDPv4 link remote: [undef]
20131024 19:23:56 MULTI: multi_init called r=256 v=256
20131024 19:23:56 IFCONFIG POOL: base=10.0.1.2 size=252 ipv6=0
20131024 19:23:56 IFCONFIG POOL LIST
20131024 19:23:56 I Initialization Sequence Completed
20131024 19:26:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131024 19:26:43 D MANAGEMENT: CMD 'state'
20131024 19:26:43 MANAGEMENT: Client disconnected
20131024 19:26:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131024 19:26:43 D MANAGEMENT: CMD 'state'
20131024 19:26:43 MANAGEMENT: Client disconnected
20131024 19:26:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131024 19:26:43 D MANAGEMENT: CMD 'state'
20131024 19:26:43 MANAGEMENT: Client disconnected
20131024 19:26:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131024 19:26:43 D MANAGEMENT: CMD 'status 2'
20131024 19:26:43 MANAGEMENT: Client disconnected
20131024 19:26:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131024 19:26:43 D MANAGEMENT: CMD 'log 500'
20131024 19:26:43 MANAGEMENT: Client disconnected
20131024 19:35:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131024 19:35:10 D MANAGEMENT: CMD 'state'
20131024 19:35:10 MANAGEMENT: Client disconnected
20131024 19:35:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131024 19:35:11 D MANAGEMENT: CMD 'state'
20131024 19:35:11 MANAGEMENT: Client disconnected
20131024 19:35:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131024 19:35:11 D MANAGEMENT: CMD 'state'
20131024 19:35:11 MANAGEMENT: Client disconnected
20131024 19:35:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131024 19:35:11 D MANAGEMENT: CMD 'status 2'
20131024 19:35:11 MANAGEMENT: Client disconnected
20131024 19:35:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131024 19:35:11 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00

mxavier2 · Post by **mxavier2** » Fri Oct 25, 2013 9:54 am

Debbie, I am just a bit unsure of what else you would like me to post. However I am willing to try,I will refer to that post you referenced again to see what else I might have missed. I take it those were not the server logs above?

mxavier2 · Post by **mxavier2** » Sat Oct 26, 2013 11:50 am

I feel like an idiot but hopefully is this what you were referring to? I got this from the Router's VPN page. Keep in mind the router is my server. If this is not the server config, then where do I get it from in this router? I have spent two days looking to see if I can locate it.
Thanks again.

OpenVPN Server/Daemon

OpenVPN Server/Daemon
OpenVPNEnable
Start TypeWAN Up System
Config asServer
Server modeRouter (TUN)
Network 10.0.1.0
Netmask 255.255.255.0
Port(Default: 1194)
Tunnel Protocol(Default: UDP)
Encryption Cipher AES-128 CBC
Hash Algorithm SHA1
Advanced Options Enable
TLS Cipher AES-128 SHA
LZO Compression Adaptive
Redirect default Gateway Enable
Allow Client to Client Enable
Allow duplicate cn Enable
Tunnel MTU setting 1500(Default: 1500)
Tunnel UDP Fragment blank
Tunnel UDP MSS-Fix Disable
CCD-Dir DEFAULT file blank (no values)
Client connect script blank (No Values)

Here is a link to the actual page in PDF Since the screen shots I was trying to take wasn't showing the entire set up
https://www.dropbox.com/s/22ri71zpube7k ... 20PPTP.pdf

mxavier2 · Post by **mxavier2** » Sat Oct 26, 2013 10:01 pm

I have a separate network using my phone's hotspot so I am scenario involving the internet as described in the first example and not in test mode. The VPN only works on 1194 but many hotspots block those making it almost useless and the need to change ports.

Thanks

mxavier2 · Post by **mxavier2** » Sun Oct 27, 2013 1:53 am

I'll try and let you know. Do I need any specific command for tcp 80 or 443 to 'open the firewall' or forward the ports, or should I use the ones in the original post and just change the port numbers and server from TCP instead of UDP? By that should I change the Server side to tcp 80 and leave it as such or will I need a command to forward the tcp 80 coming in to udp 1194 assuming it can be done or just have the server run on tcp80?

Thanks again Debbie

mxavier2 · Post by **mxavier2** » Fri Nov 08, 2013 2:43 am

So I could not get the tcp 80 working- VPN server would not start. TCP 443 worked OK. Back to the udp 53 option which is really what I want to work.

The IP table command below got me all the way to 'getting client configuration' from my android when I tried to connect using my phone, but never connected. However it also kills my internet connection on my router.

iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-port 1194
iptables -I INPUT -p udp --dport 53 -j ACCEPT

I read somewhere I need to bind something to my local network, but I have no clue what to do. I have got to think I am not the only one attempting to forward incoming UDP 53 traffic to my 1194 VPN default port. I know it is related to a command line, but I have no clue what to change or add. Anyone....

mxavier2 · Post by **mxavier2** » Sun Nov 10, 2013 12:04 am

Any help on this one? Again, I can't think I am the only wanting to run an Open VPN server Using port 53 forwarded to 1194. I am sure it is something to do with the IPtables script, but I am total novice when it comes to this. The best I have been able to do is copy the scripts I have found over various forums, but none has worked yet.

I appreciate any support on this one.

MX

mxavier2 · Post by **mxavier2** » Sun Nov 10, 2013 12:23 am

iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-port 1194
iptables -I INPUT -p udp --dport 53 -j ACCEPT

The script above almost worked, but the client would not fully connect, it got as far as authenticating and getting client config, but never did. Also at the same time, my router would no longer hand out addresses and I couldn't surf the net.

I read somewhere I redirected all my traffic to port 53 which caused the issue. The recommendation was to use this script:
iptables -t nat -A PREROUTING -p udp -d xxx.xxx.xxx.xxx -i appropriate_interface --dport 53 -j REDIRECT --to-port 1194

BUT, I don't know what I should be typing in for the xxxx's and do I need to add something where it says 'appropriate interface.

rainbow6 · Post by **rainbow6** » Sun Nov 17, 2013 4:13 pm

Make sure that you do not have anything running or listening to port 53 when you redirecting them.

The iptables should be set as follows:

iptables -t nat -A PREROUTING -p udp -d "your-server-ip" -i eth0 --dport 53 -j REDIRECT --to-port 1194

Or you can just set a range of ports

iptables -t nat -A PREROUTING -p udp --match multiport --dport 4000:10000 -j DNAT --to "your-server-ip:1194"

Cheers

mxavier2 · Post by **mxavier2** » Sun Nov 17, 2013 6:30 pm

Thanks, I'll let you know how it works. One question when you mention server, are you referring to the external IP, The Open VPN server address or the address where the router is on, which is an internal address?

Thanks again.

mxavier2 · Post by **mxavier2** » Sun Nov 17, 2013 9:06 pm

Tried both commands mentioned above and no success either way. I entered the local WAN's IP address, my external IP and 127.0.0.1 IP all without any luck. I do appreciate your input. Just so you know the server is a Cisco router with DDWRT firmware. I am beginning to suspect the issue is in the Router itself or the firmware is buggy. If that is not it, then it has to do with the mobile phone data hotspot through t-mobile, but it would be wiered if it works through port 1194 and not 53.

One last note; when I use the port forward feature on router and forward port 53 to 1194 , it gets all the way to authenticating and getting client configs but never finalizes the connection. The server actually shows the client; my Android phone running Arne Schwarbe's OPEN VPN for android connected and I am using the phone mobile data network to connect, but it never completes the connection. It is if the server isn't pushing the route the last bit of the way to the client. I am only surmising since all my Open VPN experience has been from Google and the different forums online. If I check 'do not pull routes from server' on the client it connects right away, but I can't connect to any parts of my server and the IP address does not change. Everything works fine if I tell the client to use 1194 as the port. I can post logs from Server and client so you can take a look.

Client Log below:
Sun Nov 17 15:54:43 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 17 15:54:43 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 AES128-SHA, 1024 bit RSA
Sun Nov 17 15:54:43 2013 [mxavier2] Peer Connection Initiated with ...
Sun Nov 17 15:54:45 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:54:50 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:54:56 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:55:01 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:55:06 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:55:11 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:55:16 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:55:21 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:55:26 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:55:31 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:55:36 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:55:41 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:55:46 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:55:51 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:55:56 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:56:01 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:56:06 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:56:11 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:56:16 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:56:22 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:56:27 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:56:32 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:56:37 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:56:42 2013 SENT CONTROL [mxavier2]: 'PUSH_REQUEST' (status=1)
Sun Nov 17 15:56:43 2013 [mxavier2] Inactivity timeout (--ping-restart), restarting
Sun Nov 17 15:56:43 2013 TCP/UDP: Closing socket
Sun Nov 17 15:56:43 2013 SIGUSR1[soft,ping-restart] received, process restarting
Sun Nov 17 15:56:43 2013 Restart pause, 2 second(s)
Sun Nov 17 15:56:45 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Nov 17 15:56:45 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Nov 17 15:56:45 2013 Re-using SSL/TLS context
Sun Nov 17 15:56:45 2013 LZO compression initialized
Sun Nov 17 15:56:45 2013 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Nov 17 15:56:45 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Nov 17 15:56:45 2013 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Nov 17 15:56:45 2013 Local Options hash (VER=V4): '66096c33'
Sun Nov 17 15:56:45 2013 Expected Remote Options hash (VER=V4): '691e95c7'
Sun Nov 17 15:56:45 2013 UDPv4 link local: [undef]
Sun Nov 17 15:56:45 2013 UDPv4 link remote: ...
Sun Nov 17 15:56:47 2013 TLS: Initial packet from ...:53, sid=a7b23e2d ace9d072
Sun Nov 17 15:56:48 2013 VERIFY OK: depth=1, /C=US/ST=FL/L=Pembroke_Pines/O=mxavier2/OU=changeme/CN=Mike_s_Server/name=changeme/emailAddress=...
Sun Nov 17 15:56:48 2013 VERIFY OK: depth=0, /C=US/ST=FL/L=Pembroke_Pines/O=mxavier2/OU=changeme/CN=mxavier2/name=changeme/emailAddress=...
Sun Nov 17 16:01:13 2013 [mxavier2] Inactivity timeout (--ping-restart), restarting
Sun Nov 17 16:01:13 2013 TCP/UDP: Closing socket
Sun Nov 17 16:01:13 2013 SIGUSR1[soft,ping-restart] received, process restarting
Sun Nov 17 16:01:13 2013 Restart pause, 2 second(s)
Sun Nov 17 16:01:15 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Nov 17 16:01:15 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Nov 17 16:01:15 2013 Re-using SSL/TLS context
Sun Nov 17 16:01:15 2013 LZO compression initialized
Sun Nov 17 16:01:15 2013 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Nov 17 16:01:15 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Nov 17 16:01:16 2013 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Nov 17 16:01:16 2013 Local Options hash (VER=V4): '66096c33'
Sun Nov 17 16:01:16 2013 Expected Remote Options hash (VER=V4): '691e95c7'
Sun Nov 17 16:01:16 2013 UDPv4 link local: [undef]
Sun Nov 17 16:01:16 2013 UDPv4 link remote: ...:53
Sun Nov 17 16:01:16 2013 TLS: Initial packet from ...:53, sid=143e9011 468ca34b
Sun Nov 17 16:01:16 2013 VERIFY OK: depth=1, /C=US/ST=FL/L=Pembroke_Pines/O=mxavier2/OU=changeme/CN=Mike_s_Server/name=changeme/emailAddress=...
Sun Nov 17 16:01:16 2013 VERIFY OK: depth=0, /C=US/ST=FL/L=Pembroke_Pines/O=mxavier2/OU=changeme/CN=mxavier2/name=changeme/emailAddress=...
Sun Nov 17 16:01:39 2013 TCP/UDP: Closing socket
Sun Nov 17 16:01:39 2013 SIGTERM[hard,] received, process exiting

Server Logs:
Serverlog 20131117 15:39:29 172.56.27.158:58414 VERIFY OK: depth=1 C=US ST=FL L=Pembroke Pines O=mxavier2 OU=changeme CN=Mike's Server name=changeme emailAddress=...
20131117 15:39:29 172.56.27.158:58414 NOTE: --mute triggered...
20131117 15:39:33 172.56.5.216:4229 5 variation(s) on previous 3 message(s) suppressed by --mute
20131117 15:39:33 N 172.56.5.216:4229 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 15:39:33 N 172.56.5.216:4229 TLS Error: TLS handshake failed
20131117 15:39:33 172.56.5.216:4229 SIGUSR1[soft tls-error] received client-instance restarting
20131117 15:40:27 N 172.56.27.158:58414 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 15:40:27 N 172.56.27.158:58414 TLS Error: TLS handshake failed
20131117 15:40:27 172.56.27.158:58414 SIGUSR1[soft tls-error] received client-instance restarting
20131117 15:40:33 172.56.27.158:14942 TLS: Initial packet from [AF_INET]...:14942 sid=e2aed238 e57a2254
20131117 15:40:34 172.56.27.158:14942 VERIFY OK: depth=1 C=US ST=FL L=Pembroke Pines O=mxavier2 OU=changeme CN=Mike's Server name=changeme emailAddress=...
20131117 15:40:34 172.56.27.158:14942 VERIFY OK: depth=0 C=US ST=FL L=Pembroke Pines O=mxavier2 OU=changeme CN=xtra1 name=changeme emailAddress=...
20131117 15:40:34 172.56.27.158:14942 NOTE: --mute triggered...
20131117 15:40:35 172.56.27.158:14942 5 variation(s) on previous 3 message(s) suppressed by --mute
20131117 15:40:35 I 172.56.27.158:14942 [xtra1] Peer Connection Initiated with [AF_INET]172.56.27.158:14942
20131117 15:40:35 I xtra1/172.56.27.158:14942 MULTI_sva: pool returned IPv4=175.6.1.3 IPv6=(Not enabled)
20131117 15:40:35 xtra1/172.56.27.158:14942 MULTI: Learn: 175.6.1.3 -> xtra1/172.56.27.158:14942
20131117 15:40:35 xtra1/172.56.27.158:14942 MULTI: primary virtual IP for xtra1/172.56.27.158:14942: 175.6.1.3
20131117 15:42:10 172.56.5.216:55302 TLS: Initial packet from [AF_INET]172.56.5.216:55302 sid=552871e1 638d21dc
20131117 15:42:12 172.56.5.216:55302 VERIFY OK: depth=1 C=US ST=FL L=Pembroke Pines O=mxavier2 OU=changeme CN=Mike's Server name=changeme emailAddress=...
20131117 15:42:12 172.56.5.216:55302 VERIFY OK: depth=0 C=US ST=FL L=Pembroke Pines O=mxavier2 OU=changeme CN=xtra1 name=changeme emailAddress=...
20131117 15:42:12 172.56.5.216:55302 NOTE: --mute triggered...
20131117 15:42:13 172.56.5.216:55302 5 variation(s) on previous 3 message(s) suppressed by --mute
20131117 15:42:13 I 172.56.5.216:55302 [xtra1] Peer Connection Initiated with [AF_INET]172.56.5.216:55302
20131117 15:42:13 MULTI: new connection by client 'xtra1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
20131117 15:42:13 I MULTI_sva: pool returned IPv4=175.6.1.3 IPv6=(Not enabled)
20131117 15:42:13 MULTI: Learn: 175.6.1.3 -> xtra1/172.56.5.216:55302
20131117 15:42:13 MULTI: primary virtual IP for xtra1/172.56.5.216:55302: 175.6.1.3
20131117 15:44:15 172.56.5.216:37850 TLS: Initial packet from [AF_INET]172.56.5.216:37850 sid=47461130 7845c827
20131117 15:45:15 N 172.56.5.216:37850 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 15:45:15 N 172.56.5.216:37850 TLS Error: TLS handshake failed
20131117 15:45:15 172.56.5.216:37850 SIGUSR1[soft tls-error] received client-instance restarting
20131117 15:45:18 172.56.5.216:11628 TLS: Initial packet from [AF_INET]172.56.5.216:11628 sid=d7aa6e34 023e7a5a
20131117 15:46:13 I xtra1/172.56.5.216:55302 [xtra1] Inactivity timeout (--ping-restart) restarting
20131117 15:46:13 xtra1/172.56.5.216:55302 SIGUSR1[soft ping-restart] received client-instance restarting
20131117 15:46:18 N 172.56.5.216:11628 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 15:46:18 N 172.56.5.216:11628 TLS Error: TLS handshake failed
20131117 15:46:18 172.56.5.216:11628 SIGUSR1[soft tls-error] received client-instance restarting
20131117 15:46:20 172.56.5.216:51807 TLS: Initial packet from [AF_INET]172.56.5.216:51807 sid=cd04374e 27e98da8
20131117 15:47:20 N 172.56.5.216:51807 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 15:47:20 N 172.56.5.216:51807 TLS Error: TLS handshake failed
20131117 15:47:20 172.56.5.216:51807 SIGUSR1[soft tls-error] received client-instance restarting
20131117 15:47:23 172.56.5.216:30379 TLS: Initial packet from [AF_INET]172.56.5.216:30379 sid=00cccb8e 14662507
20131117 15:48:23 N 172.56.5.216:30379 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 15:48:23 N 172.56.5.216:30379 TLS Error: TLS handshake failed
20131117 15:48:23 172.56.5.216:30379 SIGUSR1[soft tls-error] received client-instance restarting
20131117 15:48:25 172.56.5.216:45446 TLS: Initial packet from [AF_INET]172.56.5.216:45446 sid=2e36fa96 5f4bdb34
20131117 15:49:25 N 172.56.5.216:45446 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 15:49:25 N 172.56.5.216:45446 TLS Error: TLS handshake failed
20131117 15:49:25 172.56.5.216:45446 SIGUSR1[soft tls-error] received client-instance restarting
20131117 15:49:28 172.56.5.216:52309 TLS: Initial packet from [AF_INET]172.56.5.216:52309 sid=616504e4 4a49c817
20131117 15:50:28 N 172.56.5.216:52309 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 15:50:28 N 172.56.5.216:52309 TLS Error: TLS handshake failed
20131117 15:50:28 172.56.5.216:52309 SIGUSR1[soft tls-error] received client-instance restarting
20131117 15:50:31 172.56.5.216:49547 TLS: Initial packet from [AF_INET]172.56.5.216:49547 sid=fb471e1b dd9bae0f
20131117 15:51:31 N 172.56.5.216:49547 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 15:51:31 N 172.56.5.216:49547 TLS Error: TLS handshake failed
20131117 15:51:31 172.56.5.216:49547 SIGUSR1[soft tls-error] received client-instance restarting
20131117 15:51:33 172.56.5.216:26765 TLS: Initial packet from [AF_INET]172.56.5.216:26765 sid=e688c6ad cb3411e5
20131117 15:52:33 N 172.56.5.216:26765 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 15:52:33 N 172.56.5.216:26765 TLS Error: TLS handshake failed
20131117 15:52:33 172.56.5.216:26765 SIGUSR1[soft tls-error] received client-instance restarting
20131117 15:52:35 172.56.5.216:61110 TLS: Initial packet from [AF_INET]172.56.5.216:61110 sid=6e11a793 d3b387e9
20131117 15:53:35 N 172.56.5.216:61110 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 15:53:35 N 172.56.5.216:61110 TLS Error: TLS handshake failed
20131117 15:53:35 172.56.5.216:61110 SIGUSR1[soft tls-error] received client-instance restarting
20131117 15:53:38 172.56.5.216:34802 TLS: Initial packet from [AF_INET]172.56.5.216:34802 sid=fecfdd8c eecc4d13
20131117 15:54:38 N 172.56.5.216:34802 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 15:54:38 N 172.56.5.216:34802 TLS Error: TLS handshake failed
20131117 15:54:38 172.56.5.216:34802 SIGUSR1[soft tls-error] received client-instance restarting
20131117 15:54:40 172.56.5.216:33556 TLS: Initial packet from [AF_INET]172.56.5.216:33556 sid=c7bc17ac 96343d1c
20131117 15:54:42 172.56.5.216:33556 VERIFY OK: depth=1 C=US ST=FL L=Pembroke Pines O=mxavier2 OU=changeme CN=Mike's Server name=changeme emailAddress=...
20131117 15:54:42 172.56.5.216:33556 VERIFY OK: depth=0 C=US ST=FL L=Pembroke Pines O=mxavier2 OU=changeme CN=xtra1 name=changeme emailAddress=...
20131117 15:54:42 172.56.5.216:33556 NOTE: --mute triggered...
20131117 15:55:40 172.56.5.216:33556 4 variation(s) on previous 3 message(s) suppressed by --mute
20131117 15:55:40 N 172.56.5.216:33556 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 15:55:40 N 172.56.5.216:33556 TLS Error: TLS handshake failed
20131117 15:55:40 172.56.5.216:33556 SIGUSR1[soft tls-error] received client-instance restarting
20131117 15:56:47 172.56.5.216:36665 TLS: Initial packet from [AF_INET]172.56.5.216:36665 sid=43f51bf1 8d44aa2e
20131117 15:57:47 N 172.56.5.216:36665 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 15:57:47 N 172.56.5.216:36665 TLS Error: TLS handshake failed
20131117 15:57:47 172.56.5.216:36665 SIGUSR1[soft tls-error] received client-instance restarting
20131117 16:01:16 172.56.5.216:56448 TLS: Initial packet from [AF_INET]172.56.5.216:56448 sid=fa0ace23 018cc238
20131117 16:02:16 N 172.56.5.216:56448 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131117 16:02:16 N 172.56.5.216:56448 TLS Error: TLS handshake failed
20131117 16:02:16 172.56.5.216:56448 SIGUSR1[soft tls-error] received client-instance restarting
20131117 16:04:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131117 16:04:27 D MANAGEMENT: CMD 'state'
20131117 16:04:27 MANAGEMENT: Client disconnected
20131117 16:04:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131117 16:04:27 D MANAGEMENT: CMD 'state'
20131117 16:04:27 MANAGEMENT: Client disconnected
20131117 16:04:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131117 16:04:27 D MANAGEMENT: CMD 'state'
20131117 16:04:27 MANAGEMENT: Client disconnected
20131117 16:04:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131117 16:04:27 D MANAGEMENT: CMD 'status 2'
20131117 16:04:27 MANAGEMENT: Client disconnected
20131117 16:04:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20131117 16:04:27 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
Clientlog

rainbow6 · Post by **rainbow6** » Mon Nov 18, 2013 1:41 am

DD-WRT is another set of setup and frankly I don't you forward 53 on a DD-WRT as its also using that to listen for DNS request. Maybe you should run iptables -L -t nat and see what are your existing rules.

Why are you using 127.0.0.1 for listening? This should the IP that openvpn is listening. You are telling the firewall to forward 53 to 1194. Or replace 53 with a 389 (LDAP port) which should not be blocked by public wifi or change proto to tcp and use port 443, https.

However, on a side note, you will be better off to test configuration on a normal openvpn server running on linux/windows as this is a cleaner and controlled settings rather than start on a DDWRT which is already being heavily customized for routing purposes, unless you are very familiar with DDWRT operations.

mxavier2 · Post by **mxavier2** » Mon Nov 18, 2013 2:44 am

Thanks again for your help. A couple of notes; the 127.0.0.1 referenced below was only a question as to whether I should add that to the routing table in the place of the IP address since I wasn't sure what to enter as the IP address in your earlier suggestion. It is isn't listening on it now and I tried the router's wan IP and the external IP, neither worked.

I factory reset the router and ran the iptables -L -t nat command, it gave me back a few strings of data which I did not copy. I went ahead and reentered the vpn server settings, configs etc and then reran the IP table rule iptables -L -t nat, it returned absolutely no data. At this point I suspect the DD-WRT VPN may be a bit buggy. I will test out the 389 port and let you know if I have any success. The sad part is the set up works flawlessly on port 1194 with UDP.

Thanks again for your patience.

mxavier2 · Post by **mxavier2** » Mon Nov 18, 2013 11:01 am

Here are the IP tables outout from command iptables -t nat -vnL PREROUTING:

Chain PREROUTING (policy ACCEPT 265 packets, 17666 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT icmp -- * * 0.0.0.0/0 12.12.13.128 to:12.12.12.1
21 1088 DNAT tcp -- * * 0.0.0.0/0 12.12.13.128 tcp dpt:80 to:12.12.13.128:1194
0 0 DNAT tcp -- * * 0.0.0.0/0 12.12.13.128 tcp dpt:389 to:12.12.13.128:1194
1 42 DNAT udp -- * * 0.0.0.0/0 12.12.13.128 udp dpt:389 to:12.12.13.128:1194
0 0 DNAT udp -- * * 0.0.0.0/0 12.12.13.128 udp dpt:53 to:12.12.13.128:1194
0 0 DNAT tcp -- * * 0.0.0.0/0 12.12.13.128 tcp dpt:443 to:12.12.13.128:1194
38 4167 TRIGGER 0 -- * * 0.0.0.0/0 12.12.13.128 TRIGGER type:dnat match:0 relate:0
0 0 REDIRECT udp -- eth0 * 0.0.0.0/0 12.12.13.128 udp dpt:53 redir ports 1194
0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 12.12.13.128 tcp dpt:80 redir ports 1194
0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 12.12.13.128 tcp dpt:443 redir ports 1194

mxavier2 · Post by **mxavier2** » Mon Nov 18, 2013 11:04 am

Below is from this command iptables -iptables -vnL FORWARD:

pkts bytes target prot opt in out source destination
0 0 ACCEPT 47 -- * vlan2 12.12.12.0/24 0.0.0.0/0
0 0 ACCEPT tcp -- * vlan2 12.12.12.0/24 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT 0 -- tun2 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * tun2 0.0.0.0/0 0.0.0.0/0
893 248K lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
836 244K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
28 1432 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 12.12.13.128 tcp dpt:1194
0 0 ACCEPT tcp -- * * 0.0.0.0/0 12.12.13.128 tcp dpt:1194
0 0 ACCEPT udp -- * * 0.0.0.0/0 12.12.13.128 udp dpt:1194
0 0 ACCEPT udp -- * * 0.0.0.0/0 12.12.13.128 udp dpt:1194
0 0 ACCEPT tcp -- * * 0.0.0.0/0 12.12.13.128 tcp dpt:1194
0 0 TRIGGER 0 -- vlan2 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
57 3782 trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
50 3502 ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
7 280 logdrop 0 -- * * 0.0.0.0/0 0.0.0.0/0

OpenVPN Support Forum

Forward port 53 to 1194

Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194

Re: Forward port 53 to 1194